Get-Filly
HomeSolutionPricingAboutBlog
Log inRequest a demo
NLEN

Last updated: 18 juni 2026 · v1.1

Privacy statement

Get-Filly helps hospitality businesses fill smarter with AI marketing, automation, analytics and online visibility. To deliver our services, we process personal data of users, business owners and in some cases also guests of our customers. In this privacy statement we explain which data we process, why we do so, who we share data with, how long we retain data and which rights data subjects have.

Contents
  1. Who are we?
  2. Which data do we process?
  3. Why do we process this data?
  4. Automated analyses, Health Scores and profiling
  5. Use of external integrations
  6. Use of Google Business Profile data
  7. Use of Meta, Facebook and Instagram data
  8. Use of AI systems, Claude Code and Anthropic
  9. Who do we share data with?
  10. Transfers outside the European Economic Area
  11. How long do we retain data?
  12. How do we secure data?
  13. Cookies and measurement tools
  14. Your rights
  15. Withdrawing consent and deleting data
  16. Ownership of customer data
  17. Minors
  18. Data breaches and security reports
  19. Changes to this statement
  20. Contact and complaints

1. Who are we?

The data controller within the meaning of the General Data Protection Regulation, hereinafter: GDPR, is:

Data controllerGet-Filly, registered under Chamber of Commerce number 42068177
AddressSaxen Weimarlaan 44-2, 1075 CD Amsterdam
Emailinfo@get-filly.com
Phone+31 6 57737372
Supervisory authorityDutch Data Protection Authority

In this privacy statement, "Get-Filly", "we", "us" and "our" refer to Get-Filly. We are established in the Netherlands and are subject to Dutch law and the supervision of the Dutch Data Protection Authority.

2. Which data do we process?

We process various categories of data, depending on how you use Get-Filly.

2.1 Data about you as a user

When you create an account, log in or use our platform, we process among other things:

  • name
  • email address
  • phone number, if you enter it yourself
  • password, stored encrypted and hashed
  • role within the business, for example owner, manager or staff member
  • account settings
  • login times
  • usage data within the platform
  • communication with our support or sales team

We use this data among other things to create your account, give access to the platform, provide support and keep our services secure.

2.2 Data about your business

To make Get-Filly work properly, we process data about your business. This may include among other things:

  • name of the business
  • type of business, for example restaurant, hotel, lunchroom, wellness venue or other hospitality establishment
  • address, location and contact details
  • opening hours
  • website and publicly accessible website content
  • menu, cuisine style, signature dishes and price indications
  • reservation options
  • reservations, occupancy and visit moments, where connected or entered
  • review data, ratings, photos and texts visible on own or external channels
  • online visibility, findability and presence on external platforms
  • social media profiles and public social media content
  • connected tools and integrations, only when you activate them yourself

2.3 Data about your guests

When you connect a reservation system, import guest lists or use marketing features within Get-Filly, we may process personal data of your guests.

In that situation, you as the business owner are in principle the data controller within the meaning of the GDPR. You determine which personal data of your guests is collected, for which purposes it is used and how long it is retained.

Get-Filly acts as a processor here. We process guests' personal data solely on your instructions as a customer and according to your instructions.

With customers for whom we process guests' personal data, we conclude a data processing agreement in accordance with article 28 GDPR where legally required.

Guests' personal data may consist of, among other things:

  • name
  • email address
  • phone number
  • reservation history
  • visit frequency
  • date and time of reservations
  • preferences recorded by the business owner, such as dietary wishes, allergies, favourite table or special notes
  • marketing preferences, if applicable

The business owner remains responsible for having a valid legal basis for this processing and for informing guests about the use of their personal data. Get-Filly does not use guests' personal data for its own advertising purposes and does not sell this data to third parties.

2.4 AI usage data

When you use Get-Filly's AI features, we process data needed to run, secure and improve these features. This may consist of, among other things:

  • type of AI action, for example review reply, campaign proposal, menu analysis, website analysis, chat or reporting
  • entered prompts, questions, files or context
  • generated responses
  • AI models used
  • token usage
  • time of the request
  • connected business
  • error messages and technical metadata

As far as possible, we limit the amount of personal data sent to AI systems.

2.5 Technical data

When you use our website or platform, we automatically process certain technical data, such as:

  • IP address
  • browser and device type
  • operating system
  • pages visited
  • click behaviour within the platform
  • session data
  • error messages
  • log files
  • security events

We use this data for security, debugging, performance improvement and abuse prevention.

2.6 Analysis of public business information

Get-Filly can analyse publicly accessible business information to generate insights, scores and recommendations. This may relate to, among other things:

  • publicly accessible websites
  • technical website data, such as title tags, meta descriptions, loading speed and structured data
  • public reviews
  • public business listings
  • public social media profiles
  • public photos and texts
  • search engine results
  • platform listings such as Google, TripAdvisor, TheFork, OpenTable or similar services

These analyses are based on data that is publicly accessible or data for which the user has given consent via a connection or integration.

2.7 Payment, billing and banking data

For payments, billing and administration we process data needed to handle subscriptions, invoices and payments. This may consist of, among other things:

  • invoice data
  • company name and billing address
  • payment status
  • transaction IDs
  • subscription data
  • last four digits or limited payment method information when available via the payment provider
  • bank transaction data and payment references for administration and reconciliation

For online payments we use Stripe. For banking services and business bank administration we may use bunq B.V. Stripe and bunq may act as independent data controllers for certain processing, for example for legal obligations, fraud prevention, security, payment processing and their own administrative obligations.

3. Why do we process this data?

We only process personal data when there is a legal basis for it under the GDPR. When we rely on legitimate interest, we weigh our interest against the privacy interests of data subjects.

PurposeExamplesLegal basis
Create and manage accountlogin, user profile, rolesperformance of the contract
Deliver servicesAI suggestions, campaigns, analyses, dashboardsperformance of the contract
Health Scores and benchmark reportsonline visibility, reviews, website analysisperformance of the contract and legitimate interest
Connect integrationsGoogle, Meta, reservation systems, CRMperformance of the contract and consent where required
Process guest data on behalf of customerreservation data, guest lists, marketing actionsprocessor role; customer determines the basis
Payment and billingsubscriptions, invoices, payment statusperformance of the contract and legal obligation
Banking and administrative processingbank transactions, reconciliation, bookkeepinglegal obligation and legitimate interest
Security and fraud preventionlogs, IP address, abuse detectionlegitimate interest
Product improvementaggregated or anonymised analyseslegitimate interest
Marketing to usersnewsletters, product updatesconsent or legitimate interest, depending on context
Legal administrationtax retention obligationlegal obligation

4. Automated analyses, Health Scores and profiling

Get-Filly analyses data about businesses, online visibility, reviews, websites, reservations, marketing activities and other relevant signals to generate insights and recommendations. Automatically calculated scores may be used here, including:

  • Restaurant Health Scores
  • Potential Scores
  • Opportunity Scores
  • benchmark reports
  • visibility scores
  • marketing recommendations
  • revenue and occupancy insights

These scores are intended to give business owners insight into their digital presence, marketing potential and improvement opportunities. The scores are advisory in nature. They do not automatically lead to legal, financial or similarly significant consequences for individuals.

Get-Filly does not use these scores to assess, rank or make decisions about individual guests. Users can always ask for additional explanation about how analyses and recommendations are produced.

5. Use of external integrations

Get-Filly can be connected to external services, including among others: Google Business Profile, Google Analytics, Google Ads, Meta, Facebook, Instagram, TikTok, reservation systems, CRM systems, email marketing platforms, payment systems and bookkeeping and banking services.

We only obtain access to data for which the user has given consent or that is necessary for the functionality activated by the user. Per integration, the platform indicates where possible:

  • which data is retrieved
  • for which purpose this data is used
  • which rights or permissions are requested
  • how the connection can be revoked

We do not request access to data that is not needed for the functionality we offer.

6. Use of Google Business Profile data

When you choose to connect your Google Business Profile to Get-Filly, we obtain access to certain data from your business profile via official Google APIs. Depending on the consent you have given, we may retrieve among other things the following data:

  • business name
  • profile information
  • address and contact details
  • opening hours
  • categories and attributes of the business
  • reviews and ratings
  • photos and media files
  • location data
  • performance and visibility data, where available via the relevant API

We use Google Business Profile data solely to deliver, manage and improve the Get-Filly features for which you have given consent. This may consist of, among other things:

  • calculating Health Scores, Potential Scores and benchmark reports;
  • analysing online visibility, findability, reviews, ratings, photos, business information and profile activity;
  • showing improvement advice and optimisation proposals;
  • providing insight into trends, historical developments and performance of your Google Business Profile;
  • preparing and carrying out optimisations to your Google Business Profile, insofar as you explicitly give consent for this;
  • replying to reviews, manually or automatically, if you have activated this feature;
  • drafting, scheduling or publishing Google Posts, offers, updates or other business communication, if you have activated this feature;
  • supplementing, correcting or standardising business data, such as business name, categories, opening hours, contact details, website, menu information, services, attributes and descriptions;
  • adding, managing or optimising photos, menu information, products, services or other profile components;
  • flagging missing, inconsistent or outdated information in your business profile;
  • monitoring new reviews, changes, performance and other relevant events within your Google Business Profile;
  • comparing your performance with similar businesses, solely based on aggregated and anonymised data that is not traceable to an individual other business.

6.1 Storage and security of Google data

Data we retrieve via the Google APIs is stored encrypted (both in transit and at rest). Access to this data is limited to authorised personnel who need the data to deliver our service. Get-Filly uses a multi-tenant architecture in which each customer's data and access tokens are stored logically separated and isolated, so that the data of one business is never accessible to another. Access tokens are stored encrypted and used solely for the specific connection for which you have given consent.

6.2 Retention period

We do not retain the data retrieved via Google longer than necessary for the purposes described above. When you disconnect a connected Google Business Profile, the associated access tokens are revoked immediately and the stored Google Business Profile data is deleted from our systems within 30 days, except for data we are legally required to retain longer.

6.3 Statements about the use of Google data

  • We do not sell Google data to third parties.
  • We do not use Google data for third-party advertising purposes.
  • We do not use Google data to train public AI models.
  • We do not share Google data with advertising networks or data brokers.
  • We do not change any data within your Google Business Profile without an explicit action, approval, setting or instruction from you as the user.

The use and transfer of information that Get-Filly receives via Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Get-Filly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

For features where Get-Filly can perform actions automatically, such as replying to reviews, publishing posts or updating profile data, these are only carried out when you deliberately activate the feature or give prior consent for it.

6.4 Revoking Google access

You can disconnect a connected Google Business Profile at any time via the Get-Filly dashboard or via your Google account. After disconnection we no longer retrieve new data via that connection and connected tokens are revoked or deleted as described above.

In addition, you can manage or revoke the consent you have given directly via your Google account: myaccount.google.com/permissions. Revoking consent does not affect data that has already been lawfully processed before the moment of revocation.

7. Use of Meta, Facebook and Instagram data

When you choose to connect your Meta, Facebook or Instagram account to Get-Filly, we obtain access solely to the data and features for which you have given consent via the official Meta APIs.

Depending on the connected integration, we may obtain access to, among other things:

  • account name and profile information;
  • business information of connected Facebook or Instagram pages;
  • connected pages, Instagram Business accounts and business assets for which you have management rights;
  • public messages, posts, stories, reels, photos and videos;
  • drafts, scheduled content or published content, where available via the relevant API;
  • reactions, comments, likes, shares and other engagement data;
  • follower, reach and performance statistics;
  • campaign, content and audience insights, where available via the relevant API;
  • messages, reactions or other interactions, if you explicitly give consent for this and this feature is supported by Get-Filly;
  • technical metadata needed to make the connection work safely and correctly.

We use this data and these features solely to deliver, manage and improve the Get-Filly features for which you have given consent. This may consist of, among other things:

  • calculating Health Scores, Potential Scores and benchmark reports;
  • providing insight into social media performance, reach, engagement, content activity and growth opportunities;
  • analysing online visibility, content quality, posting frequency and audience interaction;
  • showing marketing insights, improvement advice and optimisation proposals;
  • preparing, generating and improving social media content with the help of AI;
  • drafting, scheduling and publishing Facebook and Instagram posts, stories, reels, updates or other content on behalf of your business, if you activate this feature;
  • editing, supplementing or deleting drafts, scheduled posts or content, solely when you instruct us to do so;
  • replying to, moderating or managing reactions or interactions, if you activate this feature;
  • monitoring the performance of published content;
  • comparing your social media performance with similar businesses, insofar as this is done based on permitted, aggregated or lawfully obtained data;
  • flagging missing, inconsistent or outdated information on connected Facebook or Instagram profiles.

We do not sell Meta, Facebook or Instagram data to third parties.

We do not use this data for third-party advertising purposes.

We do not use this data to train public AI models.

We do not share this data with advertising networks or data brokers.

We do not publish, change, schedule, reply to, moderate or delete content on your Meta, Facebook or Instagram account without an explicit action, approval, setting or instruction from you as the user.

For features where Get-Filly can perform actions automatically, such as publishing pre-approved posts, scheduling content or replying to reactions, these are only carried out when you deliberately activate the feature or give prior consent for it.

When content is published via Get-Filly on Facebook, Instagram or other Meta platforms, this is done on behalf of the connected business or the connected account of the customer. The customer remains responsible for the content, accuracy, timing, lawfulness and consequences of published content.

You can remove a connected Meta, Facebook or Instagram integration at any time via the Get-Filly dashboard or via the settings of your Meta, Facebook or Instagram account. After disconnection we no longer retrieve new data via that connection and connected tokens are revoked or deleted according to our retention policy.

When Meta forwards a data deletion request to Get-Filly, or when you request deletion yourself, we delete the data associated with the relevant Meta integration, unless we are legally required to retain certain data longer.

8. Use of AI systems, Claude Code and Anthropic

Get-Filly uses AI systems to enable features such as: response generation within the Filly model, campaign proposals, review replies, menu analyses, website analyses, reports, chat features, internal quality control and code and development support.

For these features we may use services from Anthropic, PBC, including Claude, Claude Code and/or the Anthropic API.

When you use AI features, the content of your question, relevant business context, files, prompts, instructions, generated responses and technical metadata may be sent to and processed in Anthropic's systems. This means that data needed for response generation may technically end up in Anthropic's systems, storage environments or databases, insofar as necessary to deliver the AI service, ensure security, detect abuse or comply with applicable terms and legal obligations.

Insofar as we use Claude Code for response generation, analysis or development support within the Filly model, the same limitation applies: we provide only data that is reasonably necessary for the relevant feature and try to limit or pseudonymise personal data as much as possible.

8.1 No training of public AI models

Get-Filly does not use customer data to train public AI models. Insofar as we use external AI suppliers, we do so solely under terms that fit business services and data protection. We do not allow customer data to be used to train public AI models, unless a customer separately, in advance and explicitly agrees to this.

8.2 Human oversight

AI output may contain errors, be incomplete or be based on incorrect context. Users remain responsible for checking AI output before using it for:

  • marketing campaigns
  • communication with guests
  • publication on websites or social media channels
  • business decisions
  • pricing, menu or operational choices

Get-Filly does not guarantee that AI output is always complete, accurate, up to date or suitable for a specific purpose.

9. Who do we share data with?

We only share personal data with parties when this is necessary to deliver our services, when you activate an integration, or when we are legally required to do so.

9.1 Sub-processors and service providers

With parties that act as a processor, we conclude a data processing agreement where required. Some parties, such as Stripe, bunq, Google and Meta, may also act as independent data controllers for certain processing, for example for legal obligations, fraud control, security, payment transactions, platform management or their own services. In that case their own privacy policy also applies.

PartyFunctionLocation / transfer
Supabase, Inc.Database, authentication and file storageEU region where possible
Anthropic, PBCAI models, Claude, Claude Code, response generation and analysisUnited States / international, with appropriate safeguards
Resend, Inc.Transactional and marketing emailsEU/United States, depending on configuration
Vercel, Inc.Hosting of website and dashboardEU region where possible / international
StripePayments, payment statuses, subscriptions and billingEU/United States / international
bunq B.V.Banking services, business account, payment administrationNetherlands/EU
GoogleOnly when the user activates the Google integrationDepending on Google services and settings
Meta PlatformsOnly when the user activates the Meta, Facebook or Instagram integrationDepending on Meta services and settings

We do not sell personal data. We do not share personal data with third-party advertising networks for their own advertising purposes.

10. Transfers outside the European Economic Area

Some service providers or platforms we use are established outside the European Economic Area, for example in the United States. When personal data is transferred outside the European Economic Area, we ensure an appropriate transfer mechanism. Depending on the situation, this may be:

  • an adequacy decision from the European Commission
  • certification under the EU-U.S. Data Privacy Framework
  • EU standard contractual clauses
  • additional technical and organisational measures
  • another valid basis under the GDPR

We assess per supplier which safeguards apply and record these contractually where necessary.

11. How long do we retain data?

We do not retain personal data longer than necessary for the purposes for which it was collected, unless we are legally required to retain data longer. After the retention periods expire, we delete or anonymise data. Aggregated and anonymous statistics, which are not traceable to individuals or customers, may be retained longer for product improvement, benchmarking and trend analysis.

Type of dataRetention period
Account dataduration of the subscription + a maximum of 1 year after termination
Customers' guest dataaccording to the customer's settings; by default a maximum of 2 years after the last visit
Reservation, review and campaign resultsduration of the subscription + a maximum of 1 year
Health Score and benchmark dataduration of the subscription + a maximum of 1 year
OAuth tokens and integration dataas long as the integration is active; after disconnection tokens are revoked or deleted
Google and Meta integration dataas long as necessary for the connected feature or until deletion/disconnection
AI usage logsa maximum of 24 months for cost control, security and debugging
AI content at external AI suppliersaccording to the contractual terms and retention periods of the relevant supplier
Invoices and payment administration7 years due to the tax retention obligation
Banking and payment dataas long as needed for administration, reconciliation and legal obligations
Security logs and error messagesa maximum of 12 months, unless needed longer for investigation
Marketing preferencesuntil you unsubscribe, plus registration of withdrawal where necessary

12. How do we secure data?

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. Our measures include among other things:

  • encryption in transit via TLS
  • encryption of sensitive data where appropriate
  • hashing of passwords
  • role-based access control
  • row-level security or similar separation between customer environments
  • logging of important actions
  • restriction of access to production environments
  • secure storage of API keys, OAuth tokens and secrets
  • periodic backups
  • security monitoring
  • internal procedures for incidents and data breaches
  • data processing agreements with relevant suppliers

OAuth tokens and API keys are stored securely and are only accessible to systems and staff who need them to perform the services.

13. Cookies and measurement tools

We use functional cookies that are necessary to make our website and platform work properly, for example for login, session management and security.

For non-essential cookies, such as analytical cookies or marketing cookies, we ask for consent where this is legally required. When we use tools in the future such as Google Analytics, Meta Pixel, TikTok Pixel or similar tracking technologies, we will clearly state this in our cookie statement and ask for prior consent where necessary.

We do not place third-party tracking cookies for advertising purposes without valid consent.

14. Your rights

Under the GDPR you have various rights regarding your personal data. You have, among other things, the right to:

  • access to the personal data we process about you
  • rectification of incorrect or incomplete data
  • erasure of data
  • restriction of processing
  • data portability
  • object to processing based on legitimate interest
  • withdrawal of consent given earlier
  • human intervention where there would be solely automated decision-making with legal or similarly significant consequences

You can submit a request via: info@get-filly.com. We respond in principle within 30 days.

When a request concerns personal data of guests that we process on behalf of a customer, we may forward the request to the relevant customer or handle it in consultation with the customer, because the customer is the data controller in that situation.

15. Withdrawing consent and deleting data

You can withdraw consent for integrations or data processing by:

  • removing an integration in the Get-Filly dashboard
  • revoking access via the external platform, such as Google, Meta, Facebook or Instagram
  • contacting us via info@get-filly.com

After withdrawal of an integration we no longer retrieve new data via that connection. We delete data that has already been processed when a valid request for this is submitted, unless we still need to retain this data due to legal obligations, contractual obligations, security, disputes or legitimate administrative reasons.

16. Ownership of customer data

Data supplied by customers or processed via connections on behalf of customers remains the property of the relevant customer or rights holder. Get-Filly only obtains the usage rights needed to perform the agreed services. Get-Filly does not claim ownership of:

  • reservation data
  • guest data
  • customer lists
  • marketing campaigns
  • photos
  • reviews
  • reports
  • business data
  • connected platform data

17. Minors

Our services are aimed at business users and are not intended for persons under 16 years of age. We do not knowingly collect personal data of minors as direct users of our platform. When data of minors appears in a customer's guest data, Get-Filly processes it solely as a processor on the instructions of the relevant customer.

18. Data breaches and security reports

When a security incident occurs that may affect personal data, we act in accordance with our internal data breach procedure and the applicable legal reporting obligations. If necessary, we report a data breach to the Dutch Data Protection Authority and/or inform data subjects.

Did you discover a vulnerability or security issue? Report it via info@get-filly.com with the subject "Security report". We take security reports seriously and investigate reports as soon as possible.

19. Changes to this statement

We may change this privacy statement from time to time, for example when we add new features, offer new integrations, use other suppliers or when laws and regulations change. In the event of material changes, we inform existing customers via email, the dashboard or another appropriate way. The date at the top of this statement indicates when the statement was last updated.

20. Contact and complaints

For questions about this privacy statement, privacy requests or concerns about the processing of personal data, you can contact:

  • Get-Filly
  • Address: Saxen Weimarlaan 44-2, 1075 CD Amsterdam
  • Email: info@get-filly.com
  • Phone: +31 6 57737372
  • Chamber of Commerce: 42068177

Do you disagree with how we process your personal data and can we not work it out together? Then you have the right to file a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl.

Get-Filly
Product
SolutionHow it worksPricing
Company
AboutBlogContactTeam
Legal
Privacy policyTermsGovernment requests policyCookies
© 2026 Get-Filly. All rights reserved.Built in the Netherlands