Security & Privacy

Overview

We are committed to protecting your data with industry-leading security practices. Our platform is designed with privacy and safety at its core.

Company Information

Instafill.ai is a product of BOTMAKERS LLC, a family-owned technology company founded in 2017. Botmakers LLC is registered in the State of Delaware with its principal office at: 2093 Philadelphia Pike #1986, Claymont, DE 19703, United States.

The company is independently operated by its founders, Oleksandr Gamaniuk and Viktoriia Perminova, who lead all product development and operations.

Authentication & Access

We support multiple secure authentication methods to ensure every user’s identity is verified appropriately.

• Email Sign-Up: When users register with an email address, we enforce account verification by sending a one-time code to the provided email. Access is granted only after successful verification.
• Social Login (Google and Microsoft): When users sign in with Google or Microsoft accounts, authentication is handled directly by those providers. These platforms support and manage their own multi-factor authentication (2FA) systems, which can be enforced at the account level.
• Two-Factor Authentication (2FA): Instafill.ai offers optional two-factor authentication to add an extra layer of security. When enabled, signing in requires both a password and a one-time SMS verification code. Organization owners can enforce 2FA for all members, ensuring comprehensive workspace protection.

We rely on these trusted identity providers to authenticate users securely and to benefit from their built-in support for identity protection, fraud detection, and 2FA enforcement.

Encryption In Transit

All data transmitted between users and our systems is encrypted using Transport Layer Security (TLS) 1.2 or higher. This ensures that sensitive information such as authentication details, form data, and uploaded files are protected from interception or tampering during transmission.

Our infrastructure is hosted on Microsoft Azure, with files stored in a secure Microsoft data center located at 5150 Rogers Rd, San Antonio, TX, USA. Both data in transit and at rest are encrypted using industry-standard protocols and encryption methods, including TLS for data transfer and AES-256 for data storage.

Data Ownership & Control

• You own your data. All data uploaded or processed through Instafill.ai remains fully owned and controlled by you.
• No internal access. No one at Botmakers LLC has access to view, edit, or manually inspect your data. All processing is handled automatically and securely.
• No AI training on your data. We do not use any customer data—form contents, uploaded documents, or processed outputs—for training AI models or improving algorithms.
• Data stays in the U.S. By default, all data is stored and processed within the United States. For enterprise customers, we offer the option to deploy secure environments in other supported regions via Microsoft Azure. The full list of Azure geographies is available here.
• Export and deletion on request. Users can request a full export or permanent deletion of their data at any time by contacting our support team.

We are committed to providing complete transparency and control over your data.

Data Retention Policy

We retain customer data only for as long as necessary to provide services or as required by law. Temporary data generated during document processing is automatically deleted within 2 business days. Users may request deletion of their data at any time.

Monitoring & Audit

• System Monitoring: We monitor our infrastructure and application health 24/7 using automated tools that track uptime, performance, and unexpected behavior. Alerts are triggered for critical events or failures.
• Access Logging: All access to systems, APIs, and user data processing activities is logged. These logs include timestamped details such as origin, action type, and access level, and are retained for audit and compliance purposes.
• Internal Access Controls: Admin actions within our platform are logged and limited to authorized personnel operating under strict access policies. No internal access to customer data is permitted.
• Audit Support: Upon request, enterprise clients can receive summaries of relevant audit logs or compliance-related activity reports, subject to data protection rules.

These practices help us maintain system integrity, provide accountability, and comply with industry security standards.

Incident Response Plan

• Detection and Logging: We use an internal logging system to monitor and record activity across our infrastructure. This allows us to detect anomalies, system failures, or unauthorized access attempts in real time.
• Response: If a security incident is detected, our team investigates immediately to determine the scope and impact. We isolate affected components, mitigate any vulnerabilities, and restore normal operations as quickly as possible.
• Notification: If an incident affects customer data or service availability, we will notify impacted users promptly, providing transparent updates and recommended actions if necessary.
• Review: All incidents are reviewed internally after resolution to improve our detection systems, response procedures, and overall platform security.

This process helps us maintain platform integrity and fulfill our commitment to protecting user data.

Contact & Reporting Security Issues

If you believe you’ve discovered a security issue in our platform, please contact us immediately at [email protected]. We take all disclosures seriously and investigate promptly.