Last updated: April 2026
This Privacy Policy explains how Creator Business OS Ltd ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use Filssi and its associated services.
Filssi is a software platform owned and operated by Creator Business OS Ltd, a company registered in England and Wales under company number 17168418, with registered office at 18 Bordesley Road, Morden, London, SM4 5LR, United Kingdom. Further information about Creator Business OS Ltd is available at www.creatorbusinessos.com.
This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).
Creator Business OS Ltd is registered with the UK Information Commissioner's Office (ICO), registration number: ZC138753. Our VAT registration number is 518 2826 81.
We are committed to protecting your privacy and ensuring that your personal data is handled responsibly, transparently, and in accordance with all applicable data protection legislation. This Policy should be read alongside our Terms and Conditions, Data Processing Agreement, and Cookie Policy.
Creator Business OS Ltd is the Data Controller for personal data we collect about you as a user of our platform — for example, your account information, contact details, and usage data.
When you use the Filssi Service to process personal data of your own clients, customers, employees, or other third parties, you act as the Data Controller for that business data, and Creator Business OS Ltd acts as your Data Processor. We process that data only on your documented instructions and in accordance with our Data Processing Agreement (DPA) and applicable law.
If you have any questions about this Privacy Policy or our data practices, please contact us using the details above.
We collect and process the following categories of personal data, depending on how you use the Service:
When you register for an account, we collect:
When you use our financial management features, the following data may be stored within the Service:
We automatically collect certain information about how you interact with the Service:
We use cookies and similar technologies to facilitate your use of the Service. For detailed information, see Section 11 (Cookies Policy).
We process your personal data only where we have a lawful basis to do so under the UK GDPR. The table below sets out the purposes for which we process your data and the corresponding legal basis:
| Purpose | Legal Basis (UK GDPR Article 6) |
|---|---|
| Providing and operating the Service — account management, invoicing, payroll, accounting, CRM, and all platform features | Contract performance (Art. 6(1)(b)) — Processing necessary to perform our contract with you |
| Processing subscription payments and billing | Contract performance (Art. 6(1)(b)) — Processing necessary to fulfil billing obligations |
| Sending transactional emails (invoices, notifications, account updates, trial communications) | Contract performance (Art. 6(1)(b)) — Communications necessary for service delivery |
| Ensuring platform security, preventing fraud, and monitoring for abuse | Legitimate interests (Art. 6(1)(f)) — Our legitimate interest in maintaining a secure platform |
| Analysing usage patterns to improve the Service | Legitimate interests (Art. 6(1)(f)) — Our legitimate interest in developing and improving the Service |
| Sending marketing communications and product updates | Consent (Art. 6(1)(a)) — Only with your explicit opt-in consent, which you may withdraw at any time |
| Maintaining financial records for tax, audit, and legal purposes | Legal obligation (Art. 6(1)(c)) — We are legally required to retain certain records |
| Responding to legal requests and complying with court orders or regulatory obligations | Legal obligation (Art. 6(1)(c)) — Processing necessary to comply with legal obligations |
Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 10).
Where customers use the payroll features within Filssi, the Service may process personal data relating to employees of the Customer. In this context, the Customer is the Data Controller and Creator Business OS Ltd is the Data Processor of that employee data.
Payroll-related personal data processed through the Service may include:
As Data Processor, Creator Business OS Ltd processes employee data only on the instructions of the Customer (Data Controller). Customers are responsible for ensuring they have a lawful basis to process their employees' personal data and for maintaining appropriate employee-facing privacy notices in their own right.
Creator Business OS Ltd processes employee data solely to provide the payroll functionality within Filssi. We do not use employee data for any other purpose.
Where you configure RTI (Real Time Information) payroll submission, you may provide GovTalk credentials comprising a SenderID (your PAYE reference or Government Gateway user ID) and an authentication value (your PAYE Online password). These credentials are used exclusively to submit Full Payment Submissions (FPS) and Employer Payment Summaries (EPS) to HMRC on your behalf via HMRC's XML Transaction Engine channel.
Your PAYE Online authentication value is protected as follows:
The GovTalk SenderID corresponds to your PAYE reference and is not itself a secret (it appears in HMRC correspondence and payslips). The authentication value (password) is the sensitive component and is handled as described above.
Filssi maintains immutable, append-only audit logs of all RTI submissions made through the platform. For every FPS, EPS, or poll request, the following is recorded:
These audit logs are accessible to authorised administrators within the platform (Settings → Audit Log, filtered to module: RTI) and cannot be amended or deleted by users. The XML business payload submitted to HMRC (which contains no credentials) is also retained in the submission record for regulatory compliance purposes.
Audit log records for RTI submissions are retained for seven years from the end of the relevant tax year, in accordance with HMRC statutory record-keeping requirements.
As Data Processor, Creator Business OS Ltd will assist Customers (Data Controllers) in responding to data subject requests relating to employee personal data held within Filssi. Where a Customer requests deletion of an employee's data, we will carry out that deletion subject to statutory retention requirements.
Certain records — including historical payslips, P60 certificates, RTI submission logs, and payroll journals — must be retained for the seven-year period required by HMRC even after employment ends or after account cancellation. Outside of the statutory retention period, employee payroll data is deleted securely upon the Customer's written instruction.
Customers seeking a structured export of employee payroll data, or wishing to exercise data subject rights on behalf of their employees, should contact us at privacy@filssi.com.
We share your personal data only with trusted third-party service providers ("sub-processors") who assist us in operating the Service. Each sub-processor is bound by a data processing agreement that requires them to protect your data in accordance with UK GDPR.
We use Stripe to process subscription payments and manage billing. Stripe receives payment information directly and is PCI DSS Level 1 certified. We do not store full card details on our servers. Stripe's privacy policy is available at stripe.com/privacy.
We use Resend to deliver transactional emails including invoices, payment confirmations, account notifications, and system alerts. Resend processes your email address and the content of transactional communications on our behalf.
Your application data is stored in a PostgreSQL database hosted by Neon. All data is encrypted at rest and in transit using industry-standard protocols. Neon provides enterprise-grade security and is subject to data protection contractual obligations.
When you use the receipt or invoice scanning feature, document images are sent to OCR.space for optical character recognition. Documents are processed in real time and are not permanently stored by OCR.space following processing.
Where the AP email capture feature is enabled, inbound emails sent to your assigned capture address are processed by Mailgun on our behalf. Email content (including any attached documents) is passed through our processing pipeline and then discarded by Mailgun. We retain only the extracted data and original document relevant to the AP bill created.
When you use the AI Specialists feature ("Ask Alex", "Ask Morgan", etc.), Filssi sends a limited snapshot of your company's contextual data — including your business name, reporting currency, subscription plan, and your name and role — to an AI model provided by OpenAI, accessed via Replit's AI Integration infrastructure. This context is used solely to personalise the AI's responses and is not retained by OpenAI or Replit for model training under our integration agreement.
AI Specialists process your queries and company context on the basis of our legitimate interest in providing an intelligent, context-aware assistant within the platform. You may choose not to use the AI Specialists feature entirely; doing so does not affect your access to any other part of the Service.
The AI Specialists feature constitutes automated processing as defined in Article 22 of the UK GDPR. However, it does not produce legally or similarly significant decisions about you — all outputs are informational suggestions for your review. No automated decisions are made about you without human review and control.
Where you use Filssi's HMRC Making Tax Digital (MTD) integration to submit VAT returns, Corporation Tax returns, or payroll Real Time Information (RTI) — including Full Payment Submissions (FPS) and Employer Payment Summaries (EPS) — certain technical data about your session is transmitted to HMRC's API gateway as part of HMRC's mandatory fraud prevention framework.
This data is required by law under HMRC's fraud prevention header specification and includes: your IP address, browser user agent string, screen and window dimensions, browser timezone, a list of browser plugins, your Do Not Track preference, and a persistent device identifier stored in your browser's local storage. The legal basis for this processing is compliance with a legal obligation (UK Finance Act and HMRC MTD regulations). HMRC is a statutory authority and not a commercial sub-processor; their use of this data is governed by HMRC's own privacy notice, available at gov.uk/hmrc-privacy.
This transmission only occurs when you actively trigger an HMRC submission. No HMRC fraud prevention data is collected or transmitted during ordinary use of the platform.
We may update or replace sub-processors from time to time as the Service evolves. Where such changes are material to the processing of your personal data, we will provide advance notice in accordance with our legal obligations. An up-to-date list of sub-processors is available upon request to support@filssi.com.
We do not sell, rent, lease, or trade your personal data to any third party for marketing or commercial purposes. Your data is used exclusively for the purpose of providing and improving the Service.
Some of our sub-processors may process data outside the United Kingdom and the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place in compliance with UK GDPR Chapter V.
For transfers of personal data to countries that have not received a UK adequacy decision, we rely on one or more of the following mechanisms:
We monitor changes to adequacy decisions and transfer mechanisms regularly and update our arrangements accordingly.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The table below sets out our standard retention periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (name, email, company details) | Duration of account + 30 days | Necessary for service provision; 30-day grace period for data export after account closure |
| Financial records (invoices, expenses, payments, journals, tax records) | 7 years from creation | Legal requirement under UK tax legislation (HMRC requirements) |
| Payroll records (payslips, P60s, PAYE data, payroll journals) | 7 years from tax year end | HMRC statutory requirement for payroll record-keeping |
| RTI submission records (FPS/EPS logs, HMRC correlation IDs, submission XML payload) | 7 years from tax year end | HMRC statutory record-keeping requirement; evidence of legal payroll reporting obligations |
| Payroll audit logs (who submitted, when, HMRC response, qualifier, errors) | 7 years | Immutable audit trail for regulatory compliance, dispute resolution, and fraud prevention |
| Usage logs (login times, feature usage, IP addresses) | 12 months | Legitimate interest in security monitoring, troubleshooting, and service improvement |
| Marketing consent and preferences | Until consent is withdrawn | Consent-based processing; retained until you opt out |
| Technical and cookie data | Session or up to 12 months | Necessary for platform functionality and analytics |
Retention periods may be extended beyond those stated above where required for legal obligations, fraud prevention, dispute resolution, regulatory enforcement, or other legitimate record-keeping purposes. When data is no longer required, it is securely deleted or anonymised in accordance with our data management procedures.
We take the security of your personal data seriously. We implement appropriate technical and organisational security measures designed to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction.
Our security measures include:
While we apply robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for notifying us immediately of any suspected unauthorised access.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority (the ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 of the UK GDPR.
Where Creator Business OS Ltd acts as a data processor in respect of personal data you have entered into the platform (for example, your employees' payroll data or your clients' contact details), and a security incident occurs that affects that data, we will notify you as the data controller without undue delay upon becoming aware of the breach — and in any event within 72 hours where feasible — so that you are able to fulfil your own regulatory obligations to the ICO and affected data subjects.
Breach notifications to customers will be made to the primary account email address on record and will include, to the extent known at the time: (a) a description of the nature of the breach; (b) the categories and approximate volume of personal data affected; (c) the likely consequences of the breach; and (d) the measures taken or proposed to address the breach. We will cooperate fully with you and provide reasonable assistance in completing any required notifications.
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain conditions and exemptions under applicable law.
You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed. We will respond to your request within one month of receipt.
You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you. You can also update most information directly through your account settings.
You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is unlawful. This right does not apply where we are legally required to retain data (for example, financial records for tax compliance).
You have the right to request that we restrict processing of your personal data in certain circumstances — for example, while you contest the accuracy of data we hold about you.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. The Service provides built-in export features (Excel, CSV, PDF) to support this right.
You have the right to object to processing based on legitimate interests. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Where we process your data on the basis of consent (for example, marketing communications), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of any processing carried out before the withdrawal.
If you believe our processing of your personal data infringes data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk
To exercise any of the rights above, please contact our Data Protection Officer at support@filssi.com. We will respond within one month. In complex cases, this may be extended by up to two further months, in which case we will inform you promptly of the extension and the reasons for it.
To protect your privacy, we may request verification of your identity before processing certain requests. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive in nature.
Cookies are small text files placed on your device when you use the Service. We use cookies strictly to ensure the proper functioning of the platform and, where you have consented, to improve your experience.
These cookies are strictly necessary for the operation of the Service and cannot be disabled without impairing functionality. They include:
We do not use analytics cookies, tracking cookies, advertising cookies, or any third-party cookies for monitoring or profiling purposes. The only cookies set by the Service are the essential session cookies described in Section 11.1 above. We do not integrate any analytics platforms (such as Google Analytics), advertising networks, or user-tracking scripts.
The Service loads the Inter typeface from Google Fonts (fonts.googleapis.com / fonts.gstatic.com). When your browser requests a font file, Google's servers receive your IP address and browser headers as part of the standard HTTP request. This is a purely technical request — no cookies are set by Google Fonts, and no persistent identifier or tracking profile is created. Google's privacy practices for this service are described at developers.google.com/fonts/faq/privacy. No other third-party scripts, pixels, or assets are loaded by the Service.
You can manage or block cookies through your browser settings. Most browsers allow you to view, delete, and block cookies on a site-by-site basis. Please note that disabling essential cookies will impair the functionality of the Service and may prevent you from accessing certain features.
Filssi may send you product updates, new feature announcements, tips, and other marketing communications relating to the Service, where we have a lawful basis to do so under the UK GDPR and the Privacy and Electronic Communications Regulations 2003 (PECR).
We send marketing communications only where:
We will always clearly identify Filssi marketing communications as such, and every marketing email includes a clear and easy unsubscribe option.
You may opt out of marketing communications at any time by:
We will honour all opt-out requests promptly. Opting out of marketing does not affect your receipt of transactional or service communications (see Section 12.3 below).
Certain email communications are necessary for the operation of your account and the delivery of the Service, and are sent regardless of your marketing preferences. These include:
These communications are sent on the basis of contract performance and legitimate interest, and cannot be unsubscribed from while you hold an active account.
We do not sell, rent, or transfer your personal data to any third party for their own marketing purposes. We do not share your email address or contact details with advertisers or data brokers.
Filssi includes optional AI-powered features designed to assist with business operations, reporting, and decision-making. This section explains how these features work, what data they process, and the safeguards in place.
Filssi's AI features include AI Specialists (AI assistant advisors covering HR, payroll, accounting, AR, AP, tax, CRM, reporting, budgeting, legal, and content strategy), AI-powered document scanning and field extraction, content generation suggestions, reporting insights, and automation recommendations. These features are available on Growth and Pro subscription plans.
When you use an AI feature, Filssi may send a limited, contextual snapshot of your company's data to an AI model provider (currently OpenAI, accessed via Replit's AI Integration infrastructure) in order to generate a relevant response. The data sent is limited to what is necessary to answer your query and may include your business name, reporting currency, subscription plan, your name and role, and relevant financial or operational summaries from your account.
AI features process your queries and company context on the basis of our legitimate interest in providing an intelligent, context-aware assistant within the platform.
The AI model provider (currently OpenAI, accessed via Replit) is listed as a sub-processor in Section 6.6 of this Policy. For full detail on sub-processor arrangements, see our Data Processing Agreement.
The Service is a business software platform designed exclusively for use by individuals aged 18 and over. We do not knowingly collect or process personal data from anyone under the age of 18.
If we become aware that personal data from a person under 18 has been collected, we will take steps to delete that data as soon as reasonably practicable. If you believe a minor has provided data to us, please contact us immediately at support@filssi.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of an updated policy constitutes your acknowledgement of and agreement to the changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the details below. We will always try to resolve your concern directly before you feel the need to escalate to a supervisory authority.
Our Data Protection Officer is responsible for overseeing our data protection compliance and can be contacted for any data protection queries or to exercise your rights under UK GDPR:
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office: