Privacy Policy
Last Updated: April 2, 2026
Version: 1.0
Fixate ("Fixate," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, dashboard, and related services (collectively, the "Service").
This Policy applies to:
- Customers: plumbing businesses and their authorized users who sign up for Fixate.
- End Customers: homeowners and other third parties whose information is processed through the Service when they contact a Fixate Customer via SMS.
Important — Two Roles:
- For personal information of our Customers (business contacts, billing info, dashboard users), Fixate acts as a data controller.
- For personal information of End Customers handled through the SMS intake service, Fixate acts as a data processor on behalf of the Customer, who is the data controller. If you are an End Customer with questions about how your information is used, please contact the plumbing business you reached out to.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: name, business name, email address, phone number, password (hashed).
- Billing information: payment card details (processed and stored by Stripe — we do not store full card numbers), billing address, tax ID where applicable.
- Configuration data: service areas, business hours, service categories, pricing preferences, and other settings you configure.
- Support communications: messages you send us, feedback, and support requests.
1.2 Information Collected Automatically
- Usage data: features used, pages viewed, actions taken, timestamps.
- Device and log data: IP address, browser type, operating system, device identifiers, referrer URLs, crash reports.
- Cookies and similar technologies: see Section 7.
1.3 Information Processed on Behalf of Customers (End Customer Data)
When an End Customer sends an SMS to a Customer's Fixate-connected number, we process:
- Phone number;
- Message content;
- Any information the End Customer voluntarily provides (name, address, service request details, photos, availability);
- Derived metadata (detected problem type, priority, booking stage).
We process this information only to provide the Service to the Customer. We do not sell, rent, or use End Customer data for our own marketing.
2. How We Use Information
We use personal information to:
- Provide the Service — operate the SMS intake, AI classification, booking assistance, and dashboard features.
- Account management — authenticate users, process payments, send account notifications.
- Customer support — respond to inquiries and troubleshoot issues.
- Service improvement — analyze usage patterns, debug, improve AI accuracy (using aggregated or anonymized data where possible).
- Security and fraud prevention — detect abuse, enforce our Terms, protect the Service and its users.
- Legal compliance — meet legal obligations and respond to lawful requests.
- Marketing (Customers only) — send product updates and promotional emails, which you can opt out of at any time.
We do not use End Customer message content to train AI models beyond what is necessary to serve individual requests.
3. Legal Bases for Processing (GDPR / UK GDPR)
If you are in the EEA, UK, or another jurisdiction requiring a legal basis, we rely on:
- Contract — to provide the Service you signed up for.
- Legitimate interests — to secure and improve the Service, prevent fraud, and communicate with Customers.
- Consent — where required, such as for optional cookies or marketing emails.
- Legal obligation — to comply with applicable laws.
5. Data Retention
- Customer account data: retained for the duration of your subscription plus approximately 90 days after cancellation, then deleted or anonymized.
- End Customer message data: retained per the Customer's configured retention period, or in accordance with the Terms of Service (typically for the life of the Customer's subscription plus a short grace period).
- Billing records: retained as required by tax and accounting laws (typically 6–7 years).
- Support communications: retained for a reasonable period for quality and troubleshooting.
- Backups: may persist for a limited additional period and are overwritten on a rolling basis.
We will delete or anonymize personal information sooner upon valid request where required by law.
6. Security
We implement reasonable technical and organizational measures to protect personal information, including:
- Encryption in transit (TLS) and at rest where supported by sub-processors;
- Access controls and authentication;
- Least-privilege access for employees and contractors;
- Monitoring and logging;
- Regular review of our security practices.
No system is 100% secure. You use the Service at your own risk and are responsible for safeguarding your login credentials.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you;
- Correct inaccurate or incomplete information;
- Delete your personal information;
- Restrict or object to certain processing;
- Portability — receive your information in a structured, machine-readable format;
- Withdraw consent where processing is based on consent;
- Lodge a complaint with a data protection authority.
Customers: exercise these rights by emailing [email protected] or via your dashboard settings.
End Customers: because Fixate acts as a processor for your information, please contact the plumbing business you texted. We will assist that business in responding to your request.
We will respond within the timeframes required by applicable law (typically 30 days).
9. International Data Transfers
Fixate is based in Canada and our sub-processors may be located in the United States and elsewhere. When we transfer personal information across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms required by applicable law.
10. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact [email protected] and we will delete it.
11. California Residents (CCPA/CPRA)
If you are a California resident, you have the rights described in Section 8, plus the right to opt out of the "sale" or "sharing" of personal information. As noted in Section 4.5, we do not sell or share personal information for cross-context behavioral advertising.
Categories of personal information we collect (CCPA categories):
- Identifiers (name, email, phone, IP address);
- Customer records (billing, account info);
- Commercial information (subscription history);
- Internet activity (usage logs);
- Geolocation (approximate, from IP);
- Inferences (usage patterns).
We collect these for the business purposes described in Section 2.
12. Canadian Residents (PIPEDA)
If you are in Canada, you may contact our Privacy Officer at [email protected] with any questions or complaints. You also have the right to contact the Office of the Privacy Commissioner of Canada.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify Customers by email or in-Service notice at least 14 days before the changes take effect. The "Last Updated" date at the top reflects the most recent revision.
14. Contact Us
Questions, requests, or complaints?