/01Legal

Privacy policy.

Last updated
May 1, 2026
Version
v1.0
Jurisdiction
EU · EEA · UK
/01

Who we are

Fixo (“we”, “us”, “our”) is a real-time issue tracking platform for physical devices — gym equipment, vending machines, kiosks, coffee machines, and similar. The data controller for the purposes of GDPR is Fixo Operations, contactable at support@fixoapp.net.

/02

What we collect

From customers (QR scanners). When you scan a QR code on a device and submit a report, we collect:

  • The category and severity you select
  • The optional comment you type
  • A coarse timestamp of submission
  • Anti-abuse signals from hCaptcha (an Intuition Machines service — see their notice)

We do not collect your name, account, phone number, location, or any identifier that ties the report to you personally.

From owners (mobile app account holders). When you sign up for the Fixo mobile app, we collect:

  • Account email and display name
  • Authentication tokens (via Google or your chosen sign-in provider)
  • Locations and devices you create, plus the QR codes generated for them
  • Reports filed against your devices and your responses to them
  • Standard service telemetry — app version, OS, error traces
/03

Why we collect it

We process the data above to:

  • Run the service — route reports to the right owner, send notifications
  • Keep abuse and spam off the platform
  • Diagnose bugs and improve reliability
  • Comply with legal obligations when they apply

Legal bases under GDPR: contract performance for owner accounts; legitimate interest (anti-abuse, service operation) for anonymous reports; consent where we ask for it explicitly.

/04

Sharing

We share data only with:

  • Sub-processors running our infrastructure — cloud hosting, push notifications, error monitoring, hCaptcha. A current list is available on request.
  • The device owner who receives the report you submit (only the report content — never any data identifying you).
  • Authorities, when required by valid legal process.

We do not sell personal data. We do not use it to train third-party models.

/05

Retention

  • Anonymous reports: retained for the lifetime of the device record, then deleted within 30 days of device removal.
  • Account data: retained while your account is active and for 30 days after deletion, except where law requires longer.
  • Telemetry & logs: 90 days rolling.
/06

Your rights

If you have a Fixo account, you have the right to access, correct, export, or delete your personal data. You can also object to processing or restrict it. Email support@fixoapp.net and we'll respond within 30 days.

Anonymous reports cannot be tied back to you, so we cannot identify them on your behalf — but you can ask the device owner to remove a specific report from their dashboard.

/07

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is limited to named engineers, gated by SSO + hardware keys, and audited. We run a responsible-disclosure program at support@fixoapp.net.

/08

Changes to this policy

We update this policy when our practices change. Material changes will be notified to account holders by email or in-app banner at least 14 days before they take effect. The version number and last-updated date at the top of this page always reflect the current document.

◆ Questions about your data?

Talk to a human.

We don't hide behind ticket forms. Email and you'll hear back from someone who works on the product.

support@fixoapp.net
Privacy Policy — Fixo