Privacy Policy

1. Who we are & Contact

FixSlip is operated by Joel Lobo, a solo founder building a customer tracking layer for independent repair shops. FixSlip is a proprietorship registered for business in the United States.

Data Controller Contact:
Joel Lobo
Email: hello@fixslip.com
For GDPR / CCPA requests, include “Data Subject Request” in the subject line.

2. What data we collect and why

2.1 Shop Owner Data (our direct customers)

When you sign up for FixSlip, we collect:

• Identity data: full name, email address
• Authentication: password (hashed with bcrypt, never stored plaintext)
• Shop profile: shop name, city, country, phone number (optional)
• Billing: subscription plan, billing email (processed by Polar.sh, never stored on our servers)
• Media: shop logo if uploaded (stored on Cloudflare R2)

Legal basis: Contract (subscription terms). Consent (newsletter if you opt in).

2.2 Customer Data (your customers' job records)

When you create a job in FixSlip, you input:

• Customer identity: name, email, phone number
• Device details: type (smartphone / laptop / tablet / etc.), brand, model
• Repair issue: description of the problem
• Estimates: estimated completion date (optional)
• Internal notes: technician notes (staff-only, never shown to customer)

Legal basis: You (the shop owner) are the data controller. We are the processor. You have the responsibility to collect consent from your customers before storing their data with us. See Section 8.

2.3 Technical & Analytics Data

• IP address (rate-limiting on tracking page)
• Browser/device info(Plausible analytics, no cookies)
• Error logs (Sentry) with PII scrubbed before transmission

3. How we share your data

FixSlip never sells your data. We share data only with service providers (sub-processors) necessary to run the platform:

All sub-processors have signed Data Processing Agreements (or are covered under Polar.sh’s master agreement). For a complete list, email us.

4. International transfers

FixSlip is US-based. If you are in the UK, EU, or any jurisdiction outside the US, your data is transferred to the US for processing. We rely on:

• Data Processing Agreements with all sub-processors
• Standard Contractual Clauses (SCCs) for transfers to sub-processors in US/global

By using FixSlip, you consent to your data being transferred to and processed in the United States.

5. The public tracking page

When a customer accesses their tracking page at /track/[uuid], we show:

• Device type, brand, model
• Current job status
• Estimated completion date (if set)
• Shop name

We never show: customer name, email, phone, internal notes, or technician info.

The UUID is unguessable (122 bits of entropy, UUID v4 standard). No customer login is required. Only the shop owner who created the job knows the tracking URL, and they share it (via email) with the customer.

6. Data retention

• Active jobs: Stored for the lifetime of your subscription.
• Archived jobs: Retained for 7 years (legal compliance for repair records).
• Account deletion: When you delete your account, identifying data (name, email) is purged within 30 days. Job records remain (anonymized) for legal/audit purposes.
• Backups: Neon retains daily backups for 7 days for disaster recovery.

7. Your rights

GDPR (UK, EU, and similar)

You have the right to:

• Access your personal data (SAR)
• Rectification of inaccurate data
• Erasure(“right to be forgotten”)
• Restrict processing
• Portability of your data in machine-readable format
• Object to processing
• Lodge a complaint with your local supervisory authority (DPA)

To exercise these rights: Email us at hello@fixslip.com with “Data Subject Request” in the subject line. Include proof of identity. We will respond within 30 days.

CCPA (California)

California residents can request access, deletion, or opt-out of sale (we don’t sell, but the law requires the option). Same email process above; we respond within 45 days.

8. Your responsibility as a controller

You (the shop owner) control the collection of customer job data. You must:

• Obtain consent from customers before storing their personal data
• Provide transparency: tell customers who you are, how you use their data, and that FixSlip is a processor
• Honor customer deletion requests by instructing FixSlip to delete their records
• Keep your own privacy notice updated to reflect FixSlip as a sub-processor

FixSlip is a processor; you are the controller. Legal responsibility for customer data compliance rests with you.

9. Security

We take security seriously:

• Passwords: hashed with bcrypt (never plaintext)
• Encryption in transit: HTTPS only (TLS 1.3)
• Encryption at rest: Neon encrypts the database
• No secrets in code: API keys stored in environment variables
• Rate limiting: public endpoints rate-limited per IP
• Error monitoring: Sentry catches bugs before users report them

If you discover a security vulnerability, please email bugs@fixslip.com (not public GitHub issues).

10. Changes to this policy

We may update this policy. If the changes are material (e.g., new processor, new retention rule), we’ll notify you via email at least 30 days before they take effect. Continued use of FixSlip means you accept the new terms.

11. Contact & questions

Privacy questions?
Email hello@fixslip.com with “Privacy Question” in the subject line.

Data Subject Request (GDPR/CCPA)?
Email hello@fixslip.com with “Data Subject Request” in the subject line and proof of identity.