getFIXLY logogetFIXLY

Legal

Privacy Policy

Effective date: May 31, 2026 Last updated: May 31, 2026

This Privacy Policy explains how getFIXLY Inc. ("getFIXLY," "we," "us," or "our") collects, uses, shares, and protects information about you when you use our websites, applications, and services, including https://www.getfixly.app, https://www.getfixly.app/blog, https://community.getfixly.app, any associated mobile apps, and any features, content, tools, or functionality offered through them (collectively, the "Services").

getFIXLY is based in the United States. We market and operate primarily in the United States, but the Services are available worldwide. This Policy is written to satisfy U.S. federal and state privacy laws (including the California Consumer Privacy Act / California Privacy Rights Act ("CCPA/CPRA"), Virginia's Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), Connecticut's Data Privacy Act, Utah's Consumer Privacy Act, and similar laws in other U.S. states), as well as the European Union General Data Protection Regulation ("GDPR"), the United Kingdom GDPR, Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA") and Quebec's Law 25, and other applicable privacy laws.

If you have questions, contact our privacy team at privacy@getfixly.app.

Quick links 1. Information we collect · 2. How we use information · 3. How we share information · 4. Cookies and tracking · 5. Your choices and rights · 6. International transfers · 7. Retention · 8. Security · 9. Children · 10. Region-specific notices · 11. Changes · 12. Contact

1. Information we collect

We collect information in three ways: (a) information you give us, (b) information we collect automatically from your use of the Services, and (c) information we receive from third parties.

(a) Information you give us

Waitlist and beta signup. When you sign up for the waitlist, we collect your email address and any other information you provide (for example, persona type — homeowner, builder, inspector, warranty representative — and ZIP code or region, if asked). We may store these values in encrypted form. We use a bot-verification challenge (currently Cloudflare Turnstile) to reduce abuse; see Section 4 and our Cookie Policy.

Account information. When you create an account on the Services, the blog, or the forum, we collect identifiers such as your name or display name, email address, password (stored as a salted hash, never in plaintext), and any optional profile information you choose to add (avatar, bio, location, role, organization).

Project and customer data (paid Services). When you use the paid SaaS Services to manage handoff workflows, you may submit project records, addresses of homes (which can be personal data), defect descriptions, photos and videos of construction or defects, dates and timelines, contracts and warranty documents, repair and inspection notes, and identifying information about other parties involved (such as a builder's project manager or an inspector). If you use the Services on behalf of an organization, we treat that organization as the controller of customer data and ourselves as the processor (see Section 10 below).

Forum and blog content. When you post in the forum or comment on the blog, we collect the content of your posts, replies, reactions, and any files you attach.

Communications. If you contact us by email, support form, or other means, we collect the contents of your communications and any attachments, as well as the email address and other contact information you choose to share.

Payments. If and when paid plans are offered, payments are processed by a third-party payment processor (e.g., Stripe). We don't store full payment-card numbers on our systems. We do receive limited information such as the last four digits of the card, card type, billing ZIP code, and a transaction token.

Surveys, events, and marketing. If you respond to a survey, attend an event, or sign up for a newsletter, we collect what you submit and your contact details.

(b) Information we collect automatically

When you visit the Services, we (and our service providers) may collect:

  • Device and technical information — IP address, device type, operating system, browser type and version, screen resolution, language, time zone, and similar data;
  • Usage information — pages visited, links clicked, search terms entered, referring/exit pages, dates and times of access, errors encountered, and feature usage;
  • Approximate location derived from IP address;
  • Cookies and similar technologies — see Section 4 and our Cookie Policy;
  • Log data — server logs of HTTP requests, user-agent strings, and similar information needed to operate, secure, and debug the Services.

(c) Information from third parties

  • Single sign-on / social login. If you sign in using a third-party account (for example, Google), we receive basic profile information (such as name, email, and profile picture) consistent with that provider's permissions and your settings.
  • Analytics and advertising partners. We may receive aggregate or pseudonymous information about how users interact with our content across platforms.
  • Public sources. For business intelligence (for example, to better understand the builder ecosystem) we may consult publicly available business records.
  • Referrals. If another user invites you to a project or workspace, we may receive your email address from them.

Sensitive information

We don't intentionally collect sensitive personal information (e.g., government identifiers, precise geolocation, biometric data, financial-account information, health information, or information about race, religion, sexual orientation, or political views). Please don't post this kind of information in the forum or in project records. If you believe we've inadvertently received sensitive information, contact privacy@getfixly.app and we'll delete it.

2. How we use information

We use information for the following purposes (and, where required by GDPR or similar laws, on the lawful bases noted in brackets):

  • Provide the Services — operate accounts, host the forum and blog, deliver paid features, process payments, send service messages [contract; legitimate interests; consent where applicable].
  • Personalize and improve — understand usage, develop new features, debug and prevent errors, run analytics [legitimate interests; consent where required by law].
  • Communicate with you — respond to questions, send transactional notices, send waitlist updates, send marketing emails (which you can unsubscribe from at any time) [contract; legitimate interests; consent for marketing where required].
  • Safety and integrity — detect, investigate, and prevent fraud, abuse, security incidents, and harm to users or third parties; enforce our Terms and policies; comply with legal obligations [legitimate interests; legal obligation].
  • Legal compliance — meet legal, tax, accounting, and regulatory obligations; respond to valid legal requests [legal obligation].
  • Aggregate and de-identified data — produce aggregated, statistical, or de-identified information that does not identify you, for any purpose, including research and publishing benchmarks. Once de-identified, we maintain it as such and do not attempt to re-identify it [legitimate interests].
  • With your consent — for any other purpose disclosed at the time you provide the information.

We do not use information that we collect to make solely automated decisions that produce legal or similarly significant effects on you.

3. How we share information

We share information in the following circumstances:

  • With other users of the Services — for example, public forum posts, blog comments, and public profile fields are visible to everyone; project data is visible to others you've invited to that project (e.g., a builder seeing a homeowner's punch list).
  • With service providers — vendors who process information on our behalf to provide the Services, including hosting and infrastructure (e.g., AWS, Google Cloud, Cloudflare, MongoDB Atlas), email delivery, analytics, customer support tools, payment processors (e.g., Stripe), error monitoring, and bot detection (Cloudflare Turnstile). We bind providers by contract to use information only as necessary to perform services for us.
  • With professional advisors — auditors, accountants, lawyers, insurers.
  • In business transfers — if we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. We'll notify you (e.g., via email or by a notice on the Services) before your information becomes subject to a different privacy policy.
  • For legal reasons — to comply with applicable law, regulation, legal process, or governmental request; to enforce our Terms; to protect our rights, property, or safety, or those of our users or others.
  • With your consent or at your direction — for example, if you choose to share content publicly or connect a third-party app.

We do not sell your personal information for money. Some sharing for analytics or advertising may qualify as a "sale" or "sharing" or "targeted advertising" under specific U.S. state laws; see Section 10 for the controls we offer (including a Global Privacy Control / "Do Not Sell or Share" mechanism).

A current list of our material subprocessors will be made available at https://www.getfixly.app/legal/subprocessors once paid Services launch.

4. Cookies and similar technologies

We and our service providers use cookies, pixels, local storage, and similar technologies to operate the Services, remember your preferences, understand usage, and (where applicable) measure the effectiveness of marketing.

For details about the categories of cookies we use, the specific vendors involved, and how to control them, see our Cookie Policy. In jurisdictions that require it (such as the EU and UK), non-essential cookies are loaded only after you give consent through our cookie banner. You can update your choices at any time through the "Cookie preferences" link in the footer.

We honor the Global Privacy Control (GPC) signal as a request to opt out of "sales" and "sharing" / targeted advertising under U.S. state privacy laws.

5. Your choices and rights

Depending on where you live, you may have some or all of the following rights:

  • Access / know — what personal information we hold about you and how we use it.
  • Correct / rectify — inaccurate or incomplete information.
  • Delete / erase — your information, subject to legal exceptions.
  • Portability — receive your information in a structured, machine-readable format.
  • Restrict / object — to certain processing, including processing based on legitimate interests and direct marketing.
  • Opt out of "sale" or "sharing" / targeted advertising — under CCPA/CPRA, VCDPA, CPA, and similar laws.
  • Limit use of sensitive personal information — under CCPA/CPRA.
  • Withdraw consent — for processing based on consent, at any time, without affecting the lawfulness of prior processing.
  • Lodge a complaint — with your data-protection authority.

To exercise these rights, email privacy@getfixly.app or use the controls in your account settings. We will verify your identity before responding (typically by confirming control of the email address on file). You may use an authorized agent in jurisdictions that allow it.

We will respond to verifiable requests within the timelines required by applicable law (generally 30–45 days, with the possibility of an extension). We will not discriminate against you for exercising your rights.

If you are unhappy with our response, you may have a right to appeal (in some U.S. states) by writing to privacy@getfixly.app with "Privacy Appeal" in the subject line, or to lodge a complaint with your supervisory authority.

6. International data transfers

getFIXLY is based in the United States, and our service providers may operate in the United States or other countries. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States and other countries that may have different data-protection laws than your country of residence.

For transfers of personal information from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries that are not subject to an adequacy decision, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, and we conduct transfer impact assessments where required.

7. Data retention

We keep personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law. Specifically:

  • Account data — kept while your account is active and for a reasonable period afterwards (typically up to 24 months) to allow recovery; longer if required by tax, accounting, or legal obligations.
  • Waitlist email addresses — kept until you ask us to delete them or for up to 24 months after the related campaign ends, whichever is shorter.
  • Forum and blog content — kept while the content is on the Services. If you delete a post, we may retain limited backups for a reasonable period.
  • Project / customer data (paid Services) — kept according to the controlling organization's retention settings or contractual instructions.
  • Logs and security data — kept for periods consistent with industry practice (typically 30–365 days).
  • Records required by law — kept for the periods required.

When we no longer need information, we delete or de-identify it.

8. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. Examples include encryption in transit (TLS), encryption at rest for sensitive fields (such as waitlist emails), salted password hashing, role-based access controls, audit logging, network segmentation, and regular reviews of our security practices.

No system is 100% secure. If you have reason to believe your interaction with us is no longer secure (for example, you suspect your account has been compromised), please contact us promptly at privacy@getfixly.app.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, contact us at privacy@getfixly.app and we will delete it.

10. Region-specific notices

(a) United States — California (CCPA/CPRA)

In the past 12 months, we have collected the categories of personal information described in Section 1 — including identifiers, internet/network activity, geolocation (approximate, IP-based), commercial information (such as paid-plan history), professional/employment information (such as builder/inspector role), and inferences drawn from the foregoing — for the business purposes described in Section 2. We have disclosed such information to the categories of recipients listed in Section 3.

We do not sell personal information for money, and we do not knowingly sell or share personal information of consumers under 16. Some uses of analytics and advertising cookies may qualify as a "sale" or "sharing" or "cross-context behavioral advertising" under California law; you can opt out via the "Do Not Sell or Share My Personal Information" link in the footer or by sending a Global Privacy Control signal.

California residents have the rights to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and not be discriminated against for exercising rights. To exercise, contact privacy@getfixly.app.

(b) United States — Virginia, Colorado, Connecticut, Utah, and other states

Residents of states with comprehensive privacy laws have rights similar to those in California (access, correction, deletion, portability, opt out of targeted advertising and "sale," and, in some cases, opt out of profiling that produces legal or similarly significant effects). Use the same contact path: privacy@getfixly.app.

(c) European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

The controller of your personal information is getFIXLY Inc., 131 Continental Dr., Suite 305, Newark, DE 19713. The lawful bases for processing are described in Section 2.

If your queries are not resolved, you have the right to lodge a complaint with your local data-protection authority. In the UK, this is the Information Commissioner's Office (ico.org.uk).

If we have not appointed a representative in your region, please direct any inquiries to privacy@getfixly.app. Once meaningful EU/UK use exists, we will appoint an Article 27 representative ([EU REPRESENTATIVE] / [UK REPRESENTATIVE]) and update this Policy.

(d) Canada (PIPEDA / Quebec Law 25)

You have rights of access, correction, and (in some cases) deletion. Quebec residents may have additional rights under Law 25, including the right to be informed of automated decision-making and the right to data portability. Contact privacy@getfixly.app.

(e) Other jurisdictions

We will comply with applicable privacy laws of the jurisdictions where the Services are offered. If your jurisdiction grants additional rights, you may exercise them by contacting privacy@getfixly.app.

11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we'll notify you (for example, by email to the address on your account or by a conspicuous notice on the Services) before they take effect. The "Last updated" date at the top tells you when the Policy was last revised.

12. How to contact us

For privacy questions or to exercise your rights:

Privacy team Email: privacy@getfixly.app Mail: getFIXLY Inc., 131 Continental Dr., Suite 305, Newark, DE 19713, Attn: Privacy

For general questions, see support@getfixly.app.