Privacy Policy

Fixtor AI Inc. (“Fixtor,” “we,” “us,” or “our”) is a company incorporated in Ontario, Canada. We operate the fixtor.ai platform — an AI-assisted field service management tool built for trade contractors across Canada.

Questions about this policy? Contact us at privacy@fixtor.ai.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over your information. We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

If you are a contractor using Fixtor, this policy covers both your personal information and the information you enter about your customers and team members. You remain the controller of your customers' data. We process it only on your behalf, under your direction.

1. Information We Collect

1.1 Account and Profile Information

• Your full name and email address
• Your business name, trade type, and province
• Your phone number
• Your role within your company (owner, admin, technician)
• Billing information (processed by Stripe — we do not store full card numbers)
• Subscription plan and credit balance

1.2 Customer Data You Enter

When you use Fixtor to manage your trade business, you enter information about your customers: names, emails, phone numbers, service addresses, job history, invoices, quotes, and customer communications. You own this data. You are responsible for having a lawful basis to enter and process your customers' personal information in Fixtor.

1.3 Job and Operational Data

• Job details, status, assigned technician, and photos
• Scheduled visits, routes, and dispatch records
• Voice call recordings (when you enable the AI receptionist — see Section 4)
• Time and completion records

1.4 Team Member Information

Names, email addresses, roles, and activity within your account for any team members you invite.

1.5 Usage and Analytics Data

• Features accessed and actions taken
• Device type, OS, and browser
• Session duration and navigation paths
• Error logs and crash reports

1.6 AI Agent Activity Logs

Every action taken or proposed by a Fixtor AI agent is logged — what the agent proposed, whether you approved, edited, or rejected it, and timestamps. These logs give you a full audit trail and help us improve agent accuracy.

1.7 Payment and Billing Data

Subscription plan, credit balance and consumption history, top-up records, and Stripe Connect status. We use Stripe as our payment processor. Stripe collects and stores card data directly; we receive only a tokenized reference.

2. Why We Collect It (Purposes)

3. How We Use Your Information

We use your information to: operate and deliver the platform; power AI agents you activate; charge your subscription and process credit top-ups; send transactional and (with consent) marketing communications; analyze aggregate anonymized usage to improve the product; detect unauthorized access and prevent fraud; and comply with legal obligations.

We do not use your data for any purpose beyond what is necessary to deliver the services you have requested, and we do not sell your personal information or your customers' personal information for advertising purposes.

4. AI Processing — How Your Data Powers Your Agents

4.1 How AI Agents Use Your Data

Fixtor's AI agents act on your behalf, accessing your job history, customer information, team schedules, service catalog, and communications to perform their tasks. For example, the Office Manager reads job details and pricing to draft invoices; the Receptionist listens to incoming calls to answer questions and log new jobs.

4.2 Call Recordings

If you enable the AI Receptionist, incoming calls may be recorded and transcribed. Transcripts and extracted job data are stored in your account.

4.3 AI Model Processing

Fixtor routes AI tasks to model providers (including Anthropic, Google, and OpenAI). When an agent processes a task, relevant data from your account is sent to these providers as part of the prompt. We have data processing agreements with all AI model providers. Prompts are not used to train providers' foundational models under our enterprise agreements.

AI activity is logged via LangSmith (our AI observability provider, located in the USA) for debugging and quality improvement. See Section 6 for cross-border transfer details.

4.4 Your Customer Data Is Not Used to Train Our Models

We do not use your customers' personal information to train Fixtor's AI models or improve AI responses for other customers. Your data serves your account only. We may use aggregated, anonymized, de-identified data to improve platform performance.

5. Who We Share Your Information With

We do not sell your personal information. We share it only with service providers who help us deliver the platform, and only to the extent necessary.

“DPA” means we have a Data Processing Agreement in place requiring the provider to protect your data in compliance with applicable privacy law.

6. Data Residency and Cross-Border Transfers

Your primary account data is hosted on Supabase running on AWS ca-central-1 in Canada. Your backend API also runs in AWS ca-central-1. Your core business data does not leave Canada for primary storage or processing.

Certain third-party providers process data in the United States (Auth0, Stripe, Twilio, Postmark, PostHog, LangSmith, AI model providers). We address these transfers through Data Processing Agreements. Under PIPEDA, we remain accountable for the protection of personal information transferred to third parties.

Future GDPR path: As Fixtor expands to EU/UK markets, we will implement GDPR controls including lawful basis documentation, Data Protection Impact Assessments, and Standard Contractual Clauses.

7. Communications and Marketing (CASL)

7.1 Transactional Messages (No Consent Required)

Account confirmations, invoices, receipts, password resets, AI agent approval notifications, job status alerts, and security messages are sent as part of delivering the service.

7.2 Marketing Messages (Consent Required)

Product updates, new features, tips, and promotional offers are sent only with your express or implied consent under CASL.

7.3 Unsubscribing

Every marketing email includes a working unsubscribe link. Removals are processed within 10 business days as required by CASL. Unsubscribing from marketing does not affect transactional messages.

7.4 AI Agents and Your Customer Communications

When AI agents draft messages to your customers (after your approval), those messages are sent as you — from your business. You are responsible for complying with CASL requirements when communicating with your own customers.

8. Data Retention

• Active accounts: Data retained for the life of your account
• Call recordings and transcripts: Retained 12 months from date of call
• AI agent logs: Retained 12 months
• Usage analytics: Identifiable for 24 months; thereafter anonymized
• Billing records: 7 years (Canadian tax/accounting requirements)
• Deleted accounts: Personal data deleted within 30 days of closure; billing records retained 7 years
• Deleted customer records: Soft-deleted for 14 days (recoverable), then permanently deleted. May persist in encrypted backups up to 60 days

9. How We Protect Your Information

• TLS 1.2+ encryption in transit
• AES-256 encryption at rest (Supabase/AWS)
• Row-Level Security — each contractor account can only access its own data
• Auth0 enterprise authentication with MFA support
• Principle of least privilege for Fixtor employee access; all access is logged
• Regular security reviews and prompt vulnerability remediation

In the event of a data breach posing real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA. Report vulnerabilities to security@fixtor.ai.

10. Your Rights Under PIPEDA

• Access: Request a copy of personal information we hold. We respond within 30 days.
• Correction: Correct inaccurate information in your account settings or by emailing us.
• Deletion: Request account and data deletion. Subject to legal retention requirements.
• Portability: Export all your data anytime from Settings > Data Export (CSV/JSON).
• Withdraw consent: Withdraw consent for non-essential processing at any time.
• Complaint: File a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

To exercise any right: privacy@fixtor.ai. We acknowledge within 5 business days and respond fully within 30 days.

11. Children's Privacy

Fixtor is intended for trade contractors and business professionals. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact privacy@fixtor.ai and we will delete it promptly.

12. Changes to This Policy

When we make material changes, we will post an updated policy with a new “Last Updated” date and send you an email notification. Your continued use after the effective date constitutes acceptance. If you disagree, you may close your account.

13. Contact Us