Data stays in CanadaYour data is protected.
Your data is protected.
Full stop.
We handle customer data, financial records, and call logs. Security isn't a feature — it's the foundation.
🔐
Encryption everywhere
- ✓All data encrypted in transit (TLS 1.3)
- ✓All data encrypted at rest (AES-256)
- ✓Database row-level security — your data is always isolated from other contractors
- ✓Secrets stored in environment-isolated vaults, never in code
🇨🇦
Data stays in Canada
- ✓Primary infrastructure on AWS ca-central-1 (Montreal)
- ✓Supabase Postgres hosted in Canada
- ✓PIPEDA-compliant data handling
- ✓Your customer data never crosses the border without your knowledge
🛡️
You approve everything important
- ✓No invoice, text, or charge is sent without your explicit approval
- ✓Financial actions are hardcoded to require human approval — not configurable
- ✓Every AI action is logged in your activity feed with full context
- ✓Undo is available for most completed actions
🔑
Authentication & access
- ✓Auth0 enterprise-grade authentication
- ✓Multi-factor authentication (MFA) supported
- ✓Role-based access: Owner, Admin, Technician
- ✓Full audit log of team member actions
📋
Your data is yours
- ✓Export all your data anytime, in standard formats
- ✓Delete your account and data at any time
- ✓We do not sell your data — ever
- ✓No data used to train AI models without your consent
🏗️
Infrastructure & compliance
- ✓SOC 2 compliance roadmap (targeting 2027)
- ✓PIPEDA compliance for Canadian customer data
- ✓Penetration testing on all major releases
- ✓Dependency scanning and vulnerability alerts
Third-party processors
Fixtor integrates with industry-standard services to deliver its features. Each is selected for their security posture and compliance credentials.
| Service | Purpose | Data location |
|---|---|---|
| Auth0 | Authentication & MFA | Canada / USA |
| Supabase | Database & real-time | ca-central-1 (Canada) |
| Stripe Connect | Payment processing | USA |
| Twilio | SMS & voice | USA |
| Postmark | Transactional email | USA |
| PostHog | Product analytics | USA (EU option available) |
| Sentry | Error tracking | USA |
Responsible disclosure
Found a security vulnerability? We want to hear from you. Please report it to security@fixtor.ai with a description and steps to reproduce. We commit to acknowledging reports within 24 hours and resolving critical issues within 7 days.
We do not pursue legal action against security researchers who act in good faith.
Questions about security?
We're happy to walk through how we protect your business data.
Also see: Privacy Policy · Terms of Service