Privacy Policy

Introduction

Fixd Chaos ("we," "our," or "us") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform.

We take data protection seriously. Your trust is important to us, and we are committed to being transparent about our data practices.

Information We Collect

Account Information

• Name and email address
• Password (securely hashed, never stored in plain text)
• Profile photo (optional)
• Company affiliation and role

Business Data

• Client and contact information you enter
• Job and project details
• Equipment records
• Subcontractor information
• Daily logs, notes, and field reports
• Tasks and calendar events
• Documents and photos you upload

Third-Party Integration Data

When you connect third-party services (Google, Microsoft, Box, Dropbox), we access:

• Google Gmail: Email messages you choose to sync for task creation and communication
• Google Calendar: Calendar events to display in your schedule
• Google Tasks: Tasks to sync bidirectionally with your task list
• Google Drive / OneDrive / Box / Dropbox: Files you choose to access through our platform

We only access data you explicitly authorize. OAuth tokens are encrypted using AES-256-GCM encryption and stored securely.

Automatically Collected Information

• IP address (for security and audit logging)
• Login timestamps
• Session information

How We Use Your Information

• To provide and maintain our service
• To authenticate your identity and manage your account
• To sync data with connected third-party services you authorize
• To send you notifications about tasks, deadlines, and account activity
• To provide customer support
• To detect and prevent fraud or abuse
• To improve our services

Data Security

We implement robust security measures to protect your data:

• Password Security: All passwords are hashed using bcrypt with 12 salt rounds
• Token Encryption: OAuth tokens and credentials are encrypted using AES-256-GCM
• Secure Sessions: JWT-based sessions with 8-hour expiration and secure, httpOnly cookies
• Two-Factor Authentication: Optional 2FA via email verification codes
• HTTPS: All data transmitted over encrypted connections
• Access Controls: Role-based permissions and company-level data isolation

Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these circumstances:

• With Your Team: Data is shared within your company account based on permissions you set
• Third-Party Services: When you connect services like Google or Microsoft, data is shared as necessary to provide the integration
• Legal Requirements: If required by law, court order, or government request
• Business Transfers: In the event of a merger, acquisition, or sale of assets

Third-Party Services

Our platform integrates with the following third-party services. Each has its own privacy policy:

• Google Privacy Policy (Gmail, Calendar, Drive, Tasks)
• Microsoft Privacy Statement (Outlook, OneDrive)
• Box Privacy Policy
• Dropbox Privacy Policy

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Business data (clients, jobs, logs) is archived rather than permanently deleted to maintain historical records for compliance purposes.

You can request deletion of your account and personal data by contacting us. Some data may be retained as required by law or for legitimate business purposes.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Revoke Consent: Disconnect third-party integrations at any time

To exercise these rights, please contact us at the email address below.

Cookies and Local Storage

We use cookies for:

• Authentication: Secure session cookies to keep you logged in
• Preferences: Local storage for theme and display preferences

We do not use tracking cookies or third-party analytics services.

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]