Privacy Policy

Introduction

This Privacy Policy explains how UpFix LLC ("UpFix," "we," or "us") collects, uses, shares, and protects information when you use the UpFix platform, including our web application, APIs, background workers, AI-assisted features, and related services (the "Service"). By using the Service, you consent to this Policy. If you do not agree, do not use the Service.

This Policy applies to Free, trial, and paid tiers. Your organization (the Tenant) controls its Customer Data; UpFix processes it to provide the Service.

Scope & Roles

• Service Coverage: Web app, APIs, scheduled/automation workers, AI/LLM-powered features, storage, and support channels.
• Tenant Control: Customer Data is controlled by your Tenant; you designate authorized users and configure access, retention, and exports.
• UpFix Role: We act as a service provider/processor for Customer Data and as a controller for our own account, billing, security, and product operations data.

Lawful Bases (EU/UK)

Where GDPR/UK GDPR applies, we process data under these bases: (a) contract (to deliver the Service to your Tenant and authorized users), (b) legitimate interests (e.g., security, fraud prevention, service improvement) balanced against your rights, (c) legal obligation (tax, compliance, recordkeeping), and (d) consent where required (e.g., certain marketing or optional cookies). You may withdraw consent at any time; this does not affect prior processing under a valid lawful basis.

Information We Collect

• Account & Identity: Name, email, phone (if provided), role, tenant membership, authentication and invitation metadata.
• Usage & Logs: Device/browser data, IP addresses, timestamps, feature usage, performance metrics, crash reports, security events, and cookies or similar identifiers.
• Tenant & Business Data: Asset/device details, maintenance schedules, work orders, meter readings, telemetry, documents, images, and associated metadata, including data you upload to chat/AI features.
• Files & Communications: Documents and media you store, comments, support tickets, and feedback.
• Payment & Subscription: Plan selection, seat counts, trial status, billing history. Payment methods are processed by providers like Stripe; we do not store full card numbers.
• Derived Data: Analytics, aggregates, embeddings/vectors for search, de-identified statistics, and system-generated context for AI responses.
• Free Tier: We collect the minimum needed to operate the Free Service, which may include throttling, storage caps, or data cleanup for inactive accounts.

Data Categories & Uses (Summary)

• Identifiers (name, email, IP, device IDs): authentication, security, account management, fraud prevention.
• Commercial/Billing (plans, seats, invoices): subscriptions, trials, collections, tax compliance.
• Usage/Telemetry (logs, performance, feature use): reliability, support, abuse prevention, product improvement.
• Content/Uploads (documents, images, work orders, metrics, chat prompts): core Service delivery, search/AI responses, storage.
• Inferences/Embeddings: semantic search, relevance, and contextual answers; generated from your provided content.
• Geolocation (coarse IP-based): security, fraud prevention, localization; we do not collect precise GPS.
• Support/Comms: responding to requests, tickets, feedback, and incident handling.

How We Use Information

• Provide, operate, secure, and maintain the Service, including multi-tenant access controls and automations.
• Deliver features you configure (e.g., maintenance schedules, document processing, AI chat responses, notifications).
• Manage billing, trials, and seat-based subscriptions; enforce plan entitlements and limits.
• Monitor, troubleshoot, and improve performance, reliability, and security (including rate limiting and abuse detection).
• Develop and improve the Service using aggregated, de-identified, or derived data that does not identify you or your Tenant.
• Provide support, communicate service updates or security notices, and send transactional emails (e.g., invites, resets, alerts).
• Send marketing communications where permitted; you can opt out of marketing emails.
• Comply with legal obligations and enforce our Terms of Service.

AI, Automations & Third Parties

• AI Processing: Prompts, documents, and context you provide to AI features may be sent to model providers to generate Output. Providers are contractually restricted from using Customer Data for training unless expressly disclosed.
• Automations: Scheduled jobs, triggers, and workers (e.g., maintenance, document processing, meter checks) run based on your configuration; review accuracy before acting on results.
• Infrastructure & Vendors: We use hosting, storage, analytics/monitoring, email delivery, payment processing, and AI model vendors to operate the Service. Data may be transmitted to these vendors under confidentiality and security safeguards.
• No Selling: We do not sell personal information.

Information Sharing

• Within Your Tenant: Shared with users you authorize based on roles and permissions.
• Service Providers: Vendors that host, process, transmit, analyze, or support the Service (listed above), subject to confidentiality and security commitments.
• Safety, Security, Legal: To respond to lawful requests, protect rights, investigate abuse, or address security incidents.
• Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to continued protection of your data.

We do not “sell” or “share” personal information for cross-context behavioral advertising as defined by California law. If that changes, we will provide required notices and opt-outs.

Information from Third Parties

• Customers: If you are an authorized user, we may receive information about you from your Tenant.
• Service Providers: We may receive information from cloud/hosting, support, analytics, monitoring, payment, communications, or marketing service providers that help operate and support the Service.
• Third-Party Integrations: If you connect external services or platforms, we may receive data necessary to enable those integrations per your configuration.
• Marketing/Advertising Providers: We may receive business contact details or lead information consistent with law and your preferences.
• Other Sources: We may receive information from partners, data licensors, or public sources (e.g., business profiles, social media) where permitted.
• Social Media Interactions: If you engage with our social pages, we may receive profile or interaction data you make available there.

External Links & Integrations

Third-party sites or integrations you choose (e.g., storage, analytics, social links) have their own terms and privacy practices. Data shared through those integrations is governed by their policies.

Cookies & Tracking

We use cookies and similar technologies for authentication, security, preferences, and analytics. You can control cookies via browser settings; blocking some cookies may affect functionality. If we use analytics or performance tools, they are limited to service operations and not for selling or sharing data for cross-context ads. Opt-out tools provided by those vendors (if any) will be honored.

Marketing Communications

You may opt out of marketing emails at any time via unsubscribe links or by contacting us. Transactional, service, and security messages are required to operate the Service and will continue while your account is active.

Retention & Deletion

• Customer Data is retained while your Tenant is active or as needed to provide the Service, comply with law, or resolve disputes.
• Operational logs and telemetry typically have shorter retention (e.g., 30–90 days); backups may persist for limited cycles (e.g., 30–60 days) before being overwritten.
• Billing and tax records may be retained for statutory periods (e.g., up to 7 years).
• Free or inactive accounts may be archived or deleted after prior notice, consistent with plan limits.
• Tenant administrators can request export or deletion of Customer Data; some legal or audit records may be retained as required by law.

Security

We implement administrative, technical, and physical safeguards appropriate to the Service, including TLS encryption in transit, cloud-provider encryption at rest, tenant scoping, RBAC, rate limiting, monitoring, and vulnerability management. No system is 100% secure. You are responsible for securing credentials, enabling MFA where offered, managing user access, and maintaining secure devices and networks, and for reviewing AI/output before acting on it.

Your Choices & Rights

• Access, update, or delete certain data via account settings or through your Tenant administrator.
• Request export/portability, correction, restriction, or objection to processing where applicable by law (EU/UK: access, rectification, erasure, restriction, portability, objection, no solely automated decisions; withdraw consent; lodge a complaint with a regulator).
• California/CPRA: rights to know/access, delete, correct, and to opt out of any future “sale” or “sharing” for cross-context behavioral advertising (we do not sell/share); right to limit use of sensitive personal information; no discrimination for exercising rights.
• Authorized agents may submit requests where permitted by law, subject to verification.
• Opt out of marketing emails via provided links; you will still receive transactional or security messages.
• Configure cookies through your browser settings; optional cookie choices may limit certain features.

We may require verification and will coordinate with your Tenant administrator for requests related to Customer Data, consistent with our role as a service provider/processor.

International Transfers

The Service is primarily operated in the United States. Information may be transferred to and processed in countries where we or our providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses and DPAs) for such transfers.

Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If you believe a minor has provided information, contact us to request deletion.

Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated through the Service or by email when practicable. Continued use of the Service after changes take effect constitutes acceptance.

Contact Information

If you have questions about this Privacy Policy or our data practices, contact: