Skip to main content
FixyFlow
Sign in

Privacy Policy

Last updated: April 6, 2026

Update effective June 1, 2026 — adding AI Processing & Coaching section and disclosing AI third-party providers (OpenRouter, Anthropic). No changes to how non-AI data is handled.

FixyFlow ("we," "us," or "our") operates the website and service at fixyflow.com. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our platform.

FixyFlow is a Canadian company based in Ontario. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation.

What FixyFlow Does

FixyFlow is a SaaS platform for repair shops and service businesses. It lets businesses send SMS status updates to their customers, provides live job-tracking pages, and facilitates Google review requests after job completion.

Information We Collect from Business Users

When you create an account and use FixyFlow, we collect:

  • Name and email address
  • Password (stored securely using one-way hashing)
  • Business name
  • Payment information processed through Stripe (we do not store card numbers)

Information We Collect from Your Customers

When a business user creates a job in FixyFlow, we collect information about their customer as provided by the business:

  • Name
  • Phone number
  • Email address
  • Job description and details
  • Photos related to the job
  • Messages exchanged through the platform

This data is collected on behalf of the business user. Businesses are responsible for ensuring they have appropriate consent from their customers before entering their information into FixyFlow.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the FixyFlow service
  • Send SMS and email notifications about job status
  • Process payments and manage subscriptions
  • Generate live tracking pages for end customers
  • Send Google review requests on behalf of businesses
  • Send transactional emails (account confirmation, password resets, billing receipts)
  • Provide AI-assisted features (Message Coach, Review Classifier) for Pro+ subscribers when they explicitly enable them
  • Monitor and improve product performance and reliability
  • Detect and prevent errors, abuse, and security issues

Third-Party Services

We use the following third-party services to operate FixyFlow:

Twilio— SMS delivery. Phone numbers and message content are shared with Twilio to send notifications. Twilio Privacy Policy
Stripe— Payment processing. Payment details are handled directly by Stripe and never touch our servers. Stripe Privacy Policy
Google Analytics (GA4)— Website analytics to understand usage patterns and improve the product. Google Privacy Policy
PostHog— Product analytics to understand how features are used and identify improvements. PostHog Privacy Policy
Sentry— Error monitoring and performance tracking to detect and fix issues quickly. Sentry Privacy Policy
Resend— Transactional email delivery for account-related communications. Resend Privacy Policy
Google OAuth— Optional sign-in method. When you sign in with Google, we receive your name and email address from your Google account.
OpenRouter— AI request routing for the Review Classifier and the Message Coach (Pro+ feature). OpenRouter does not retain prompt or completion data by default. OpenRouter Privacy Policy
Anthropic— Provides the Claude language model used for AI-assisted features. Anthropic does not use API customer data to train its models. Anthropic Privacy Policy

AI Processing & Coaching

Pro+ subscribers can use AI-assisted features that send selected text to third-party language-model providers. AI processing is opt-in at the feature level (e.g. clicking the “Coach this message” button) and can be disabled entirely from account settings.

What we send to AI providers

  • The text of the message you are drafting (the business's outgoing message)
  • Optional context: trade type, job stage, and customer first name (used for tone calibration only)
  • For the Review Classifier: public Google review text the business has imported

What we do NOT send to AI providers

  • Customer replies or inbound messages
  • Customer phone numbers, email addresses, or photos
  • Payment, billing, or business-account credentials

Cross-border data transfer

AI processing occurs on US-based servers operated by OpenRouter and Anthropic. By using AI-assisted features, you consent to this transfer in accordance with PIPEDA. Both providers operate under contractual restrictions that prohibit using your data to train their models.

Retention of AI grade records

AI grade records (the text you submitted, the model's response, and your interactions with suggestions such as accepts and edits) are retained for up to 24 months and may be used in anonymized aggregate form to improve our coaching rubric. Aggregated statistics with personal identifiers removed may be retained indefinitely. You may request deletion of your AI grade records at any time at hello@fixyflow.com.

Advisory only

AI suggestions are advisory. You remain responsible for the content of any message you choose to send. FixyFlow is not liable for outcomes arising from AI-suggested content.

Cookies

We use the following types of cookies:

  • Session cookies— Required to keep you signed in. These are set by NextAuth and are essential for the service to function.
  • Analytics cookies— Set by Google Analytics (GA4) and PostHog to help us understand how the site is used. These can be blocked by your browser without affecting core functionality.

Data Sharing

We do not sell your personal information to third parties.

We share personal information only with the third-party service providers listed above, and only to the extent necessary to operate the FixyFlow platform. We may also disclose information if required by law, regulation, legal process, or governmental request.

Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete your data within 30 days. Some data may be retained longer if required for legal, accounting, or compliance purposes.

AI grade records have their own retention rules — see the “AI Processing & Coaching” section above.

Data Security

We take reasonable measures to protect your personal information, including encryption in transit (TLS/HTTPS), secure password hashing, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Your Rights

Under PIPEDA and applicable Canadian privacy law, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Withdraw consent for the collection or use of your information
  • Request deletion of your account and associated data
  • File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact us at hello@fixyflow.com.

Children's Privacy

FixyFlow is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Continued use of FixyFlow after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

hello@fixyflow.com

FixyFlow · Ontario, Canada