Privacy, in plain English

No legal degree required. Here's exactly what we collect, what we don't, and why.

This page is a plain-English summary. The full legal privacy policy is at fixtag.io/privacy-policy. If there's ever a conflict between the two, the full policy governs.

For gym members

You scan a QR code on a broken piece of equipment and report the issue. Here's what happens to your data:

Reporting is anonymous. No name, no login, no app download. We genuinely don't know who you are when you scan.
Photos stay with the issue report. If you attach a photo, it goes to your gym's dashboard — not to us for any other purpose.
Optional email for resolution updates. If you share your email so we can notify you when the issue is fixed, that email is sent once and then automatically deleted within 30 days. We don't send you anything else.
A device identifier prevents spam. We generate a hashed fingerprint from generic browser properties (screen size, timezone, language) to enforce a limit of 10 reports per day. This hash can't be traced back to you and is automatically deleted after 90 days.
Issue text is checked by AI. Report descriptions are reviewed by an automated content moderation system to catch spam and off-topic content. Only the text is sent — nothing about you personally.
No cookies, no tracking, no ads. The reporting interface sets no cookies. We don't track you across websites. We don't sell data or run ads of any kind.

For gym owners and staff

You create an account to manage your facility. Here's what we hold and why:

Account information. Name, email, and an encrypted password. We never store your password in a readable form.
Business data. Your locations, equipment records, issue reports, and team members — everything you put into FixTag to run your maintenance program.
Data isolation. Your gym's data is completely separated from every other gym at the database level. Strict access controls mean only your team can see your data.
Equipment photos and AI features. If you use the AI equipment analysis or image generation features, equipment photos are transmitted to third-party AI services to generate suggestions. Only the photo is sent — no personal information accompanies it. No facial recognition or biometric analysis is performed.
Email alerts for new issues. When a member submits a report, you get an email. That's the only email we send you outside of account administration.
Error tracking. If something breaks in the app, our error tracking tool captures technical details to help us fix it. User identifiers in error logs are anonymized UUIDs, not names or emails.
We don't sell your data, share it with advertisers, or monetize it in any way.
You can export or delete your data at any time. Contact [email protected] to request a full data export or account deletion.

Who has access to your data?

We use a small number of third-party services to run FixTag. Each one only receives the data it needs to do its job:

Our database provider stores all application data.
Our email service delivers issue alert and notification emails.
Our AI services process issue text (moderation) and equipment photos (analysis and image generation).
Our error tracking service captures technical errors with text masked and personal information anonymized.
Our hosting provider runs the application servers.
Our payment processor (coming soon) will handle subscription billing. We never store card numbers.

All of these services are US-based. We don't transfer data outside the United States. The full list — with company names, purposes, and their privacy policies — is in the full privacy policy.

Your rights

You can ask us to access, correct, export, or delete your data at any time. For Business Administrators, account deletion removes all associated business data. For gym members who provided an email address, you can unsubscribe via the link in any notification email — your address is deleted immediately.

California residents have additional rights under the CCPA. Details are in the full privacy policy.