FixZone Data Security and Retention Policy

Effective Date: November 18, 2025

Entity: Fixzone Inc., a Delaware corporation operating primarily in New York

Contact: info@fixzone.app

This Data Security and Retention Policy ("Policy") outlines how Fixzone Inc. (FixZone, "we," "our," "us") protects, stores, retains, and manages data collected from users ("Users") of the FixZone platform ("Services"). FixZone is committed to maintaining industry-standard data protection practices in compliance with U.S. privacy and security regulations.

1. Purpose of This Policy

This Policy describes:

• How FixZone secures user data
• How long data is retained
• Who has internal access
• When data is deleted
• How we prevent unauthorized access
• Fraud detection and account protection measures

2. Categories of Data Covered

  • Personal information
  • Provider licensing documents
  • Identity verification data
  • Payment data
  • GPS and location data
  • Messages
  • Job photos & attachments
  • Device metadata
  • FixCoin activity
  • IP & login metadata

3. Security Practices and Safeguards

3.1 Encryption

  • In Transit: Encrypted via TLS 1.2+ and HTTPS.
  • At Rest: AES-256 or equivalent encryption.

3.2 Secure Hosting

We use infrastructure providers such as:

  • AWS
  • Firebase
  • Cloudflare

All are SOC 2 / ISO 27001 certified providers.

3.3 Access Controls

  • Role-based access
  • MFA required
  • Audit logs
  • Least-privilege model

3.4 Monitoring & Threat Detection

  • Suspicious login detection
  • Fraud monitoring
  • FixCoin abuse detection
  • Brute-force login detection

3.5 Payment Security

FixZone does NOT store card numbers.

Stripe (PCI-DSS Level 1) handles all payment instruments.

3.6 Secure Development Practices

  • Code review
  • Dependency scanning
  • Secure API authentication
  • OWASP standards

4. Data Retention Policy

Retention depends on data category:

4.1 Account Information

Retained for account lifetime + up to 5 years.

4.2 Provider Documents

Retained up to 5 years after account closure.

4.3 Location Data

  • High-precision GPS: up to 90 days
  • Approximate location: anonymized logs
  • Address data retained until account deletion

4.4 Communications

Messages are stored up to 5 years.

4.5 Payment & Transaction Records

Stripe requires retention for 7 years.

4.6 FixCoin Activity

Retained up to 7 years.

4.7 Analytics

Anonymous data may be retained indefinitely.

5. Account Deletion Requests

You may request deletion via:

📩 info@fixzone.app

Data deleted:

  • Profile data
  • Photos
  • Job history (when possible)
  • Messages (when legally allowed)

Data NOT deleted:

  • Financial transactions
  • Stripe-required records
  • Fraud logs
  • Dispute evidence
  • Legal hold data

6. Data Sharing & Transfers

FixZone may share data with:

  • Stripe (payments)
  • Google Maps (location)
  • AWS / Firebase / Cloudflare
  • Fraud detection vendors
  • Authorities (legal requirement)

FixZone does NOT sell personal data.

7. Internal Access Policy

Only authorized staff can access sensitive data. All access is logged.

8. Incident Response Process

  • Containment
  • Investigation
  • Impact assessment
  • User notification (if required)
  • Corrective action

9. User Responsibilities

  • Secure passwords
  • Secure devices
  • Update OS & apps
  • Report suspicious activity

10. No Guarantee of Perfect Security

While FixZone follows strict industry standards, no platform can promise absolute security. Users acknowledge inherent digital risks.

11. Changes to This Policy

FixZone may update this Policy at any time. Continued use indicates acceptance.

12. Contact

📩 info@fixzone.app