Privacy Policy
Last Updated on August, 30, 2025
Effective Date: August 30, 2025
1. Introduction
Welcome to FixFirst.io (“FixFirst”, “we”, “our”, or “us”).
We value your privacy and are committed to protecting your personal data.
This Privacy Policy explains how we collect, use, and safeguard your information when you use our website, software, and related services in the EU, UK, and worldwide.
By using our services, you agree to the practices described in this Privacy Policy.
2. Data Controller & Contact
FixFirst (FixFirst.io)
Rheinsberger Straße 76/77
c/o Factory
10115 Berlin, Germany
Email: hello@fixfirst.io
3. Data We Collect
Provided by you: account details (name, email, phone, address), support requests, business partner data, job applications.
Automatically collected: IP address, device/browser type, session logs, cookie IDs, consent status.
Payments: processed via Stripe, PayPal, Apple Pay, Google Pay. FixFirst does not store full payment details.
Communications & Marketing: newsletter sign-ups, marketing consents, feedback forms, survey responses.
4. Purposes & Legal Bases
We process personal data only where a legal basis exists under GDPR/UK GDPR:
Service delivery & contracts (Art. 6(1)(b))
Security, fraud prevention, aggregated analytics (Art. 6(1)(f))
Consent-based processing (cookies, newsletters, marketing) (Art. 6(1)(a))
Legal obligations (e.g. accounting, tax retention) (Art. 6(1)(c))
5. Cookies & Tracking
Necessary cookies: session management, login, security (always active).
Optional cookies: analytics and marketing, only with explicit consent.
You may withdraw consent at any time via our cookie banner.
6. Sub-processors and Service Providers
We only share data with trusted service providers (sub-processors) when necessary to deliver our services.
All are bound by GDPR-compliant Data Processing Agreements and safeguards such as Standard Contractual Clauses (SCCs) for international transfers.
Infrastructure & Hosting
Google Cloud Platform (EU) – hosting, databases, storage
Microsoft Azure (EU) – hosting, compute, storage
Amazon Web Services (EU) – hosting, backups
Communication & Productivity
Slack (US/EU) – team communication
Google Workspace (EU/US) – email, docs, file storage
Microsoft 365 (EU/US) – email, productivity
Payments
Stripe (EU/US) – payment processing
PayPal (EU/US) – payment processing
Apple Pay / Google Pay (EU/US) – payment initiation
Email & Marketing
SendGrid (US) – transactional emails
Mailchimp (US) – newsletters, marketing
HubSpot (US/EU) – CRM & marketing automation
Forms & Surveys
Jotform (EU/US) – forms, surveys
Typeform (Spain/EU) – forms, surveys
Paperform (Australia) – forms, surveys
Analytics & Tracking
Google Analytics (EU/US) – website analytics (consent-based, IP anonymized)
Hotjar (Malta/EU) – behavior analytics
AI & Automation
OpenAI (US) – language model API, text processing
Make.com (EU/US) – automation & integrations
Vapi (US) – AI voice & conversational processing
Zapier (US) – automation & integrations
Maps & Location
Google Maps (EU/US) – maps & location lookup
Website & App Tools
Framer (EU/US) – website hosting & forms
Glide (US/EU) – app platform
Social Media & Advertising
Meta (Facebook, Instagram) (US/EU) – social media ads, analytics
LinkedIn (Microsoft) (US/EU) – social media ads, analytics
TikTok (Global/US/EU) – social media ads, analytics
X (Twitter) (US) – social media ads, analytics
YouTube (Google) (EU/US) – ads, analytics, embeds
Recruitment & HR Tools
Join.com (EU/Germany) – job applications & recruitment platform
Xing (EU/Germany) – recruitment & professional networking
7. International Data Transfers
Data is primarily processed within the EU/EEA.
Where transfers to third countries occur, we rely on SCCs and supplementary measures to ensure protection.
8. Retention
Accounts/contracts: duration of service + statutory retention periods
Support requests: usually up to 12 months
Logs: short rotation cycles
Job applications: 6 months (or up to 24 months with consent for talent pool)
Cookies: until withdrawn or expired
9. Your Rights
You have the right to:
Access your data (Art. 15 GDPR)
Rectify inaccuracies (Art. 16 GDPR)
Request erasure (Art. 17 GDPR)
Restrict processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object to processing, incl. marketing (Art. 21 GDPR)
Withdraw consent anytime (Art. 7(3) GDPR)
Lodge a complaint with your local supervisory authority (Art. 77 GDPR)
Contact us at hello@fixfirst.io to exercise your rights.
10. Security
We implement industry-standard measures:
TLS encryption in transit
Encryption at rest
Role-based access controls
Two-factor authentication for admins
Regular backups & GDPR-compliant incident response
11. Communication & Marketing
Contact requests are processed to handle support and service inquiries.
Newsletters are sent only with consent; unsubscribe anytime via the link in each email.
12. Recruitment
Applicant data is used only for recruitment decisions and stored up to 6 months.
With explicit consent, we may store applications in a talent pool for up to 24 months.
Recruitment data may also be processed via Join.com and Xing, which act as service providers in this context.
13. Program-specific Notices
For certain programs or partnerships (e.g. voucher schemes), additional privacy notices may apply. These will be provided as addenda.
14. Changes
We may update this Privacy Policy when necessary.
Significant changes will be communicated via email or through our platform.