Skip to main content
FixFirst

Legal

Privacy Policy

Last updated: 6 May 2026

Applies to: FixFirst.io, Right2Repair-Compliance.com, and related B2B websites, software, dashboards, APIs, integrations, workflows and services provided by FixFirst under this Privacy Policy.

This Privacy Policy explains how FixFirst processes personal data. It does not replace separate privacy notices for fix1.today, Zircls, public repair voucher programs, consumer repair bookings or other B2C services where those services provide their own privacy information.

1. Controller

The controller for the processing described in this Privacy Policy is:

FixFirst
Rheinsberger Straße 76/77
c/o Factory Berlin
10115 Berlin
Germany

Commercial register: HRB 209 448 B
Register court: Charlottenburg district court
Represented by: Sebastian Daus
Email: hello@fixfirst.io

2. Scope

This Privacy Policy applies when you:

  • visit FixFirst.io or Right2Repair-Compliance.com;
  • contact FixFirst;
  • book a demo;
  • subscribe to newsletters or marketing communications;
  • create or use a FixFirst account;
  • use FixFirst B2B software, dashboards, workflows, APIs or integrations;
  • use Right2Repair Compliance tools;
  • interact with AI-assisted features;
  • apply for jobs;
  • participate in business, partner, repair network, city, brand, compliance or support processes.

For customer-controlled programs, white-label services, employee programs, repair networks or integrations, additional privacy notices or data processing agreements may apply.

3. Categories of personal data

FixFirst may process the following categories of personal data.

3.1 Account and contact data

Name, email address, phone number, company, job title, role, business address, login credentials, account settings, user permissions, communication preferences and authentication information.

3.2 Business and organization data

Company information, customer or partner records, repair provider information, service details, program information, workflow configuration, order or ticket references, claims data, voucher-related data, reimbursement records, support requests and business communications.

3.3 Service usage data

User activity, dashboard usage, logs, timestamps, pages viewed, features used, API calls, integration events, session information, consent status, device information, browser information and IP address.

3.4 Right2Repair Compliance data

Information submitted or generated for right-to-repair readiness checks, including product categories, product information, repair processes, documentation status, access to repair information, tooling information, partner network information, compliance notes, gap analysis data, improvement actions and related uploaded files.

This data may contain personal data if it includes names, contact details, user comments, communications, account identifiers or other personal references.

3.5 AI and automation inputs

Text prompts, chat messages, voice or call data where AI phone features are used, repair descriptions, product descriptions, uploaded photos or files, diagnostic information, workflow instructions, generated summaries, classifications and AI output logs.

3.6 Payment and billing data

Billing contact details, invoice information, payment status, plan information and transaction references. Payments may be processed by third-party payment providers. FixFirst does not store full payment card details.

3.7 Communications and marketing data

Contact forms, demo requests, support messages, newsletter sign-ups, marketing preferences, feedback, survey responses, event registrations and communication history.

3.8 Recruitment data

Application documents, CVs, cover letters, contact details, interview notes, recruitment communications and other information provided during an application process.

4. Sources of personal data

FixFirst receives personal data from:

  • you directly;
  • your employer or organization;
  • other authorized users of your organization;
  • customers, partners or repair networks using FixFirst;
  • third-party integrations configured by customers;
  • forms, booking tools, websites and support channels;
  • cookies and similar technologies;
  • payment providers, CRM tools, analytics tools and other service providers;
  • publicly available business sources where relevant for B2B partner or repair provider information.

5. Purposes and legal bases

FixFirst processes personal data only where there is a legal basis under GDPR or UK GDPR.

5.1 Providing the Services

We process personal data to provide accounts, dashboards, workflows, AI features, APIs, integrations, support, reporting, right-to-repair readiness tools and related services.

Legal basis: performance of a contract or steps before entering a contract; legitimate interests in providing B2B services.

5.2 Account management and customer administration

We process personal data to create accounts, manage users, administer subscriptions, issue invoices, manage customer relationships and provide support.

Legal basis: contract performance; legitimate interests; legal obligations where accounting or tax retention applies.

5.3 Right2Repair Compliance

We process personal data included in right-to-repair readiness checks, compliance workflows, uploaded documentation, reports, gap analyses and support requests.

Legal basis: contract performance; legitimate interests in providing compliance-support software; legal obligations where applicable.

5.4 AI-assisted services and automation

We process inputs and outputs to provide AI-assisted diagnostics, summaries, workflow support, recommendations, translations, classification, voice or chat functions and automation.

Legal basis: contract performance; legitimate interests in providing and improving software functionality; consent where required.

5.5 Security and fraud prevention

We process logs, account data and technical data to protect accounts, detect misuse, prevent fraud, secure systems, investigate incidents and maintain service integrity.

Legal basis: legitimate interests; legal obligations.

5.6 Analytics and service improvement

We process usage data, feedback and aggregated information to understand performance, improve features, fix errors and develop services.

Legal basis: legitimate interests; consent where required for analytics cookies or similar technologies.

5.7 Marketing and communications

We process contact and marketing data to respond to inquiries, send newsletters, provide product updates, invite users to events and communicate about services.

Legal basis: consent; legitimate interests for B2B communications where permitted; legal obligations for opt-out management.

5.8 Payments and billing

We process billing data to issue invoices, process payments, manage subscriptions, collect fees and maintain accounting records.

Legal basis: contract performance; legal obligations; legitimate interests.

5.9 Recruitment

We process applicant data to evaluate applications, communicate with candidates and manage recruitment.

Legal basis: pre-contractual steps; legitimate interests; consent for talent pool retention where applicable; legal obligations.

5.10 Legal compliance and claims

We process personal data to comply with law, respond to authority requests, enforce agreements, defend claims and maintain records.

Legal basis: legal obligations; legitimate interests.

6. Cookies and tracking

FixFirst uses cookies and similar technologies.

Necessary cookies are used for website operation, login, session management, consent management, security and technical functionality.

Optional cookies and similar technologies may be used for analytics, performance measurement, marketing and advertising only where required consent has been obtained.

You can withdraw or change cookie consent through the cookie banner or browser settings where available.

7. Service providers and recipients

FixFirst may share personal data with trusted service providers where necessary to provide, secure, analyze, support or improve the Services.

Depending on the services used, recipients may include:

  • hosting and infrastructure providers such as Google Cloud Platform, Microsoft Azure and Amazon Web Services;
  • communication and productivity providers such as Slack, Google Workspace and Microsoft 365;
  • payment providers such as Stripe, PayPal, Apple Pay and Google Pay;
  • email and marketing providers such as SendGrid, Mailchimp and HubSpot;
  • form and survey providers such as Jotform, Typeform and Paperform;
  • analytics tools such as Google Analytics and Hotjar;
  • AI and automation providers such as OpenAI, Make.com, Vapi and Zapier;
  • mapping and location providers such as Google Maps;
  • website and app tools such as Framer and Glide;
  • social media and advertising providers such as Meta, LinkedIn, TikTok, X and YouTube;
  • recruitment providers such as Join.com and Xing;
  • professional advisors, auditors, lawyers and tax consultants;
  • authorities, courts or regulators where legally required.

FixFirst may also share data with customers, repair partners, program partners, municipalities, brands, insurers or other organizations where required to provide a configured service, operate a customer program, process a claim, support a voucher workflow, complete a repair workflow, handle a booking, or comply with an agreement.

8. Customer-controlled data

Where customers use FixFirst to process personal data about their own employees, repair partners, consumers, customers, program participants or users, the customer may be the controller and FixFirst may act as processor.

In that case, processing is governed by the customer's instructions and a data processing agreement where required.

Customers are responsible for ensuring that personal data entered into the Services is collected lawfully, that required notices are provided, and that users and data subjects understand how their data is processed.

9. International transfers

FixFirst primarily aims to process data within the EU/EEA where possible. Some providers or support processes may involve transfers outside the EU/EEA.

Where personal data is transferred internationally, FixFirst uses appropriate safeguards where required, including adequacy decisions, Standard Contractual Clauses and supplementary measures.

10. Data retention

FixFirst retains personal data only as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods include:

  • account and contract data for the duration of the customer relationship plus statutory retention periods;
  • billing and accounting data for statutory tax and commercial retention periods;
  • support requests usually up to 12 months unless longer retention is needed;
  • technical logs for short rotation periods unless needed for security, fraud prevention or investigations;
  • job applications for up to 6 months after completion of the hiring process, or up to 24 months with consent for a talent pool;
  • cookie data until consent is withdrawn or the cookie expires;
  • right-to-repair readiness data, workflow data and reports for the duration of the customer relationship or as agreed with the customer.

Data may be retained longer where required by law, contractual obligations, audits, disputes, security investigations or legitimate business needs.

11. Security

FixFirst uses technical and organizational measures designed to protect personal data, including:

  • TLS encryption in transit;
  • encryption at rest where appropriate;
  • role-based access controls;
  • administrator two-factor authentication;
  • access logging and monitoring;
  • regular backups;
  • security processes;
  • GDPR-oriented incident response procedures.

No digital service can guarantee absolute security. Users and customers must also protect their accounts, credentials, devices and integrations.

12. AI processing

FixFirst may use AI and automation to provide features such as diagnosis support, repair recommendations, summaries, translations, classification, workflow automation, voice or chat assistance, product identification, cost estimation and right-to-repair readiness support.

AI outputs are assistive and may be inaccurate or incomplete. Users should review outputs before relying on them.

FixFirst does not use personal data for AI training without an appropriate legal basis. Where possible, service improvement uses aggregated, anonymized or non-personal data.

Customer content is not used to train third-party foundation models unless agreed with the customer or legally permitted.

Where legally required, users may request human review or intervention.

13. Automated decision-making

FixFirst does not intend to make decisions through the public FixFirst or Right2Repair Compliance websites that produce legal or similarly significant effects solely by automated means.

Customers may configure automated workflows within the Services. Customers are responsible for ensuring that automated workflows comply with applicable law, including transparency, human review and objection rights where required.

14. Marketing communications

FixFirst may send newsletters, product updates, event invitations and other marketing communications where legally permitted.

You can unsubscribe from marketing emails using the unsubscribe link or by contacting FixFirst.

Service-related messages, security notifications, billing messages and contractual communications may still be sent where necessary.

15. Your rights

Subject to applicable legal conditions, you may have the following rights under GDPR or UK GDPR:

  • access your personal data;
  • rectify inaccurate data;
  • request erasure;
  • restrict processing;
  • object to processing, including direct marketing;
  • receive data portability;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with a supervisory authority.

To exercise your rights, contact hello@fixfirst.io.

16. Complaints

You may lodge a complaint with your local data protection supervisory authority if you believe your personal data is processed unlawfully.

FixFirst encourages you to contact us first so we can try to resolve the issue.

17. Children

The FixFirst and Right2Repair Compliance B2B services are not directed at children.

If FixFirst becomes aware that it has collected personal data from children without a valid legal basis, it will delete the data unless retention is legally required.

Consumer-facing services such as fix1.today or Zircls may provide separate rules where family, household or youth-related features are offered.

18. Third-party links

The Services may link to third-party websites, tools, platforms or services. FixFirst is not responsible for third-party privacy practices. Users should review the relevant third-party privacy notices.

19. Changes to this Privacy Policy

FixFirst may update this Privacy Policy from time to time, for example due to service changes, legal changes, provider changes, security updates or operational changes.

Material changes may be communicated through the website, dashboard, email or other reasonable means.

20. Contact

For privacy questions or data subject requests, contact:

FixFirst
Email: hello@fixfirst.io