Privacy Policy
These Privacy Terms describe what personal data the Fixitto service processes, for what purpose, on what legal basis, and what rights you have in relation to that data. Processing is carried out in accordance with the GDPR (EU 2016/679) and Czech Act No. 110/2019 Coll.
1. Data Controller
1.1. The controller of personal data processed in connection with the Fixitto service (the "Service") is:
David Storm
registered office: Kupkova 947/17, 103 00 Prague, Czech Republic
Company ID: 01522795
registered in the Trade Licensing Register
(the "Controller")
1.2. Contact email for personal data matters: gdpr@fixitto.app.
2. What Data We Process
- Email address — you provide it during registration; it is used for sign-in and communication.
- Password — we store it exclusively in encrypted (hashed) form and never see it.
- Scanned website addresses and scan results — the URLs you enter, the accessibility issues found, and the date and time of scans.
- Technical and operational data — IP address, browser and device information, access logs, and error records, to ensure operation and security.
2.1. The Service does not scan pages behind a login and does not actively collect personal data of third parties contained on scanned websites. If such data appears in the audit results (e.g. in an HTML snippet), it is processed solely as part of the technical scan result.
3. Purposes and Legal Bases
3.1. We process personal data for the following purposes and on the following legal bases:
- Creating and managing an account, providing the Service, performing the audit, and storing results — performance of a contract (Art. 6(1)(b) GDPR).
- Sending transactional emails (account verification, password reset) — performance of a contract (Art. 6(1)(b) GDPR).
- Ensuring operation, security, and abuse prevention — legitimate interest (Art. 6(1)(f) GDPR).
- Compliance with legal obligations — legal obligation (Art. 6(1)(c) GDPR).
3.2. Any sending of commercial communications (marketing) would take place only on the basis of your consent, which can be withdrawn at any time. The Controller does not currently send commercial communications.
4. Recipients and Processors
4.1. To operate the Service we use the following processors, which may process personal data on our behalf:
- Supabase — database and user account management (European Union, Frankfurt).
- Railway — application hosting and infrastructure (European Union, Amsterdam).
- Resend — sending transactional emails (European Union).
- Anthropic — processing of audit results using AI (United States of America).
4.2. Transfers to third countries: To generate explanations and suggested fixes, we transfer the content of audit results (technical data about the issues found) to Anthropic, which processes the data in the United States of America. This transfer takes place on the basis of the EU–US Data Privacy Framework and standard contractual clauses (SCCs) under Art. 46 GDPR, as set out in Anthropic's Data Processing Addendum (DPA). We do not transfer your sign-in credentials to Anthropic.
4.3. We do not transfer personal data to other third parties for their own marketing purposes, and we do not sell it.
5. Retention Period
5.1. We retain data associated with a user account for as long as the account exists.
5.2. After an account is closed, we delete or anonymize personal data and related audit results, unless further retention is necessary to comply with a legal obligation or to protect the Controller's legitimate interests.
5.3. We retain operational and security logs for as long as necessary to ensure security, generally no longer than 180 days.
6. Your Rights
6.1. As a data subject, you have the right to access your data, to have it corrected or erased (the "right to be forgotten"), to restrict processing, to data portability, to object to processing based on legitimate interest, and to withdraw consent where processing is based on it.
6.2. You can exercise your rights at gdpr@fixitto.app. We will handle your request without undue delay, and no later than within one month.
6.3. You also have the right to lodge a complaint with a supervisory authority. In the Czech Republic this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz. You may also contact the supervisory authority in your country of residence.
7. Data Security
7.1. We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. Passwords are stored in hashed form and data transfer is secured with the HTTPS protocol.
8. Cookies
8.1. The Service uses only technically necessary cookies required for sign-in and operation of the Service. These cookies do not require consent.
9. Changes to These Terms
9.1. We may update these Privacy Terms. We will inform you of material changes through the Service or by email. The current version is always available at www.fixitto.app/privacy.
9.2. These Privacy Terms take effect on 18 June 2026.