Legal

Privacy Policy

Last updated: March 19, 2026 · Effective: March 19, 2026

🔒 Plain English summary: FixOps connects to your HubSpot portal in read-only mode to generate your audit report. We never modify your data, never sell your information, and delete audit results after 7 days.

Contents

Who We Are
Data We Collect
HubSpot Portal Data
How We Use Your Data
Data Sharing
Data Storage & Security
Data Retention
GDPR & Your Rights
Contact Deletion & Privacy Compliance
Cookies
Children
Changes
Contact

1. Who We Are

FixOps.io is a HubSpot portal intelligence platform operated by Matthew ("FixOps," "we," "our," "us"). We provide automated HubSpot portal audits that analyze your CRM configuration and deliver health scores, issue findings, and prioritized fix recommendations.

This Privacy Policy applies to our website at fixops.io and all services we provide ("Service"). By using the Service, you agree to this policy.

2. Data We Collect

Information you provide

Email address — to deliver your audit report
Company name — to personalize your report
Any information you share when contacting us directly

Information collected automatically

IP address and browser type (standard server logs)
Pages visited and referring URLs

HubSpot OAuth token

When you connect your HubSpot portal, we receive a temporary OAuth access token. This token is used only during your audit and is not stored after the audit completes.

3. HubSpot Portal Data

To run your audit, FixOps requests read-only OAuth access to your HubSpot account. Depending on the scopes you grant, we may read:

Contact records (names, emails, lifecycle stages, owner assignments, activity timestamps)
Company records (names, domains, industries, owner assignments)
Deal records (names, amounts, stages, close dates, owners)
Support tickets (subjects, pipeline stages, creation dates)
Workflow configurations (names, enrollment counts, enabled status)
Form configurations (names, submission counts)
User accounts (names, roles, last login dates)
Contact and deal properties (names, types, usage)
Pipeline configurations (stage names, probabilities)
Contact lists (names, sizes)

✅ We access this data solely to generate your audit. We do not read email content, personal messages, payment details, or sensitive data fields. We never modify any data in your HubSpot account.

Audit results storage

Audit scores and findings are stored in our secure database for up to 7 days so you can access your results via a direct link. Raw HubSpot data is never stored — only the anonymized findings and scores. After 7 days, all results are automatically and permanently deleted.

4. How We Use Your Data

To perform and deliver your requested HubSpot portal audit
To send you your audit report and results via email
To send service-related follow-up communications
To improve our audit algorithms and detection accuracy
To respond to your support requests
To comply with legal obligations

We do not use your data for advertising. We do not sell your data. We do not use your HubSpot data to train AI or machine learning models.

5. Data Sharing

We do not sell, trade, or rent your personal information. We share data only with:

Service providers (data processors)

Railway.app — cloud hosting and PostgreSQL database (United States)
Resend — transactional email delivery for audit reports
Vercel — website hosting

These providers are contractually bound to protect your data and may only use it to provide their services to us.

Legal requirements

We may disclose your information when required by law, court order, or to protect the rights, property, or safety of FixOps, our users, or others.

Business transfers

In a merger or acquisition, your data may transfer to the new entity. We will notify you via email of any ownership change and your options.

6. Data Storage & Security

Your data is stored on Railway.app infrastructure in the United States. Our security measures include:

All data transmission encrypted via HTTPS/TLS
Database connections use SSL encryption
OAuth tokens are never stored in logs or persistent storage
Production system access restricted to authorized personnel only
Audit results automatically purged after 7 days

No internet transmission method is 100% secure. We use industry-standard practices but cannot guarantee absolute security.

7. Data Retention

Audit results — 7 days, then permanently deleted
Email addresses — up to 2 years for service communications, or until deletion requested
OAuth tokens — used during audit only, never stored after completion
Server logs — up to 30 days for security and debugging

You may request deletion of your data at any time by emailing [email protected].

8. GDPR & Your Rights

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate data
Deletion ("right to be forgotten") — request deletion of your personal data
Portability — receive your data in a portable format
Restriction — request restriction of processing in certain circumstances
Objection — object to processing based on legitimate interests
Withdrawal of consent — withdraw consent at any time without affecting prior lawful processing

To exercise any right, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your data: contract performance (delivering your requested audit), legitimate interests (improving our service), and compliance with legal obligations.

9. Contact Deletion & Privacy Compliance

FixOps complies with HubSpot's contact deletion requirements. When a contact is deleted from a connected HubSpot portal, FixOps processes the deletion event and removes any associated data from our systems. This is handled via HubSpot webhook subscriptions for privacy-compliant contact deletion.

To revoke FixOps access to your HubSpot portal at any time: HubSpot → Settings → Integrations → Connected Apps → FixOps → Disconnect. This immediately ends our ability to access your portal.

10. Cookies

FixOps uses only essential session cookies required for the OAuth authentication flow. These expire when you close your browser. We do not use advertising cookies, tracking pixels, or third-party analytics that track you across sites.

11. Children

FixOps is a business-to-business service for adults and organizations. We do not knowingly collect data from children under 13. If we discover we have collected such data, we will delete it immediately.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email (when we have your address) and by updating the "Last updated" date above. Continued use of the Service after changes are posted constitutes acceptance.

13. Contact

Questions about this Privacy Policy or your data:

FixOps.io · Operated by Matthew
Email: [email protected]
Website: