Privacy Policy

Fixure collects information that users provide directly, information collected automatically through use of the Service, and information originating from external systems that users connect to Fixure.

Directly provided information may include your name, email address, authentication credentials, company or organizational affiliation, billing details, support communications, and any other information voluntarily submitted through forms, onboarding flows, demonstrations, or interactions with our team.

We also collect information automatically when you interact with the Service, including IP addresses, device identifiers, browser types, operating systems, referring URLs, timestamps, usage logs, cookies, analytics identifiers, and similar technical data.

When you connect Fixure to external systems or third-party integrations—such as security scanners, cloud environments, SSO providers, alerting tools, vulnerability management systems, or other software services—we receive the data those integrations supply based on your configuration. That data may include alerts, events, vulnerabilities, audit logs, configuration metadata, user identifiers, system-generated messages, and any related operational information necessary for Fixure to provide its core functionality. You represent and warrant that you have obtained all necessary consents, authorizations, and rights to provide such data to Fixure and that such provision complies with all applicable laws and third-party agreements.

We distinguish between two categories of information:

• “Service Data” : Information you provide or that is collected through your use of the Service, including data from connected integrations, which we process on your behalf as a service provider or processor
• “Business Data”: Information we collect for our own business purposes, such as account management, billing, and Service improvement. The following describes how we use both categories.

We use the information we collect to provide, operate, maintain, improve, and secure the Service. This includes authenticating users; facilitating connections with third-party systems; processing and displaying alerts, events, and vulnerabilities; providing dashboards, analytics, views, and organizational insights; and communicating with you about your account, support requests, updates, and administrative notices.

We also use information to develop and enhance the Service, conduct internal analytics, troubleshoot technical issues, prevent fraud, enforce policies and agreements, protect the integrity of our systems, and comply with applicable laws and regulatory obligations.

Fixure may also generate aggregated or de-identified data for research, product development, usage analysis, or industry insights. Such aggregated or de-identified data is created using techniques designed to prevent re-identification and does not identify any individual or organization. De-identified data may be used for any legitimate business purpose, including internal analysis, improving Fixure’s services, and sharing with third parties for research or industry benchmarking purposes.

• To perform our contractual obligations to you under the Terms of Service
• To pursue our legitimate interests in operating, improving, and securing the Service, provided such interests are not overridden by your data protection rights
• To comply with legal obligations and
• Where required, based on your explicit consent, which you may withdraw at any time by contacting us

Fixure does not sell personal information as defined under applicable privacy laws, including the California Consumer Privacy Act (CCPA). However, we may share information with trusted third-party service providers that assist us in operating the Service, such as hosting providers, cloud infrastructure, logging and monitoring tools, analytics services, email and communication tools, customer support platforms, and payment processors. We may share information with integration partners only where such sharing is necessary to enable the features or connections you have selected, where you have authorized such sharing through your configuration settings, and where we have appropriate agreements in place to protect your information.

We may also disclose information if required by law, regulation, subpoena, court order, legal process, or government request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Fixure, our users, or the public. In the event of a merger, acquisition, financing transaction, corporate restructuring, or sale of assets, your information may be transferred to the acquiring or successor entity, subject to continued protections consistent with this Privacy Policy.

Fixure implements industry-standard administrative, technical, and physical safeguards to protect personal and organizational information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit, secure hosting environments, access controls, multi-factor authentication for internal systems, audit logging, and routine internal reviews.

While Fixure strives to maintain a secure environment, no online service can guarantee absolute security. In the event of a security incident resulting in the confirmed unauthorized access, acquisition, or disclosure of personal information under our control, we will notify you and any applicable regulatory authorities as required by applicable law, including, but not limited to, the GDPR and relevant U.S. state data breach notification statutes. We will provide such notice without undue delay after confirming the scope of the incident and the data affected. Your use of the Service is at your own risk, and you are responsible for maintaining the confidentiality of your account credentials and protecting your systems and devices.

We retain personal information for as long as necessary to provide the Service, fulfill the purposes described in this Privacy Policy, support our legitimate business interests, comply with legal obligations, resolve disputes, enforce our agreements, and maintain appropriate business records. Upon termination of your account, we will delete or anonymize your personal information within ninety (90) days, except for information we are required to retain by law or that is contained in backup systems, which will be deleted in accordance with our standard backup deletion schedule (typically within one hundred eighty (180) days).

You may request deletion of certain information by contacting us at [Insert Specific Email Address - e.g., legal@fixure.io], subject to applicable legal restrictions, our legitimate business needs, and technical limitations. We will respond to your request within the timeframe required by applicable law, typically within 30-45 days depending on jurisdiction, and will inform you if we require an extension.

• The right to access and obtain a copy of your personal information
• The right to correct or update inaccurate data
• The right to delete your data
• The right to object to or restrict certain forms of processing
• The right to data portability
• The right to withdraw consent where processing is based on consent
• The right to lodge a complaint with a supervisory authority

If you have questions about this Privacy Policy or wish to submit a privacy-related request, you may contact us at: