← Legal Center

Privacy Policy

In force from: 1 June 2026

This Privacy Policy explains, clearly and comprehensively, how FixrOS, S.L. processes the personal data of the persons who use the FixrOS platform —the website fixros.com, the property managers' dashboard, the Claims Portal, the Provider Portal, the Marketplace and the mobile application for iOS and Android (together, "the Platform")—. It is a single policy for all FixrOS apps and services and has been drawn up in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI-CE).

Basic information on data protection

ControllerFixrOS, S.L. — Tax ID B88755780
PurposesTo provide and manage the Platform's services according to each user's profile; customer management, security and legal obligations.
Legal basisPerformance of a contract, compliance with legal obligations, legitimate interest and, where indicated, your consent.
RecipientsTechnology providers acting as data processors; insurance companies, loss adjusters and service providers where necessary; authorities where required by law. We do not sell personal data.
RightsAccess, rectification, erasure, objection, restriction, portability and withdrawal of consent, by writing to privacidad@fixros.com, and to lodge a complaint with the AEPD.
Additional informationThe remainder of this Policy.

1. Data controller

FieldDetail
Company nameFixrOS, S.L.
Tax ID (CIF)B88755780
Registered officeCalle Núñez de Balboa, 120, 28006 Madrid (Spain)
Registration detailsCommercial Registry of Madrid, sheet M-886883, entry 1st, IRUS 1000474064159
Privacy contactprivacidad@fixros.com

Although the regulations do not require FixrOS, S.L. to appoint a Data Protection Officer, FixrOS has appointed an internal privacy officer, reachable at privacidad@fixros.com, who handles all matters relating to this Policy and to the exercise of rights.

2. FixrOS as Controller and as Data Processor

FixrOS is a software provider (SaaS) for property managers, communities, insurers, loss adjusters and service providers; it is not, in itself, the manager of your community. For this reason it acts on two distinct legal levels, depending on who decides the purpose and the means of the processing.

2.1. FixrOS acts as CONTROLLER of the processing

FixrOS decides on its own for what and how data are processed in respect of:

  • Your account and your user identity: registration, authentication, credentials, biometric access, preferences, device and consents.
  • The services that FixrOS provides to you directly through the app: the incidents of your own home, the registration of your home insurance policy, the Marketplace and the Provider Portal.
  • The data of the professional Clients who contract FixrOS (property managers, communities, insurers, brokers, loss adjusters and service providers) and of the persons who represent them.
  • The data of website visitors and of job applicants.
  • Security, fraud prevention, auditing and service improvement.

2.2. FixrOS acts as DATA PROCESSOR

FixrOS processes data following the instructions of a third party —which is the controller— in respect of the data that the property manager or the community handles to administer the community: register of owners and residents, fees, receipts and SEPA direct-debit remittances, incidents in common areas, meetings, votes and minutes, booking of facilities, register of visitors and parcels, meter readings and community documentation. In these processing activities the controller is the property manager or the community, and FixrOS processes the data on their behalf in accordance with the Data Processing Agreement (DPA) that is incorporated as an Annex to the Terms and Conditions.

2.3. How this dual nature affects the exercise of your rights

If you are a neighbour, owner or resident: to exercise your rights over your account data and the services you use directly in the app, contact FixrOS (privacidad@fixros.com); regarding the management data of your community, contact your property manager. In both cases, FixrOS will help you channel the request.

3. What data do we process and from whom?

Depending on the user profile and the modules used, FixrOS may process the following categories of data:

  • Identification and contact data: first name and surname, DNI/NIE, address, telephone, email and profile photograph.
  • Account data: credentials (encrypted password), Google identifier if you use "Sign in with Google", preferences, device identifier and notifications token.
  • Data from the calendar and email integrations that the Property Manager voluntarily connects (Section 7.7): Google access tokens (Google Calendar), Microsoft access tokens (Outlook / Microsoft 365) and the credentials of the email accounts connected via IMAP/SMTP (including Gmail by means of an application password), as well as the content of the calendar events and email messages necessary to provide the service.
  • Dwelling and community data: address, floor and door, participation coefficient, status as owner or tenant.
  • Financial data: fees, receipts, special levies, amounts, SEPA mandate data (IBAN), and —in the optional bank reconciliation— bank account and transactions. The full payment card details are processed directly by the payment services provider (Stripe); FixrOS only receives an identifier of the payment method, the status of the operation and, where applicable, the last digits.
  • Data on activity on the Platform: incidents, chat messages, attendance and voting at meetings, facility bookings, register of visitors and parcels, meter readings.
  • Generated content: incident photographs, documents, minutes, quotes, recordings of remote meetings, signatures and voice notes.
  • Professional data: of service providers (company name, NIF/CIF, civil liability insurance, professional registration, certifications) and of loss adjusters (qualification, professional registration number).
  • Claims-handling data: policy data, description of the damage, documentation and loss adjuster reports.
  • Geolocation data: in the limited cases set out in Section 7.1.
  • Technical and usage data: IP address, device identifier, operating system, access and audit logs.
  • Special categories of data (Art. 9 GDPR): only incidentally (Section 7.5).

The data subjects may be: property managers and their staff; homeowners' associations and their representatives; owners, residents and tenants; presidents and members of boards; concierges; service providers; loss adjusters; users from insurers and brokers; website visitors; and job applicants.

4. Purposes of the processing and legal bases

PurposeLegal basis
Create, authenticate and manage your user accountPerformance of the contract (Art. 6.1.b GDPR)
Provide the Client with the SaaS community-management service (register, fees, receipts and SEPA remittances, common-area incidents, meetings, votes and minutes, facility bookings, register of visitors and parcels, meter readings, community documentation and communications)Performance of the contract with the Client and data processing (Art. 6.1.b and Art. 28 GDPR); compliance with Law 49/1960 on Horizontal Property (Art. 6.1.c)
Enable communication via the community chatPerformance of the contract and legitimate interest in orderly and secure communication among neighbours (Art. 6.1.b and 6.1.f GDPR)
Hold remote meetings and, where applicable, record them as supporting material for the minutesPerformance of the contract and compliance with the Horizontal Property Law (Art. 6.1.b and 6.1.c GDPR)
Manage collections, invoicing and the optional bank reconciliationPerformance of the contract and accounting and tax legal obligation (Art. 6.1.b and 6.1.c GDPR)
Manage the incidents of your own home and your home insurance policyPerformance of the contract (Art. 6.1.b GDPR)
Process claims and loss adjustmentsPerformance of the contract and legal obligation — Law 50/1980 on the Insurance Contract (Art. 6.1.b and 6.1.c GDPR)
Operate the Marketplace and the Provider Portal (profiles, bookings, ratings, payments)Performance of the contract (Art. 6.1.b GDPR)
Manage the contracting and payment of services on the Platform (Marketplace, services arising from incidents and Premium Services): payment authorisation and charge, payout to the professional, fraud prevention and invoicingPerformance of the contract and accounting and tax legal obligation (Art. 6.1.b and 6.1.c GDPR)
Assist management through artificial intelligence (incident classification, the Property Manager's AI Inbox, drafting support)Performance of the contract and legitimate interest in management efficiency (Art. 6.1.b and 6.1.f GDPR)
Integrate, at the Property Manager's request, their calendar (Google Calendar) and their email (Google, Microsoft Outlook/365 or IMAP) to synchronise the community's agenda and manage incoming email (Section 7.7)Performance of the contract and your consent when authorising the connection (Art. 6.1.b and 6.1.a GDPR)
Send operational notifications (alerts for incidents, meetings, receipts, messages)Performance of the contract (Art. 6.1.b GDPR)
Send commercial communicationsLegitimate interest in promoting our own similar services to customers (Art. 6.1.f GDPR and Art. 21.2 LSSI) or your consent (Art. 6.1.a GDPR)
Analyse browsing and measure advertising on the corporate websiteYour consent (Art. 6.1.a GDPR) — see Cookie Policy
Ensure security, audit activity and prevent fraudLegitimate interest in the security and integrity of the Platform (Art. 6.1.f GDPR)
Comply with legal obligations and respond to requests from authoritiesLegal obligation (Art. 6.1.c GDPR)
Handle enquiries, suggestions and supportPerformance of the contract and legitimate interest (Art. 6.1.b and 6.1.f GDPR)
Manage job applicationsYour consent (Art. 6.1.a GDPR)

Where the basis is legitimate interest, FixrOS has assessed that such interest does not override your rights and freedoms. You may request information about that assessment at privacidad@fixros.com.

FixrOS does not take automated decisions with legal effects on users nor does it build individual commercial profiles. The AI functions are of a supporting nature and are subject to human review.

5. Where does the data come from?

The data come, depending on the case:

  • Directly from you, when you register and use the Platform.
  • From the property manager or the community, which registers the data of owners, residents and other data subjects to administer the community. In this case the property manager is the controller and must have informed you in accordance with Art. 14 GDPR.
  • From Google, if you use "Sign in with Google" (verified email, name, photo and identifier); this sign-in does not access your contacts, calendar or files.
  • From the Google Calendar API, if the Property Manager voluntarily connects their calendar (Section 7.7); FixrOS receives only the events necessary to synchronise the community's agenda.
  • From Microsoft (Outlook / Microsoft 365), if the Property Manager voluntarily connects their mailbox via Microsoft Graph (Section 7.7); FixrOS receives only the messages necessary to provide the contracted functions.
  • From email servers connected via IMAP/SMTP, when the Property Manager registers an email account —including Gmail by means of an application password— for the email Inbox.
  • From publicly available sources, such as the Cadastre, to verify property data.

6. Are you required to provide the data?

The data requested to create an account or contract a service are necessary to provide it: without them it is not possible to register or use the corresponding functionality. The data marked as optional (for example, the profile photo or the telephone number) may be left unprovided without preventing the use of the service.

7. Processing activities that require a specific mention

7.1 Geolocation

The Platform uses location data in limited, occasional or foreground cases, never in the background:

  • Tracking of the provider during the service: when a provider accepts an incident and travels to the community, they may share their real-time location so that the neighbour can see their approach and route. It is only activated with the service in progress and while the app is in use.
  • Loss adjuster check-in: the loss adjuster records their location upon arriving at the property and when capturing the inspection photographs, in order to evidence their presence (Art. 90 LOPDGDD), with prior express information.
  • Meter readings: the gas meter readings may incorporate the coordinate of the reading point as evidence.
  • Marketplace search: the providers' location is used to sort the results by proximity.

These location functions are available in the FixrOS mobile app. The Android version does not request geolocation or microphone permissions, so the functions that require GPS or voice recording are currently available only in the iOS version.

7.2 Biometric access

Any user of the app may voluntarily enable biometric access as a sign-in shortcut: Face ID or Touch ID on iOS and the system biometrics on Android. Verification is carried out entirely on your device: the biometric pattern remains in the secure component of the terminal (Secure Enclave on iOS, hardware-protected key store on Android) and FixrOS does not receive it, does not store it and never accesses it.

7.3 Artificial intelligence

FixrOS uses artificial intelligence technology to assist management: classification of incidents in accordance with the Horizontal Property Law, the AI Inbox (analysis of the incoming email of the mailbox that the Property Manager voluntarily connects), detection of duplicate incidents, the FixrOS agent and support for drafting communications. These are supporting functions, with human review and can be disabled.

The specialised provider that supplies the artificial intelligence service processes the data as a data processor, is contractually obliged not to use them to train its models and does not retain the content beyond what is necessary to return the result. In accordance with Regulation (EU) 2024/1689 (AI Act), these are limited-risk systems with reinforced transparency.

7.4 Recording of remote meetings

When a meeting is held remotely, it may be recorded as supporting material for the minutes and for the resolutions adopted. Attendees are informed at the start of the session; the recording forms part of the community's documentation and is retained in accordance with Section 8.

7.5 Special categories of data

FixrOS does not intentionally request or process special categories of data (Art. 9 GDPR). However, health data could appear incidentally in free-text fields, photographs or documents (for example, when describing injuries arising from a claim). We ask you not to include health data or other special categories unless strictly necessary; where they are necessary to process a claim, the processing is based on Art. 9.2.f GDPR (the establishment or defence of legal claims) and reinforced safeguards apply.

7.6 Marketplace: public profiles

The professional profile of providers published in the Marketplace (trade name, activity, approximate location, ratings) is publicly accessible and indexable by search engines. The provider is informed of this and may request the removal of their profile at any time.

7.7 Calendar and email integrations (Google, Microsoft and IMAP)

FixrOS allows the Property Manager to voluntarily connect their calendar and their email mailbox in order to integrate the community's agenda (meetings, appointments, due dates) and the management of incoming email (the AI Inbox described in Section 7.3). These integrations are activated only if the Property Manager decides to do so, by means of the OAuth authorisation protocol of the relevant provider or by entering the IMAP/SMTP credentials of their account. They may be revoked at any time from the application's settings, from the Google or Microsoft account panel, or by writing to privacidad@fixros.com.

What data we process and for what purpose. Depending on the integration that the Property Manager activates:

  • Google Calendar (permission calendar.events): FixrOS creates, reads and updates the events of the Property Manager's calendar to synchronise the community's agenda (meeting notices, appointments with providers or loss adjusters, due dates). Only the events necessary for this synchronisation are accessed.
  • Gmail / Google Workspace email (connection via IMAP/SMTP with an application password, without OAuth or access to Google's APIs): FixrOS reads the incoming email of the mailbox that the Property Manager connects, in order to classify it and incorporate it into the AI Inbox, and sends emails on their behalf when they request it. This connection uses the standard IMAP/SMTP protocol with the credentials that the Property Manager provides.
  • Microsoft Outlook / Microsoft 365 (Microsoft Graph permissions Mail.Read and Mail.Send): FixrOS reads the incoming email of the connected mailbox for the AI Inbox and sends emails on their behalf when they request it.
  • Email accounts connected via IMAP/SMTP (providers other than Google and Microsoft): FixrOS accesses the mailbox with the credentials that the Property Manager provides, for the same purpose of reading and sending.

Security of the credentials. The Google and Microsoft access tokens and the IMAP/SMTP passwords are stored encrypted with AES-256-GCM and are only used to provide the functions described. FixrOS does not share these credentials with third parties except the artificial intelligence processor strictly necessary to classify the email (Section 7.3), which does not retain them or use them to train its models.

Limited Use of information from the Google APIs. FixrOS's use and transfer of the information received from the Google APIs will comply with the Google API Services User Data Policy (Google API Services User Data Policy), including its Limited Use requirements. Consequently, the information obtained through the Google APIs:

  • is used solely to provide or improve the FixrOS functions that the user has activated and that are visible to them;
  • is not transferred to third parties except where necessary to provide or improve those functions, for security reasons, to comply with applicable law, or as part of a merger, acquisition or sale of assets with prior notice to users;
  • is not used or transferred for advertising purposes, including personalised or interest-based advertising;
  • is not sold to anyone; and
  • is not read by humans unless the user expressly consents, it is necessary for security reasons (for example, to investigate an abuse), to comply with applicable law, or the processing is aggregated and anonymised for internal operations in accordance with applicable regulations.

Limited Use of information from the Microsoft services. Similarly, the information obtained through Microsoft Graph and the Microsoft services (Outlook / Microsoft 365) is used exclusively to provide the calendar and email functions that the Property Manager has activated in FixrOS. FixrOS does not use that information for advertising purposes, does not sell it or transfer it to third parties for commercial purposes, and only processes it for the purpose described in this section.

8. For how long do we retain the data?

We retain the data for as long as the relationship with the user or with the Client is maintained and they remain necessary for the purpose that justifies their processing. When they cease to be necessary —or when you exercise your right of erasure— they are blocked and retained solely at the disposal of judges, courts and competent authorities for the legally applicable limitation periods, in particular the commercial and tax periods, those of Law 49/1960 on Horizontal Property (meetings and resolutions) and those of Law 50/1980 on the Insurance Contract (claims). Once those periods have elapsed, the data are deleted or anonymised in a secure and irreversible manner.

User accounts are anonymised after deregistration, with a grace period of 30 days to reverse the deletion; inactive accounts are deleted after a prolonged period of non-use.

9. To whom do we disclose your data?

FixrOS does not sell your data nor does it transfer them to third parties for commercial or advertising purposes. Your data are only disclosed:

  • To the technology providers that FixrOS needs in order to provide the service (hosting, payment processing, real-time messaging, push notifications, email and video conferencing, artificial intelligence assistance, mapping, bank aggregation and technical monitoring). They act as data processors: they process the data solely following FixrOS's instructions and are bound by a contract in accordance with Art. 28 GDPR. The named and up-to-date list of these processors is made available to professional Clients upon request, in accordance with the Data Processing Agreement.
  • To insurance companies, brokers, loss adjusters and service providers, where necessary to process a claim or the service you contract.
  • To public administrations, judges and courts, where there is a legal obligation.

The payment services provider (Stripe) acts as a data processor in respect of the ordinary processing of payments and as an independent controller in respect of the processing that payment services regulations impose on it directly —verification of the identity of the professionals who collect payment through the Platform and the prevention of fraud and money laundering—, in accordance with its own privacy policy (stripe.com/es/privacy).

FixrOS selects only providers that offer sufficient guarantees of compliance with the GDPR. For the analytics and advertising of the corporate website, the services indicated in the Cookie Policy are used.

10. Where is the data hosted? International transfers

The data processed through the Platform are hosted on servers located in the European Union. However, some of the technology providers that FixrOS uses are established outside the European Economic Area (mainly in the United States and the United Kingdom). In those cases, the international transfers are carried out with the appropriate safeguards provided for in the GDPR —the EU-US Data Privacy Framework or the European Commission's Standard Contractual Clauses—, supplemented, where appropriate, by the corresponding Transfer Impact Assessment (TIA) and additional security measures. The identity of the processors located outside the EEA and the safeguard mechanism applicable to each are made available to professional Clients upon request. You may request detailed information about these safeguards at privacidad@fixros.com.

11. How do we protect your data?

FixrOS applies technical and organisational measures appropriate to the risk, in accordance with Art. 32 GDPR: encryption of communications (TLS) and of sensitive data at rest; role-based access control and reinforced authentication; strict isolation of the data of each client and community; encrypted storage of credentials and tokens on the device; audit logging of administrative actions; encrypted backups; pseudonymisation of users in the chat; staff training and confidentiality agreements.

In the event of a security breach that poses a risk to your rights, FixrOS will notify the AEPD within 72 hours and, where appropriate, also the affected persons (Arts. 33 and 34 GDPR).

12. What are your rights?

You may exercise at any time the rights of access, rectification, erasure ("right to be forgotten"), objection, restriction of processing and portability, as well as withdraw the consent you have given (without retroactive effect) and not be subject to automated individual decisions with legal effects.

How to exercise them: write to privacidad@fixros.com or to FixrOS, S.L., Calle Núñez de Balboa 120, 28006 Madrid, indicating the right you are exercising and enclosing a copy of an identification document. You may also manage and download your data from the settings of the app or the portals. We will respond within a maximum period of one month. Where FixrOS processes the data as a processor on behalf of a property manager or an insurer, it will forward your request to the controller and inform you accordingly.

If you consider that we have not properly addressed your rights, you may lodge a complaint with the Spanish Data Protection Agency (AEPD), C/ Jorge Juan 6, 28001 Madrid — www.aepd.es.

13. Minors

Use of the app is reserved for persons over 14 years of age (Art. 7 LOPDGDD); the contracting of services and the professional profiles, for persons over 18. The Platform may incidentally process data of minors who reside in a dwelling of the community (for example, when assigning a dwelling or in the register of visitors); in such a case, the legal basis lies with their parents or guardians and with the property manager as controller. If we detect an account created by a minor under 14 without the consent of their parents or guardians, we will delete it.

14. Cookies

The corporate website fixros.com uses technical, analytical and marketing cookies; the latter two are only activated if you give your consent. The dashboard and the portals use only technical session cookies, and the mobile app does not use cookies. All the information is in the Cookie Policy.

15. Changes to this Policy

FixrOS may update this Policy to adapt it to regulatory or service changes. If the changes are substantial, we will inform you in advance by email or from the Platform itself. The version in force will always be the one published on fixros.com.

FixrOS, S.L. (brand FixrOS) · Tax ID B88755780 · Calle Núñez de Balboa 120, 28006 Madrid · privacidad@fixros.com · fixros.com
In force from: 1 June 2026