Privacy Policy

1. Introduction

Welcome to Fix the Mess™ Studio ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SharePoint information architecture planning tool and related services (collectively, the "Service").

By accessing or using Fix the Mess™ Studio, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when you register for an account, use our Service, or communicate with us. This includes:

• Account Information: Name, email address, password, and company name
• Payment Information: Billing address and payment method details (processed securely through our payment processor)
• Project Data: SharePoint architecture designs, site maps, metadata schemas, permissions models, and other content you create within the Service
• Communications: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

When you access our Service, we automatically collect certain information about your device and usage patterns:

• Usage Data: Features accessed, time spent, actions performed, and interaction patterns
• Device Information: IP address, browser type and version, operating system, device identifiers
• Log Data: Access times, pages viewed, error logs, and referring URLs
• Cookies and Tracking: Session identifiers, preferences, and analytics data (see Section 4)

2.3 Information from Third Parties

We may receive information from third-party services you choose to integrate with Fix the Mess™ Studio, including authentication providers (such as Google OAuth) and payment processors (such as Kit Commerce). This information is limited to what is necessary to provide the Service and may include your name, email address, and profile information.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve Fix the Mess™ Studio, including processing your projects and delivering requested features
• Account Management: To create and manage your account, authenticate your identity, and process subscription payments
• Customer Support: To respond to your inquiries, provide technical assistance, and resolve issues
• Communication: To send you service-related notifications, updates, security alerts, and administrative messages
• Product Development: To analyze usage patterns, understand user needs, and develop new features and improvements
• Security: To detect, prevent, and address technical issues, fraud, and unauthorized access
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests
• Marketing: With your consent, to send you promotional materials, newsletters, and information about new features (you may opt out at any time)

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized content. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

Types of Cookies We Use:

• Essential Cookies: Required for the Service to function, including authentication and security features
• Functional Cookies: Remember your preferences and settings to enhance your experience
• Analytics Cookies: Help us understand how users interact with the Service to improve functionality
• Performance Cookies: Collect information about Service performance and user experience

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service.

5. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors who perform services on our behalf, such as hosting (Lovable.dev), database management (Supabase), payment processing (Kit Commerce), and analytics. These providers are contractually obligated to protect your information and use it only for specified purposes.
• Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity.
• Legal Requirements: When required by law, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With Your Consent: When you explicitly authorize us to share your information with third parties for specific purposes.
• Aggregated Data: We may share anonymized, aggregated, or de-identified information that cannot reasonably be used to identify you.

6. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication mechanisms
• Secure data centers with physical and network security
• Employee training on data protection and privacy practices

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account Data: Retained while your account is active and for a reasonable period afterward to allow for account reactivation
• Project Data: Retained while your subscription is active; you may export your data at any time
• Payment Records: Retained as required by tax and accounting regulations (typically 7 years)
• Communications: Retained for customer support and legal compliance purposes
• Analytics Data: Aggregated and anonymized data may be retained indefinitely

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing activities, including marketing communications
• Restriction: Request restriction of processing in certain circumstances

8.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

8.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of your information (note: we do not sell personal information).

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer your information internationally, we implement appropriate safeguards to protect your data, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Certification under recognized privacy frameworks

By using the Service, you consent to the transfer of your information to countries outside your country of residence, including the United States, where our service providers operate.

10. Children's Privacy

Fix the Mess™ Studio is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information.

11. Third-Party Services

Our Service may contain links to third-party websites, services, or integrations that are not operated by us. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

Third-party services we currently use include:

• Lovable.dev: Application hosting platform
• Supabase: Database and authentication services
• Kit Commerce: Payment processing
• Google OAuth: Optional authentication provider

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (if you have provided your email address)
• Displaying a prominent notice within the Service

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

14. Data Protection Officer

For privacy-related inquiries specific to GDPR compliance or data protection matters, you may contact our Data Protection Officer at [email protected].