Privacy Policy

Who we are

[fix]net is operated by ePress Norden AB ("ePress", "we"), a limited company (aktiebolag) registered in Sweden, organisation number ⟨ORG-NR⟩, with its registered office at ⟨ADDRESS⟩. For the account and network-service data described here, ePress is the data controller. You can reach us about privacy at privacy@fixa.sh or through the contact page.

What we don't collect

Most of [fix]net runs on your own machine, and that part needs no account and sends us nothing. The nodes, edges, graphs, files, and run traces you create are stored locally and stay there.

• We do not receive your graph content unless you choose to sync it across your own devices or share it with someone.
• Even when you do sync or share, our relay passes those events between devices in memory and does not store the graph content on our servers.
• We do not track you across sites, we run no third-party analytics or advertising scripts, and the websites set only strictly-necessary first-party storage. See the Cookie & storage notice.
• We do not sell personal data, and we never use the contents of your graphs to train shared models.

What we collect and why

• Account identity — your email and the sign-in credentials you create, plus a display name if you set one. We use these to create and operate your account. Legal basis: performance of our contract with you.
• Your devices — when you sign in on a machine, we record a per-machine identifier, an optional label, and when it was first and last seen, so we can scope your settings per device and offer "sign out everywhere". Legal basis: contract, and our legitimate interest in account security.
• Subscription and billing state — your plan tier, your Paddle customer and subscription identifiers, and your current billing-period end. We use these to grant the features you pay for and to reconcile payments. Payments themselves are handled by Paddle, our Merchant of Record, which is an independent controller for the transaction (see *Who we share data with*). Legal basis: contract, and a legal obligation for records we must keep.
• Friends and sharing — if you add friends or share a graph, we store who is connected to whom, who may see which shared stream, the permission level, and any invitation message. Legal basis: contract.
• The Store — when you get a pack, we record that you own it (so it stays "yours to keep"), an install record, and, if you bought it, the Paddle transaction reference. Install records include a salted, hashed prefix of your IP address and a device identifier, used only for de-duplication and fraud signals and never shown in the interface. Legal basis: contract, and our legitimate interest in preventing fraud.
• Marketplace analytics — to operate the Store we count installs, page views, and errors against packs, using a hashed device identifier and no cookie or raw IP address. These power author dashboards, search ranking, and install accounting. Legal basis: our legitimate interest in running the marketplace.
• Pack authors — if you publish, we store the public signing keys you register (public material only — never a private key) so buyers can verify your packs offline. When royalty payouts begin, we will collect a minimal tax and identity form (name, address, country, company or individual status, VAT number) at your first payout — not before. Legal basis: contract, and legal obligations for tax and accounting.
• Support — if you email us, we hold your message and address for as long as it takes to help you. Legal basis: our legitimate interest in answering you.
• Optional diagnostics — crash reporting and product telemetry are strictly opt-in and are not enabled today; if we add them, we will ask first and never include your prompt text or graph content. Legal basis: your consent.
• Newsletter — if you subscribe, we keep your email address to send the updates digest, using double opt-in to confirm it is really you. Legal basis: your consent.

How long we keep things

• Account, device, friend, and sharing records — for as long as your account is open; deleted when you close it (see *Your rights*).
• Synced or shared graph content — not stored at rest at all; it is relayed in memory and then gone.
• Billing records — your entitlement record is removed with your account; Paddle, as Merchant of Record, separately retains the transaction and invoice records it is legally required to keep (typically around seven years).
• Store ownership and install records — ownership lasts while your account exists; the hashed IP prefix in install records is de-linked when our salt rotates each quarter.
• Marketplace analytics — raw events are kept for 90 days and then dropped; aggregates are anonymous.
• Author payout and tax records — kept for the period accounting and tax law require, then deleted.
• Support email — for the duration of your enquiry and a reasonable period after.

Some of these deletion and export paths are still being built for our private beta; where a right is not yet self-service, we honour it manually on request (see *Your rights*), and we will not promise a self-service path before it exists.

Who we share data with

We rely on a small set of infrastructure providers — hosting, database and authentication, content delivery and object storage, payments, and (later) email — to run the service. Each is bound by a data-processing agreement, and the current set, what each one processes, and where, is published on the Subprocessor list.

Paddle is a special case: as our Merchant of Record it is the seller on your receipt and an independent controller for the payment itself, not merely our processor. Its own privacy terms govern the payment data it holds.

Where your data is processed

We prefer EU regions for the data we control. Our relay and account services run in the EU (Amsterdam); some Store infrastructure and our content-delivery and object-storage providers may process data outside the EEA. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses and appropriate safeguards. The Subprocessor list states each provider's region.

Your rights

Under the GDPR you have the right to access your data, to have it corrected, to have it erased, to receive a copy in a portable form, to restrict or object to certain processing, and — where processing is based on consent — to withdraw that consent at any time.

• To delete your account and the data tied to it, use the in-app delete-account action, or email us. This cancels any active subscription and removes your account data; Paddle retains the billing records it is legally required to keep.
• To access or export your data, or to exercise any other right, email privacy@fixa.sh from your account address. We respond to verified requests within one month.
• Withdrawing consent (for diagnostics or the newsletter) does not affect anything we did beforehand.

If you believe we have mishandled your data, you may complain to the Swedish data protection authority, the Integritetsskyddsmyndigheten (IMY) — imy.se — or to the authority in your EU country of residence.

No tracking

The [fix]net websites use no advertising or cross-site tracking and load no third-party analytics. They set only strictly-necessary first-party storage — a sign-in session and, during the private beta, a gate cookie. There is no consent banner because there is nothing to consent to. The full details are in the Cookie & storage notice.

Changes to this policy

We version this policy and record every change in a public changelog. A material change — anything that alters what we collect or what we promise — takes effect only after 30 days' notice to affected users once there are real users, and never reduces a protection you were already given. This mirrors our Fair-change Policy.

Contact

Questions or requests: privacy@fixa.sh, or via the contact page. Our registered details are above under *Who we are*.