Privacy Policy

NeuralFixIt Ltd. (“NeuralFixIt”, “we”, “our”, “us”) operates the NeuralFixIt platform, mobile and web applications (collectively, the “Service”). We act as a data controller for personal data we collect about you when you use the Service.

If you have questions about this policy or wish to exercise any of your rights, contact our Data Protection Officer at privacy@neuralfixit.com.

We collect the following categories of personal data:

Account data

• Full name, email address and phone number
• Password (stored as a salted hash — never in plaintext)
• Profile photo (optional)
• Account preferences and notification settings

Booking & service data

• Service category, job title and description
• Service address, latitude/longitude and access notes
• Attached photos or videos you upload
• In-app messages and calls with providers
• Reviews, ratings and dispute history

Payment data

• Card details are tokenised by our PCI-DSS certified payment processor (Stripe). We never see or store your full card number.
• Billing address and invoice history
• Refund and chargeback records

Device & technical data

• IP address, device model, operating system and app version
• Crash logs, performance metrics and diagnostic events
• Approximate location (from IP) and precise location (only with permission)
• Cookies and similar technologies — see our Cookie Policy

We use your personal data to:

• Create and maintain your account and authenticate you securely
• Match you with vetted providers and dispatch jobs
• Process payments, issue refunds and prevent fraud
• Send transactional messages (booking status, receipts, reminders)
• Improve the Service via aggregate analytics and A/B testing
• Comply with legal obligations (accounting, tax, anti-money-laundering)
• Enforce our Terms of Service and resolve disputes

We will never sell your personal data to third parties. We do not use your content (photos, messages) to train generative AI models without your explicit opt-in consent.

• Contract — to provide the Service you have booked
• Legitimate interests — to keep the Service secure, prevent fraud, and improve the product
• Legal obligation — to comply with tax, accounting and regulatory requirements
• Consent — for marketing emails, precise location, optional analytics and tracking

• Providers — we share the information needed to complete your booking (name, address, job description, contact). Providers are contractually bound to use it only for fulfilment.
• Payment processors — Stripe Payments UK/EU for card processing; Wise for provider payouts.
• Infrastructure — Cloudflare (CDN/DDoS), Amazon Web Services (hosting, EU/UK regions), Twilio (SMS/voice), Agora (video calls), Firebase (push notifications).
• Support tools — Zendesk for tickets, Sentry for crash reporting, PostHog for privacy-respecting product analytics.
• Authorities — when required by law, court order, or to protect the rights and safety of users.

All sub-processors are listed and updated at neuralfixit.com/legal/sub-processors and are bound by EU Standard Contractual Clauses where applicable.

• Account data — while your account is active, plus 12 months
• Booking and financial records — 7 years (UK tax and accounting law)
• In-app messages — 24 months after the booking closes
• Support tickets — 36 months
• Crash / diagnostic logs — up to 90 days

Under UK and EU GDPR, you have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data — see our Account Deletion page
• Object to or restrict processing
• Port your data to another service
• Withdraw consent at any time
• Lodge a complaint with your supervisory authority — in the UK this is the Information Commissioner’s Office

We respond to all requests within 30 days. There is no fee for reasonable requests.

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Passwords are hashed with Argon2id
• Two-factor authentication available on all accounts
• Access to production data is restricted, logged, and requires a hardware security key
• We operate a responsible-disclosure programme — report vulnerabilities to security@neuralfixit.com

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact privacy@neuralfixit.com and we will delete it.

Your data is primarily stored in the European Economic Area (Ireland and Frankfurt). Where we transfer data outside the UK/EEA (for example to US-based processors), we rely on UK International Data Transfer Addenda and EU Standard Contractual Clauses plus supplementary technical safeguards.

We may update this policy from time to time. When we make material changes, we will notify you by email and in the app at least 30 days before the changes take effect. The date at the top of this page always reflects the most recent revision.