Back to home

Privacy Policy

Last updated: June 2026 · v1.3

Overview

Fyxes ("Fyxes", "we", "our", "us") is a registered business name operated as a sole trader in Australia. While our current turnover may fall below the AUD $3 million threshold that ordinarily triggers coverage under the Privacy Act, we voluntarily commit to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The APPs replaced the former National Privacy Principles in March 2014, and govern how we collect, hold, use, disclose and secure personal information.

This policy applies to the Fyxes mobile app and website (fyxes.com.au). By using Fyxes you agree to the practices described here. If you do not agree, please do not use Fyxes.

1. Information we collect

We collect only the personal information we need to operate the Fyxes platform, match you with a Cleaner, take payment, keep the service safe, and meet our legal obligations.

1.1 Information you give us

  • Account details — full name, email address, mobile phone number, password, optional profile photo.
  • Service address — residential address(es) where the clean takes place, access instructions, parking notes, and any pet or building-access details you choose to provide.
  • Booking information — rooms (bedrooms, bathrooms, kitchen, living, laundry, study), add-ons (oven, fridge, windows, balcony), property condition rating, preferred date/time, recurring schedule, special requests.
  • Payment information — card details are entered into the Stripe payment form and tokenised by Stripe directly. Fyxes never sees or stores your full card number or CVV — we hold a token reference, the last four digits, the card brand and expiry.
  • Communications — in-app messages with your Cleaner, ratings and reviews, photos attached to a complaint, and any support emails or messages.
  • Identity verification (if requested) — if a transaction is flagged for fraud risk, we may ask you to verify your identity with a government-issued ID (such as a driver's licence or passport). We collect this only on a case-by-case basis and destroy our copy once the check is complete.

Government-related identifiers (APP 9). Fyxes does not use government-related identifiers (such as driver's licence, passport, Medicare or tax-file numbers) as our own internal identifier for you, and we only process them where permitted by law for the limited purpose of identity verification.

1.2 Information we collect automatically

  • Device and app data — device model, operating system version, app version, language, time zone, IP address, crash logs.
  • Product analytics (PostHog) — we use PostHog (EU Frankfurt region) to record screen views, taps, search queries, booking funnel events and feature usage inside the customer app, linked to your user ID. We do not record screen contents, keystrokes or session replays of payment screens.
  • Website analytics — on fyxes.com.au we use Vercel Analytics (anonymous page views), Google Analytics 4 (page views and traffic-source / campaign attribution) and Meta Pixel (marketing attribution for Facebook and Instagram ads).
  • Location data — we use Google Maps to autocomplete and validate your service address. If you grant the mobile app location permission, we may use your approximate device location only at the moment you are entering an address. Fyxes does not track your location in the background.
  • Push and SMS identifiers — an Expo push token tied to your device and your verified mobile number (via Twilio) so we can send booking notifications.
  • Cookies and similar technologies — used for authentication, fraud prevention and analytics. You can manage cookies through your browser settings.

1.3 Information from third parties

  • Sign-in providers — if you sign in with Apple or Google, we receive your name and email from that provider.
  • Payment processor — Stripe sends us payment status, fraud-risk signals, the last four digits of your card, and dispute information.
  • Referrals — if another user refers you to Fyxes, we may learn your name and email from them so we can apply a referral credit.

2. Anonymity and pseudonymity

Australian Privacy Principle 2 gives individuals the option of dealing with an organisation anonymously or under a pseudonym, where it is lawful and practicable to do so.

Given the nature of the Fyxes marketplace — specifically processing secure card payments, sending an identifiable Cleaner to your home, and meeting our consumer-law and tax obligations — it is not practicable for us to provide our services to you anonymously or via a pseudonym. To book a clean, you must register with your real identifying details. You may, however, browse fyxes.com.au anonymously without creating an account.

3. How we use your information

  • Deliver the service — create and manage your account, match you with a Cleaner, calculate pricing, take payment, issue receipts, and process refunds.
  • Communicate with you — send booking confirmations, reminders, changes, cancellations and support replies by email, SMS or push.
  • Keep the platform safe — verify identity where needed, detect and prevent fraud, enforce our Terms of Service, and investigate misconduct or safety incidents.
  • Resolve disputes — if you report a clean was not up to standard within 48 hours, we use booking and message data to investigate and arrange a re-clean, partial refund or full refund.
  • Improve the product — analyse app usage (via PostHog) and website usage (via Vercel Analytics) to fix bugs, measure performance and decide what to build next.
  • Marketing — where you have provided your express or implied consent (for example, by opting in during sign-up or being an existing customer), we may send you product updates and promotions by email. The marketing opt-in is never pre-ticked. You can withdraw your consent and unsubscribe at any time from the link in every marketing email — in line with APP 7 and the Spam Act 2003 (Cth).
  • Comply with the law — meet tax, accounting, consumer-law and other regulatory obligations.

4. How we share your information

4.1 With the Cleaner who accepts your booking

When a Cleaner accepts your booking, we share with them your first name, service address, booking details, access instructions and mobile phone number. Your last name, email and payment information are not shared with the Cleaner. In return, we share the Cleaner's first name, profile photo, ratings and mobile phone number with you.

4.2 With service providers we use

We share personal information with the following trusted third-party processors, who handle it on our behalf under contract:

  • Supabase — authentication, database, file storage (Sydney, Australia).
  • Stripe / Stripe Connect — payment processing, card tokenisation, fraud detection, refunds (United States).
  • Twilio — SMS booking notifications and phone-number verification (United States).
  • Resend — transactional email (United States).
  • Loops — waitlist and marketing email (United States).
  • Google Maps Platform — address autocomplete and map display (United States).
  • Expo Push Notifications — push notifications on iOS and Android (United States).
  • PostHog — product analytics for the customer app (European Union, Frankfurt).
  • Vercel and Vercel Analytics — website hosting and anonymous traffic analytics (United States).
  • Google Analytics — website traffic and campaign-source analytics (United States).
  • Meta Pixel — marketing attribution for Facebook and Instagram ads (United States).
  • Apple and Google — sign-in and App Store / Play Store distribution (United States).

4.3 For legal and safety reasons

We may disclose personal information if we reasonably believe it is necessary to comply with a law, regulation, court order or lawful request; to enforce our Terms of Service; or to protect the rights, property or safety of Fyxes, our users or the public.

4.4 Business transfers

If Fyxes is involved in a merger, acquisition, financing or sale of assets, personal information may be transferred as part of that transaction. We will notify you of any change in ownership of your personal information.

4.5 We do not sell your data

Fyxes does not sell your personal information to third parties and does not share it for third-party advertising outside the services listed above.

5. Overseas data transfers

Some of our service providers are located outside Australia. Specifically:

  • United States — Stripe, Twilio, Resend, Loops, Google, Expo, Vercel, Meta, Apple, Google (sign-in).
  • European Union (Germany) — PostHog (we use the EU Frankfurt region).
  • Australia — Supabase (Sydney region) is our primary database and storage.

When we transfer personal information overseas, we take reasonable steps under Australian Privacy Principle 8 to ensure the recipient handles it consistently with the APPs. These steps include written contractual agreements with each processor, EU Standard Contractual Clauses for transfers to the European Union, selecting providers with independent security certifications (such as SOC 2 Type II or ISO 27001), and limiting the personal information sent overseas to what is strictly necessary.

If an overseas recipient breaches the APPs in respect of your information, Fyxes remains accountable to you under the Privacy Act.

6. How long we keep your information

  • Account data — kept while your account is active.
  • Booking and payment records — kept for at least 7 years after the booking date to meet Australian tax and financial record-keeping obligations.
  • Support and complaint records — kept for up to 7 years.
  • Marketing preferences — kept until you unsubscribe or request deletion.
  • Product analytics events — raw events in PostHog are retained for up to 12 months, then aggregated.

When we no longer need your personal information, we delete or de-identify it, except where retention is required or permitted by law.

7. How we secure your information

Fyxes takes reasonable steps to protect personal information from loss, misuse, unauthorised access, modification or disclosure. These include:

  • encryption in transit (TLS) for all traffic to the app and website;
  • encryption at rest for our database, file storage and backups;
  • role-based access control so only staff who need access to a record can see it;
  • row-level security in our database so users can only see their own data;
  • card and bank details handled directly by Stripe — Fyxes never holds full card numbers, CVVs or bank account numbers;
  • regular review of dependencies, secrets and access logs.

No method of transmission or storage is completely secure. Protect your account by using a strong, unique password and keeping your device updated.

8. Data breach notification

Fyxes is committed to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we become aware of a data breach that is likely to result in serious harm, we will:

  • contain the breach and start an internal investigation;
  • complete our assessment within 30 days as required by the NDB scheme;
  • notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable;
  • notify affected individuals by email or in-app message as soon as practicable, telling you what was affected, what we have done, and what you can do to protect yourself;
  • take remedial steps — rotating credentials, revoking sessions, patching the cause, and reviewing further measures;
  • keep a written record of the incident, our assessment and our response.

If you suspect your account has been compromised, please contact us immediately at hello@fyxes.com.au.

9. Your rights and choices

Under the Privacy Act and the Australian Privacy Principles, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correct — ask us to update information that is inaccurate, out of date, incomplete, irrelevant or misleading.
  • Delete — ask us to delete your account and personal information, subject to legal retention requirements (we must keep transaction records for 7 years).
  • Opt out of marketing — unsubscribe from marketing emails at any time via the link in every marketing email.
  • Control device permissions — manage location, notification and camera permissions through your device settings.
  • Complain — raise a privacy concern with us first. If you are not satisfied, you can lodge a complaint with the OAIC at oaic.gov.au.

To exercise any of these rights, email us at hello@fyxes.com.au. We will respond within a reasonable time, generally within 30 days.

10. Stopping data collection (opt-out)

You can stop all collection of new information by the Fyxes mobile app by uninstalling the app from your device, using the standard uninstall process on iOS or Android.

You can also request that we close your account and stop further data collection by emailing hello@fyxes.com.au. Note that uninstalling the app does not delete personal information we already hold; to have your data deleted, follow the process in Section 9.

11. Children

Fyxes is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@fyxes.com.au and we will delete it.

12. Third-party links

Our app and website may contain links to third-party sites or services. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to read their privacy policies before providing any personal information.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or through the app. Your continued use of Fyxes after an update means you accept the revised policy.

14. Contact us

If you have questions, concerns or requests about this Privacy Policy or your personal information, please contact us at hello@fyxes.com.au.