Privacy Policy
Last updated: 15 March 2026
At a Glance
We never sell your personal data to anyone
We do not store your Aadhaar number
You can delete your account and data anytime
All data is encrypted in transit and at rest
Introduction
Fixhomi Technologies Pvt. Ltd. (“Fixhomi”, “we”, “us”, or “our”) operates the Fixhomi mobile application (available on Android and iOS) and the website at fixhomi.com. Fixhomi is a home services marketplace that connects customers (“Users”) with verified local service professionals (“Providers”) such as electricians, plumbers, carpenters, painters, and more.
This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, who we share it with, and what rights you have over your data. This policy applies to all users of the Fixhomi platform, including both customers and service providers.
By creating an account on Fixhomi or using our services, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please do not use the Fixhomi platform.
This Privacy Policy should be read alongside our Terms & Conditions, which govern your use of the platform.
Information We Collect
We collect different types of information depending on how you interact with the platform and whether you use Fixhomi as a customer or a service provider. Below is a detailed breakdown of all data we collect and the specific reason each piece of information is needed.
2.1 Information You Provide Directly
Account Registration Information
Full name
To identify you on the platform and display your name to service providers or customers during a service request. For providers, your name is locked to match your Aadhaar after identity verification to ensure authenticity.
Email address
To create your account, send you verification emails, password reset links, important service updates (such as request confirmations and completions), and security alerts. Each email address is linked to a single account.
Phone number
To verify your identity via OTP (One-Time Password), enable direct communication between customers and providers during active service requests, and send critical service notifications via SMS when push notifications are unavailable.
Password
To secure your account. Your password is hashed using BCrypt before storage — we never store or have access to your plain-text password. If you register via Google or Apple Sign-In, a password is not required.
Profile Information
Street address, city, and pincode
To help service providers understand your service location, and to display your general area on the platform. This is optional for customers but required for providers who need to appear in location-based searches.
Profile picture
To help customers and providers identify each other. Profile pictures are uploaded to Cloudinary (our image hosting service) and displayed within the app.
Saved addresses (home, work, other)
To let you quickly create service requests from frequently used locations without re-entering address details each time. You can add, edit, or delete saved addresses at any time.
Emergency contact information
To enable our emergency services feature, where you can designate a trusted contact who can be reached in case of an urgent situation during a service.
Service Provider Information (Providers Only)
Service categories and specializations
To match you with relevant customer requests. You can select from categories such as electrician, plumber, carpenter, painter, AC technician, and more. Customers only see providers who offer matching services.
Experience description and bio
To display your professional background to potential customers, helping them make informed decisions when choosing a provider.
Portfolio gallery and links
To showcase your previous work to potential customers. Photos and links you upload are stored on Cloudinary and displayed on your profile.
Availability/online status
To indicate to customers whether you are currently accepting service requests. You can toggle your availability on or off at any time.
Identity Verification Information (Providers Only)
Aadhaar verification via DigiLocker
To verify your real identity using the Government of India's DigiLocker service. IMPORTANT: We do NOT collect, store, or have access to your Aadhaar number. The verification happens entirely through DigiLocker's secure government API. We only receive and store your verification status (verified or not verified) and the name on your Aadhaar (to lock your display name for authenticity).
PAN Card
Required for the optional provider insurance program. The document image is securely uploaded and reviewed by our admin team for verification purposes.
E-Shram Card (optional)
Recommended for the insurance program as it provides additional worker identification. Submission is voluntary.
Driving License (optional)
An optional supporting document for insurance verification, particularly relevant for providers who travel to service locations.
Address proof (electricity bill or bank passbook)
Required for insurance verification to confirm your residential address.
Payment Information
Payment details (processed by Razorpay)
When providers subscribe to Fixhomi Professional Tools, payment is processed entirely by Razorpay, a PCI-DSS Level 1 compliant payment gateway. We NEVER store your full card number, CVV, PIN, or complete UPI ID. We only store minimal reference information — such as the last 4 digits of your card, partial UPI handle, or wallet name — solely for displaying your payment history within the app.
Communications & Service Data
Service request details
When you create a service request, we store the service type, description, location, date/time, and urgency level to match you with the right provider and maintain a history of your service activity.
Ratings and reviews
After a service is completed, both customers and providers can rate and review each other. This helps maintain quality on the platform and assists future users in making informed choices.
Support communications
If you contact us through email, WhatsApp, or in-app support, we retain the conversation to resolve your issue and improve our support processes.
2.2 Information Collected Automatically
Location Data
GPS coordinates (latitude and longitude)
Location data is fundamental to how Fixhomi works. For customers, we use your location to find nearby service providers. For providers, we use your location to show you in search results for nearby customers and to enable live tracking during active service delivery. See Section 4 for a detailed explanation of our location practices.
Device Information
Device model and brand
To optimize the app experience for your specific device and to diagnose technical issues if something goes wrong.
Operating system and version
To ensure compatibility and to route you to the correct app features based on your platform capabilities (e.g., certain notification features work differently on Android 13+ vs older versions).
Firebase Cloud Messaging (FCM) token
To deliver push notifications to your specific device. This token is a unique identifier for your device's notification channel — it does not contain personal information. The token is saved when you log in and deleted when you log out.
Usage Data
App interactions and session activity
To understand how the app is used, identify technical issues, and improve the overall experience. This includes which screens you visit, service requests you create, and general usage patterns — but not the content of your private communications.
2.3 Information from Third-Party Services
Google Sign-In
Name, email address, and profile picture
When you choose to sign in with Google, Google shares your basic profile information with us to create or link your Fixhomi account. We only request the minimum information needed. You can revoke this access from your Google account settings at any time.
Apple Sign-In (iOS only)
Name and email (or Apple relay email)
When you sign in with Apple, Apple shares your name (only on first sign-in) and email address. Apple allows you to hide your real email address using their private relay service — we fully support this. You can manage this from your Apple ID settings.
Why We Collect Your Information
We believe in collecting only the information we genuinely need to provide our service. Here is a summary of the purposes behind our data collection, mapped to the legal basis under applicable Indian data protection laws:
Providing the core service
Matching customers with nearby verified service providers, facilitating service requests, enabling communication between parties, and processing payments.
Contractual necessity — required to fulfill our service agreement with you.
Identity verification
Verifying provider identities through phone OTP, email verification, and Aadhaar/DigiLocker to ensure customer safety and platform trust.
Legitimate interest — maintaining a safe and trustworthy marketplace for all users.
Real-time location tracking
Enabling live tracking during service delivery so customers can see their provider's approach, and enabling location-based provider search.
Consent — you explicitly grant location permission when using the app.
Push notifications
Sending service status updates (request accepted, provider arriving, service completed), account security alerts, and important platform announcements.
Contractual necessity and consent — critical service notifications are necessary for service delivery; promotional notifications require your opt-in.
Account security
Protecting your account through password hashing, JWT token management, OTP verification, rate limiting, and detecting suspicious activity.
Legitimate interest — protecting you and the platform from unauthorized access and fraud.
Service improvement
Understanding usage patterns, diagnosing technical issues, and improving the overall platform experience.
Legitimate interest — continuously improving our service for all users.
Legal compliance
Retaining transaction records and responding to legal requests as required by Indian law.
Legal obligation — compliance with applicable regulations.
Location Data — Detailed Disclosure
Important: Location access is a core part of how Fixhomi works. Without it, we cannot find nearby providers or enable live tracking during service delivery. You can revoke location permission at any time from your device settings, but this will limit the app’s functionality.
Because location data is central to our service, we want to be completely transparent about how it is used:
4.1 For Customers
Finding nearby providers: When you create a service request, your GPS coordinates are used to search for verified providers within your area. Providers see your approximate distance but not your exact address until they accept the request.
Address auto-detection: We use Mapbox reverse geocoding to convert your GPS coordinates into a human-readable address, making it easier to create service requests without typing your address manually.
Location refresh interval: The app refreshes your location approximately every 30 seconds while it is open, to ensure search results and maps stay current.
4.2 For Service Providers
Appearing in search results: Your location determines whether you appear in a customer’s search results. Only providers within the search radius are shown.
Live tracking during service delivery: When you accept a service request and are en route to the customer, your live location is shared with the customer via real-time updates (approximately every 10 seconds via Socket.IO) so they can track your arrival. This tracking stops when the service is marked complete.
Background location (iOS): On iOS, providers may grant background location permission so that location updates continue even when the app is minimized during an active service. This is only used during active service delivery and is never used for tracking outside of service hours.
4.3 How Location Data Is Stored
Location data is stored in GeoJSON format in our MongoDB database as part of your profile and service request records.
Real-time location updates during live tracking are transient — they are transmitted to the customer in real time and are not permanently stored.
Reverse geocoding results (address from coordinates) are cached locally on your device for 10 seconds to reduce unnecessary API calls, then discarded.
How We Use Your Information
We use your information exclusively for the following purposes:
Account Management
Creating and managing your account, authenticating your identity, and maintaining your profile across sessions.
Service Matching
Connecting customers with nearby, verified service providers based on location, service category, and availability.
Live Service Tracking
Enabling real-time location sharing between customers and providers during active service delivery.
Payment Processing
Processing Professional Tools subscription payments through Razorpay and maintaining payment history records.
Identity Verification
Verifying provider identities through phone OTP, email verification, and Aadhaar/DigiLocker for platform safety.
Notifications
Sending push notifications about service request updates, account activity, security alerts, and platform announcements.
Emergency Services
Connecting you with emergency service providers (snake catchers, ambulance services) using your location for rapid response.
Platform Improvement
Analyzing usage patterns (in aggregate) to identify bugs, improve app performance, and enhance the overall user experience.
Security & Fraud Prevention
Detecting suspicious account activity, preventing unauthorized access, and enforcing rate limits to protect against abuse.
Legal Compliance
Retaining records as required by Indian law, and responding to valid legal requests from government authorities.
How We Share Your Information
We do not sell your personal data. We share information only in the specific scenarios described below, and only to the extent necessary for the stated purpose.
6.1 Between Customers and Providers
When a service request is created and accepted:
Customers see: Provider’s name, profile picture, service categories, rating, phone number, and live location during transit.
Providers see: Customer’s name, phone number, service location/address, and service request details.
This sharing is essential for the service to function — without it, customers and providers cannot coordinate. Phone numbers are shared to enable direct communication during active service requests.
6.2 With Service Providers (Third Parties)
We work with trusted third-party services that help us operate the platform. Each of these services has access only to the data they need to perform their function:
Razorpay — Payment processing
Payment details for Professional Tools subscriptions. Razorpay is PCI-DSS Level 1 compliant and handles all card/UPI/wallet data directly — it never passes through our servers.
Firebase (Google) — Push notifications
FCM device token (a device identifier) and notification content (service updates, alerts). No personal data is shared beyond what appears in the notification.
Mapbox — Maps & geocoding
GPS coordinates for rendering maps and converting coordinates to addresses. Mapbox does not receive your name, email, or other personal details.
Cloudinary — Image hosting
Profile pictures and document images uploaded by users. Images are stored securely and served via encrypted HTTPS URLs.
DigiLocker (Government of India) — Aadhaar identity verification
Verification happens through DigiLocker's secure government API. We only receive verification status and name — we never receive or store your Aadhaar number.
Google & Apple — OAuth sign-in
Basic profile information (name, email, photo) that you authorize when choosing to sign in with Google or Apple.
6.3 Legal Disclosures
We may disclose your information if required to do so by law, regulation, court order, or government request. We may also disclose information to protect the rights, property, or safety of Fixhomi, our users, or the public. In such cases, we will make reasonable efforts to notify you unless we are legally prevented from doing so.
Third-Party Services
Our app integrates with the following third-party services. Each has its own privacy policy governing how they handle your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payments | Payment credentials (handled directly by Razorpay) |
| Firebase (FCM) | Push notifications | Device token, notification content |
| Mapbox | Maps & geocoding | GPS coordinates |
| Cloudinary | Image storage | Uploaded photos and documents |
| DigiLocker | Aadhaar verification | Verification status only (no Aadhaar number) |
| Google OAuth | Sign-in | Name, email, profile photo |
| Apple Sign-In | Sign-in (iOS) | Name, email (or relay email) |
Data Storage & Security
We take the security of your data seriously and implement multiple layers of protection:
8.1 Encryption & Transmission
All data in transit is encrypted using HTTPS/TLS. Every API call between the app and our servers is encrypted — no data is ever sent in plain text.
Real-time connections (Socket.IO for live tracking) are authenticated using JWT tokens verified with HS512 signing algorithm.
8.2 Authentication Security
Passwords are hashed using BCrypt before storage. We never store or have access to your plain-text password.
Authentication tokens (JWT) are stored in your device’s secure keychain — iOS Keychain or Android Keystore — not in regular app storage. Tokens have expiry times and are automatically refreshed.
OTPs (One-Time Passwords) expire after a short time window and are automatically cleaned up. Rate limiting prevents brute-force OTP guessing attempts.
8.3 Infrastructure Security
API rate limiting protects against abuse and brute-force attacks using a sliding window algorithm.
All API endpoints require authenticated JWT tokens. Unauthenticated requests are rejected.
Our backends are hosted on Railway and Render, which provide enterprise-grade infrastructure security, automatic SSL, and DDoS protection.
8.4 Local Storage on Your Device
Sensitive credentials (access token, refresh token) are stored in your device’s secure keychain, which is hardware-backed and encrypted by the operating system.
Non-sensitive data (your name, user type, FCM token) is stored in encrypted AsyncStorage on your device for a faster app experience.
On logout, all locally stored data (tokens, profile data, FCM token) is cleared from your device.
Your Rights & Choices
You have the following rights regarding your personal data:
Right to Access
You can view all your profile information, service history, saved addresses, and preferences directly within the app at any time.
Right to Correction
You can update your profile information (name, email, phone, address, profile picture) through the app. Note: For providers who have completed Aadhaar verification, the display name is locked to match your verified identity.
Right to Deletion
You can permanently delete your account and associated data through the app (Settings → Delete Account) or via our website at fixhomi.com/manage-account. Account deletion requires OTP verification for security. Upon deletion, your profile, service history, saved addresses, documents, preferences, and FCM tokens are removed. Transaction records may be retained as required by law.
Right to Data Portability
You can request a copy of your personal data by contacting our support team at contact@fixhomi.com. We will provide your data in a commonly used format within 30 days.
Right to Withdraw Consent
You can withdraw consent for specific data processing activities: revoke location permission from device settings, disable push notifications from device settings or in-app preferences, turn off email notifications in your app preferences, or disconnect Google/Apple sign-in from your respective account settings.
Notification Preferences
You can control your notification preferences within the app: enable or disable push notifications, enable or disable email notifications, and toggle notification sounds. We respect these preferences — if you disable notifications, we will not send them (except for critical security alerts related to your account).
Data Retention
We retain your data only for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until you delete your account |
| Service request history | Until account deletion; anonymized records may be retained for analytics |
| Transaction/payment records | As required by Indian tax and financial regulations (typically 7 years) |
| Real-time location updates | Transient — not permanently stored (transmitted in real time only) |
| Profile location (last known) | Until you delete your account or update your location |
| OTPs and verification tokens | Automatically expired and cleaned up after their short validity window |
| FCM device tokens | Cleared on logout; updated on each login |
| Verification documents (insurance) | Until account deletion or document expiry |
| Support communications | Retained for quality and reference until no longer needed |
Children's Privacy
Fixhomi is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.
If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete that information from our systems. If you believe that a minor has provided us with personal information, please contact us at contact@fixhomi.com and we will promptly address the situation.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
The “Last updated” date at the top of this page will be revised.
For material changes that significantly affect how we handle your data, we will notify you through push notifications in the app, email, or a prominent notice on our website.
Continued use of Fixhomi after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us:
Company
Fixhomi Technologies Pvt. Ltd.
Yavatmal, Maharashtra, India