Privacy Notice
Last updated: 9 June 2026
1. Who we are
This Privacy Notice explains how Niels Arrachart ("we", "us"), trading as FixYourSaaS, collects and processes your personal data. We act as the data controllerfor the personal data described below.
Address: Grote Beer 24, 2163 AR Lisse, Netherlands
Contact: contact@fixyoursaas.com
2. Categories of personal data we collect
- Account data — email address, hashed password (or OAuth identifier), and account creation date.
- Report inputs — your website URL, product description, ideal customer profile, growth challenge, and current MRR (if provided).
- Generated reports — the AI-generated diagnosis associated with your account.
- Support correspondence — emails and messages you send us.
- Technical data — IP address, browser type, device identifiers, and basic usage telemetry.
Payment data (card number, billing address, tax ID) is collected and processed directly by Paddle, our Merchant of Record. We do not see or store full payment details.
3. Purposes and legal bases
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Creating and managing your account | Account data | Performance of a contract |
| Generating and delivering your report | Report inputs, account data | Performance of a contract |
| Customer support | Account data, correspondence | Performance of a contract / legitimate interests |
| Security, fraud prevention, and abuse detection | Technical data, account data | Legitimate interests |
| Product improvement (aggregated, non-identifying) | Technical data, report inputs | Legitimate interests |
| Compliance with legal obligations (e.g. tax records via Paddle) | Account data, transaction metadata | Legal obligation |
4. Who we share data with
- Paddle — our Merchant of Record, responsible for processing payments, subscription management (not applicable here), tax compliance, invoicing, and refund handling.
- Hosting and infrastructure providers — we use Lovable Cloud (Supabase) for application hosting, database, and authentication.
- AI service providers — OpenAI (and/or other AI providers via the Lovable AI Gateway) processes report inputs to generate the diagnosis. Inputs are not used to train third-party models.
- Professional advisers — legal, accounting, or tax advisers where reasonably necessary.
- Authorities — when required by law, court order, or to protect rights, property, or safety.
5. International data transfers
Some of our service providers (including AI providers and Paddle) may process data outside the EEA/UK. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions to ensure your data remains protected.
6. Data retention
We keep account data and generated reports for as long as your account is active. If you delete your account, we delete or anonymise personal data within 90 days, except where we are required to keep records for legal, tax, or accounting purposes (typically up to 7 years for transaction-related records held by Paddle).
7. Your rights under GDPR
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten");
- request restriction of processing;
- data portability (receive your data in a structured, machine-readable format);
- object to processing based on legitimate interests;
- withdraw consent at any time where processing is based on consent;
- lodge a complaint with your local supervisory authority — in the Netherlands, this is the Autoriteit Persoonsgegevens.
We will respond to verified requests within one month.
8. Security
We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, role-based permissions, and row-level security on our database. No system is perfectly secure; if a personal data breach occurs, we will notify affected users and the relevant supervisory authority where legally required.
9. Cookies
We use a small number of essential cookies to keep you signed in and to operate the service. We do not currently use third-party advertising or marketing cookies. If we add analytics in the future, this notice will be updated and a cookie banner will be shown where required.
10. Changes to this notice
We may update this notice from time to time. Material changes will be communicated through the site or by email where appropriate.
11. Contact
For any privacy questions or to exercise your rights, contact Niels Arrachart at contact@fixyoursaas.com or by post at Grote Beer 24, 2163 AR Lisse, Netherlands.