Privacy Policy

Index

The personal data controller is Reefix, reachable at the email address: [email protected] and through the website https://reefix.ai.

Reefix collects and processes the following personal data: • REGISTRATION DATA: email address and password (in encrypted hash form), provided voluntarily. If accessed via Google Sign-In, email, name, and unique identifier provided by Google are collected. • USAGE DATA: number of queries, plan type (Free, Standard, Premium), timestamps, uploaded photos count. • REQUEST CONTENT: fault text and photographs transmitted to AI systems (Google Gemini and Anthropic Claude). Not stored permanently on our servers. • UPLOADED/CAPTURED PHOTOS: images are processed entirely in the browser; they are redrawn on a clean canvas with automatic removal of all EXIF/GPS/ICC metadata before transmission. Photos are sent encrypted (HTTPS/TLS) to Anthropic Claude for visual diagnostic extraction (Premium plan only) and to Google Gemini for text processing. They are not retained by Reefix after processing. • GEOGRAPHICAL LOCATION DATA: if allowed, GPS coordinates used to suggest nearby repair companies (not saved). • BROWSER FINGERPRINT: anonymous identifier to prevent abuse (free plan). • REPAIR COMPANY DATA: Name, Address, Phone, etc., provided by registered companies and publicly visible. • TELEMETRY DATA (Diagnostic Feedback): Anonymized data on repair outcome provided voluntarily to calculate global success rates (Art. 6.1.a GDPR).

Data is processed for the following purposes: • SERVICE PROVISION (Art. 6.1.b GDPR): AI diagnostics, account management. • EXPLICIT CONSENT (Art. 6.1.a GDPR): GPS geolocation, policy. • LEGITIMATE INTEREST (Art. 6.1.f GDPR): fraud prevention (fingerprint). • LEGAL OBLIGATIONS (Art. 6.1.c GDPR): retention of tax data.

Reefix uses the following third-party services for infrastructure and monitoring: • GOOGLE ANALYTICS 4 & SEARCH CONSOLE: USA/EU. Used for performance monitoring, statistical traffic analysis, and anonymized behavioral tracking. Modulated via Consent Mode V2 (GDPR compliant). • PAYPAL: USA/EU. In-page checkout SDK and payment processor. Receives technical data and installs security/session cookies during checkout. • GOOGLE IDENTITY PLATFORM (SSO): USA. If "Sign in with Google" is used, Google gets login data. • GOOGLE FIREBASE (Auth & DB): USA/EU (Standard Contractual Clauses). • GOOGLE GEMINI API: USA (diagnostic text processing). • ANTHROPIC CLAUDE API: USA (visual analysis of photos). Encrypted, not used for model training. • TAVILY / EXA AI / FIRECRAWL: USA (Semantic web search). • OPENSTREETMAP NOMINATIM: UK/EU (Local geocoding). • AMAZON ASSOCIATES & EBAY EPN: EU (Affiliate tracking for spare parts). • FINGERPRINT.JS: USA (Anti-fraud infrastructure).

• Account data: retained while active. Deleted within 30 days of cancellation. • Diagnostic text and images: logs deleted within 90 days. • Repair company data: retained while registered. • Payment data: kept for 10 years for tax law compliance.

As a data subject, you have the right to ACCESS (Art. 15), RECTIFICATION (Art. 16), ERASURE (Art. 17), RESTRICTION (Art. 18), PORTABILITY (Art. 20), and OBJECTION (Art. 21). You can delete your account from your profile or contact [email protected].

Please refer to our Cookie Policy. We exclusively use essential technical cookies for Firebase Auth and session localStorage.

All data is transmitted via HTTPS/TLS. Passwords are in Firebase Auth Hash. The database uses strict security rules. PHOTO PROTECTION: • Uploaded or captured images are processed exclusively in the user's browser. • Before transmission, each photo is redrawn on a clean HTML canvas: this process automatically and permanently removes all EXIF, GPS, ICC metadata and any data embedded in the original file. • The image format is validated by inspecting the actual magic bytes of the file (not just the extension): only JPEG, PNG, WebP and HEIC are accepted. SVG, HTML or executable files disguised as images are rejected. • Maximum allowed file size is 10 MB. • Processed images are transmitted encrypted (HTTPS/TLS) and are not retained by Reefix after processing.

We reserve the right to modify this page, notifying you adequately on the platform.

Email: [email protected] | Phone: +39 389 630 3148 | Website: https://reefix.ai