FixDocFixDoc

Privacy Policy

Last updated: March 10, 2026

1. Who We Are

FixDoc is a product of ByteUp LLC, a technology company based in Fort Lauderdale, FL. FixDoc provides AI-powered document verification software for mortgage professionals. We are a technology service provider -- not a mortgage lender, broker, or financial advisor.

2. Data We Collect

We collect only what is necessary to provide our service:

  • Account information: Name, email address, organization name, and role when you create an account.
  • Financial documents: Pay stubs, bank statements, W-2s, tax returns, and other documents you upload for verification. These are stored encrypted and isolated per organization.
  • Usage data: Feature usage, API calls, and session data to improve our service and enforce plan limits.
  • Payment information: Processed securely by Stripe. We do not store credit card numbers on our servers.

3. How We Protect Your Data

  • Encryption: All data is encrypted at rest via Supabase on AWS infrastructure and in transit via TLS, enforced by our hosting and database providers.
  • Data isolation: Every organization's data is fully isolated using Row Level Security (RLS) policies. One organization cannot access another's data under any circumstances.
  • Access control: Role-based access control (RBAC) ensures team members only see what their role permits. Audit logs track all data access.
  • Infrastructure: Hosted on Supabase (built on AWS) with automatic backups, point-in-time recovery, and geographic redundancy.

4. How We Use Your Data

  • To provide document verification and fraud detection services.
  • To power the AI Assistant with project-specific context.
  • To enforce plan limits and usage tracking.
  • To send service-related notifications and updates.

5. What We Never Do

  • We never sell your data. Your financial documents and client information are never shared with third parties for marketing or any non-service purpose.
  • We never train public AI models on your data. Documents processed through our AI engine are used solely for your verification results. They are not used to train, improve, or fine-tune any public or third-party machine learning models.
  • We never access your data without cause. Our team does not review your documents unless required for technical support that you explicitly request.

6. Data Retention

Your data is retained for as long as your account is active. When you delete a document, it is soft-deleted immediately. Permanent purge is available upon request. After account cancellation, data is retained for 90 days for export, then eligible for permanent deletion.

7. Third-Party Services

We use the following third-party services:

  • Supabase: Database, authentication, and file storage (SOC 2 Type II certified).
  • Stripe: Payment processing (PCI DSS Level 1 certified).
  • OpenAI: AI-powered document parsing and assistant. Data sent to OpenAI is processed under their enterprise data use policy and is not used to train their models.
  • Vercel: Application hosting and CDN.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. You may export your data or request account deletion by contacting us at privacy@fixdoc.co.

9. Contact

For privacy-related questions, contact us at privacy@fixdoc.co.