Privacy Policy

Novex Solutions LLC is a Delaware-registered limited liability company.

• Legal Entity: Novex Solutions LLC
• Mailing Address: 1111B S Governors Ave STE 26220, Dover, DE 19904
• Privacy Contact: privacy@getrepair.co
• General Contact: legal@getrepair.co

If you are located in the European Economic Area (EEA) or United Kingdom, you may contact us at the address above regarding any GDPR-related matter.

This Privacy Policy applies to:

• Visitors to our marketing website
• Account holders and authorized users of Get Repair (Organization owners, managers, technicians, front-desk staff, and other invited team members)
• End customers of subscribing Organizations whose information is uploaded to or generated within the Service

It does not apply to third-party websites, applications, or services that integrate with Get Repair. Those services are governed by their own privacy policies.

We use information for the following purposes:

• Provide the Service — authenticate users, deliver features, sync data across devices, render reports, generate invoices, process payments
• Account management — onboarding, billing, subscription renewals, support
• Communication — transactional emails (receipts, password resets, system notifications) and, where permitted, product updates
• Improve the Service — analyze usage patterns, debug issues, develop new features, conduct internal research
• Security and fraud prevention — detect abuse, prevent unauthorized access, investigate suspicious activity, enforce our Terms of Service
• Legal compliance — comply with laws, respond to lawful requests, exercise or defend legal claims

We do not sell personal information, and we do not use Customer Data to train artificial intelligence or machine learning models that benefit other customers or third parties. Vector embeddings generated via OpenAI for in-app semantic search are scoped to the originating Organization and are not used to train OpenAI’s foundation models (per our agreement with OpenAI’s API terms).

For users in the EEA or UK, we rely on the following legal bases under Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)) — to deliver the Service you have subscribed to, manage your account, and process payments
• Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent fraud, improve our product, and conduct limited direct marketing to existing customers (you may object at any time)
• Consent (Art. 6(1)(a)) — for optional cookies, marketing emails to non-customers, and any processing where consent is the appropriate basis (you may withdraw consent at any time)
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, and other legal requirements

Where Novex processes Customer Data on behalf of an Organization, the Organization is responsible for establishing the legal basis for that processing under its own privacy practices.

We engage trusted third parties to help us operate the Service. Each sub-processor is bound by contractual obligations consistent with this Privacy Policy and applicable law (including, where relevant, Standard Contractual Clauses).

An up-to-date list of sub-processors is maintained at /privacy#sub-processors. We will provide reasonable advance notice of new sub-processors to Organizations who have subscribed to such notifications.

Novex is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored in, and processed in the US or other countries where our sub-processors operate.

For transfers of personal data from the EEA, UK, or Switzerland to the US or other non-adequate jurisdictions, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Addendum where applicable
• Supplementary safeguards such as encryption in transit and at rest, access controls, and contractual restrictions on sub-processors

EU and UK-based Organizations may request a copy of the relevant transfer mechanisms by contacting privacy@getrepair.co.

We retain personal data only as long as needed for the purposes described in this Policy:

• Account data: for the duration of your subscription, plus up to 12 months after termination for accounting, dispute resolution, and legal compliance
• Customer Data uploaded by Organizations: for the duration of the Organization’s subscription. After termination, Organizations have 30 days to export data, after which it is deleted from active systems within 30 days and from backups within 90 days
• Billing and tax records: retained for the period required by applicable law (typically 7 years in the US)
• Logs and security data: typically retained for 12 months
• Marketing data: retained until you unsubscribe or object

You or your Organization may request earlier deletion by contacting privacy@getrepair.co, subject to legal retention obligations.

We use cookies and similar technologies to:

• Strictly necessary — authenticate sessions, remember preferences, secure the Service
• Functional — remember settings such as language and last-visited store
• Analytics — understand aggregate usage patterns (we do not use cookies for cross-site behavioral advertising)

You can control non-essential cookies via the cookie banner presented on first visit or by adjusting your browser settings. Disabling strictly necessary cookies will impair core functionality.

We honor Global Privacy Control (GPC) signals where applicable.

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access control with least-privilege defaults
• Row-Level Security in our database
• Multi-factor authentication for administrative access
• Continuous monitoring, logging, and intrusion detection
• Regular security reviews, dependency scanning, and patching
• Background checks and security training for personnel with access to production systems

No system is perfectly secure. You are responsible for maintaining the confidentiality of your account credentials and notifying us promptly of any suspected unauthorized access.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will:

• Notify affected Organizations without undue delay and, where feasible, within 72 hours of becoming aware of the breach (consistent with GDPR Art. 33)
• Provide information sufficient for Organizations to meet their own notification obligations
• Notify affected individuals directly where Novex is the controller and notification is required by law
• Cooperate with regulators and law enforcement as required

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the “Last Updated” date at the top of this Policy
• Notify Organization owners by email and/or in-product notice at least 30 days before the changes take effect (for material changes)
• Post the prior version in our archive for reference

Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

For privacy questions, rights requests, or concerns:

• Email: privacy@getrepair.co
• Mail: Novex Solutions LLC, 1111B S Governors Ave STE 26220, Dover, DE 19904

For EEA / UK users, you also have the right to lodge a complaint with your local data protection authority.