SpotFix LogoSpotFix.ca

Privacy Policy

Last updated: April 2026

SpotFix.ca is operated from Canada and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). This policy explains what we collect and how we use it.

What we collect

  • Account info: email, display name, password (hashed).
  • Reports: photos, descriptions, GPS coordinates, addresses, category, severity, recipient contact.
  • Usage: page views, anonymous error logs, your selected city.
  • Optional: avatar, phone, default municipality.

How we use it

  • Display reports on the platform (public map for civic reports; private otherwise).
  • Route reports to municipalities or other recipients via your own email client.
  • Award badges, XP, and leaderboard rankings.
  • Detect duplicates and prevent spam (rate limiting, AI image moderation).
  • Improve the platform via aggregated, anonymized analytics.

Sharing

Public report content (title, photo, location, status, your display name) is visible to anyone. Private reports are visible only to you, your assigned recipient, and SpotFix admins. We never sell your data. We share only with: our backend infrastructure provider (Lovable Cloud / Supabase), the AI moderation provider for image safety screening, and reverse-geocoding (OpenStreetMap Nominatim — coordinates only).

Email

SpotFix does not send transactional emails on your behalf. When you route a report, your own email client opens with a pre-filled message — you choose to send. The only emails from us are auth-related (signup confirmation, password reset).

Cookies & local storage

We use local storage to keep you signed in and remember your selected city. We do not use third-party advertising trackers.

Your rights

You can view, edit, or delete your profile and reports anytime. To request a full data export or full account deletion, contact us. We retain reports indefinitely as a public civic record but will redact your personal identifiers on request.

Security

Passwords are hashed and checked against the Have I Been Pwned database. All data is transmitted over HTTPS and protected by row-level security. No system is 100% secure — please use a strong unique password.

Children

SpotFix is not intended for users under 13. We do not knowingly collect data from children.

Contact

Privacy questions or data requests: Contact us.