Privacy Policy

Last updated: 08-April-2026.

This policy is subject to the iFixit Terms of Use, which govern your use of our website and services including FixBot.

We firmly believe in our customers' right to privacy, and we respect that right by adhering to the concept of Fair Information Practices.

iFixit is based in the United States.

We collect your information when you complete our online forms, purchase our products online, and interact with our community. We track that information using cookies. We record all of the discussions we have with you on the phone and, when you use our FixBot chat and voice features, we store your conversations and, if you use audio mode, the associated audio recordings (where permitted by law). The information we collect includes name, address (if you place an order), email address, IP address, phone number, and location (if you add it to your profile).

We use your information to send you the products you have ordered from us online. We use your data in big data projects to help us understand trends in the marketplace. We store your information with our cloud service provider in the U.S. We use cookies to monitor your behavior on our website. We use FixBot conversation content and audio (where permitted by law) to provide, secure, and improve our AI-powered chat and voice assistance. We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

We share your details with selected business partners which may include:

• The cloud service providers that help us store your information and send you email
• Google and Facebook to give us insight into how people are using our site and understand how to improve our visibility
• Payment service providers that process your payment information on our behalf
• Large language model service providers (such as OpenAI, Anthropic, Google, and Cerebras) when you interact with our AI features (including FixBot chat and FixBot audio), so they can process your messages, transcripts, and, where necessary, audio on our behalf
• Shipping carriers and software companies that help us ship your order
• Lawyers representing us in the event of a legal claim
• Lawful requests by public authorities, including to meet national security, regulatory or law enforcement requirements
• Help Scout: Help Scout (customer support ticketing system) to receive, organise, and respond to customer support enquiries, including your contact details and the content of your messages.
• Typeform: Typeform (online forms provider) to collect and process information you submit through our customer support and feedback forms, such as contact details, order information, and the details of your enquiry.

Our website uses cookies to provide functionality, analyze usage, and deliver advertising. You can manage cookies in your browser settings or opt out of marketing cookies at Your Online Choices or the Network Advertising Initiative. Disabling cookies may affect site functionality.

While browsing our site, cookies may be set by iFixit and by third-party services we use. The categories are:

Legal basis for cookies. In the EU, the use of cookies that are not strictly necessary requires your consent under Art. 5(3) of the ePrivacy Directive (2002/58/EC) and Art. 6(1)(a) GDPR. In the United Kingdom, the Privacy and Electronic Communications Regulations (PECR) apply; cookies that are strictly necessary for a service you have requested are exempt from consent requirements.

Additionally, you may see cookies set by services we use. You can find more information on their cookies use pages and privacy policies:

Third party cookies: Our website uses external web services and cookies to personalize content and advertising, provide social media features, and analyze web traffic. In the EU and UK, these features are enabled only with your consent. In other jurisdictions (including many U.S. states), these features may be enabled by default and you may opt out of certain uses such as targeted advertising. If these features are enabled while you are logged in to your user account, your visits to our website may be associated with your account. Your personal data may be used by Google to personalize ads, and cookies and mobile ad identifiers may be used for both personalized and non-personalised ads. Information about Google’s processing of personal data can be found here. We may also share information about your use of our website with the social media, advertising and analytics services we use. They may combine this information with other information that you have provided to those services or that has been collected as part of your use of the services. Your personal data (e.g. IP address, browser fingerprint, or geolocation) may be transferred to third countries and be accessed there. When data is transferred to other countries, in the absence of appropriate safeguards, there is a risk that this data may be accessed by public authorities without you being informed and without you having any legal remedy against this. There may be no supervisory authority or data processing principles, and EU citizens may not have the same data subject rights as in the EU. By giving your consent, you agree to the use of cookies, the activation of external web services, the transfer of data to other countries, and the display of personalized ads.

Advertising and analytics disclosures: We may disclose certain identifiers and internet or network activity information (such as cookie identifiers, device identifiers, and IP address) to advertising and analytics partners to measure performance, attribute conversions, and deliver advertising that may be tailored to your interests (“targeted advertising”). In some U.S. states, this type of disclosure may be considered a “sale” of personal data or “sharing” of personal information as defined by applicable law. You may opt out as described below.

We use the following service providers for hosting, error monitoring, and AI analytics:

• Vercel (San Francisco, CA) — hosting and content delivery
• Sentry (San Francisco, CA) — error monitoring and crash reporting
• Langfuse (Berlin, Germany) — AI observability and analytics
• Microsoft Clarity (Redmond, WA) — session recording and analytics, including on FixBot chat pages. Clarity may capture your interactions with the page, including text you enter and responses displayed. Session recordings help us understand how users interact with FixBot and improve the experience.
• Help Scout (Boston, MA) — customer support ticketing. When you contact support, your name, email, and message content are processed by Help Scout.
• Typeform (Barcelona, Spain) — online forms. Information you submit through our support and feedback forms is processed by Typeform.
• ActiveCampaign (Chicago, IL) — email marketing and automation. When you subscribe to our newsletter or receive marketing emails, your name and email address are processed by ActiveCampaign.
• Amazon Web Services (AWS) (Seattle, WA) — cloud infrastructure. Our applications and data are hosted on AWS servers.
• SendGrid (Denver, CO) — transactional email delivery. When we send you password resets and other service emails, they are delivered through SendGrid.

These providers may process personal data (such as IP addresses, device information, and usage data) as needed to provide their services to us. Transfers to US-based providers are protected by SCCs and/or DPF.

In order to make our website available to you, we use the services of hosting companies, such as the provision of web servers, storage space, database services, security services and maintenance services.

When you visit our website or its individual pages, your device’s browser automatically sends information to our website server. This information is stored in log files by us or by our hosting provider.

The following information is stored:

• The IP address of the requesting computer,
• The date and time of access,
• The name and URL of the requested file,
• The website from which our site was accessed (referrer URL),
• The browser being used and, if applicable, the type of operating system your computer uses and the name of your access provider.

This data is processed for the following purposes:

• The provision of our website, including all of its features and contents
• To ensure a smooth connection to our website
• To ensure the comfortable use of our website
• To ensure system security and stability
• For anonymized statistical evaluation of user access
• To optimize our website
• For forwarding to law enforcement authorities in the event of unlawful interference or an attack on our systems
• For additional administrative purposes.

If you use the contact form, you will be asked to provide your name and email address so we can contact you personally. Additional information can be provided voluntarily. All personal data collected in connection with the contact form will be deleted after responding to your request, unless it is necessary to store this data for the documentation of other processes (for example, for the subsequent conclusion of a contract).

If you are a customer and we received your email address in connection with a purchase, we may use it for direct marketing of similar goods or services, provided you have not objected. We advise you of the right to object at the time of collection and in every marketing email. The legal basis is our legitimate interest in direct marketing under Art. 6(1)(f) GDPR. We store your email for this purpose until you object.

If you would like to receive our newsletter, we need to have your name and email address. Your email address will be used and stored for this purpose until you withdraw your consent or unsubscribe from the newsletter. You can unsubscribe at any time by using the link at the end of each newsletter or by contacting us.

We send our newsletters with a web beacon. A web beacon is a miniature graphic embedded in the newsletter’s HTML format which enables us to analyze reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimize newsletter distribution and to better match the content of future newsletters to your interests. The collected data will not be transferred to third parties and will be deleted after the statistical evaluation. We only use newsletter tracking where you have consented; you can withdraw consent by unsubscribing or by blocking images in your email client.

When you share device diagnostics with us — for example through our mobile app or our battery-health tools — we collect information such as battery cycle count, capacity, charge state, and similar hardware data. We use this information to provide troubleshooting guidance, generate repair insights, and improve our diagnostic and FixBot services.

If you apply for a job, we process your name, contact information, and application documents to carry out the application procedure and decide whether to establish an employment relationship. The legal basis is Art. 6(1)(b) GDPR (pre-contractual steps). If we ask to keep your application on file for future openings, or if you provide special categories of personal data, we will obtain your consent under Art. 6(1)(a) GDPR (and Art. 9(2)(a) where applicable). You can withdraw consent at any time with effect for the future. Application data is typically deleted 6 months after the conclusion of the recruitment process unless you have consented to longer storage or a longer retention period is required by law.

If you leave comments or other contributions on our website, your email and IP address will be stored. You can provide further information voluntarily. The purpose of storing your email address is to contact you regarding your comment or contribution, to forward any complaints you may have and, if necessary, to ask you to comment. You will not be able to use the comments function without entering your email address. The email address you provide will be saved but will not be published along with your comment.

Our legitimate interest in retrieving and storing your email address is for security reasons, for example, in the event that someone leaves illegal content (for example, insults) in comments and contributions. In this case, we ourselves could be prosecuted for the comment or contribution and therefore, we have a legitimate interest in storing your IP address. This collected personal data will only be passed on to the prosecution authorities in cases of criminal investigations. Personal information will not be transferred to any other third parties.

You can register on our website by entering your name and email address. Registration is voluntary and is based on your voluntary consent. The transmission of any other personal data is determined by the input form used for the registration. The collected personal data is used for the purposes of offering our services as well as to contact you in order to provide you with information regarding our services and your registration. You can view your personal data and make changes to this data via your personal user access. Your data will be stored until you delete your user account or instruct us to delete your data. If we are obliged to store your personal data due to legal, commercial and tax-related retention periods, the processing of your personal data will be restricted accordingly until the expiry of the retention periods and this data will then be deleted.

When you register on our website or use your user account, we store your IP address and the time of your use of our website. Storage of your data is in your interest in order to protect you from misuse and other unauthorized use. Your data will not be transferred to third parties, unless necessary to fulfill contractual obligations, for the pursuit of any claims to which we are entitled, or if there is a legal obligation. IP addresses are anonymized.

If you leave reviews or ratings on products in our web store, we store the date, content of your review or rating, and your IP address. If you are logged in, your review is linked to your iFixit community account. Reviews may also be left anonymously or as a guest without an account. We store this information to display reviews, forward complaints, and protect against unlawful content. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in providing review functionality and security).

Our web store is operated on the Shopify platform. iFixit is the data controller for customer personal data collected through the store. Shopify Inc. (Ottawa, Canada) and Shopify International Ltd. (Dublin, Ireland) process order data, payment data, browsing behavior, device and cookie information, and other store interaction data as needed to provide the e-commerce platform and related services.

When Shopify Network Intelligence and related Enhanced Services are enabled, Shopify may also process customer personal data as an independent controller or business to provide services such as store analytics, personalization, improved store performance, fraud prevention, and more relevant advertising. This may include using information about your activity with our store together with information from Shopify, other merchants, and other sources. Shopify may share information with service providers and other third parties, including parties located in other countries, to provide these services. Other merchants cannot see our customer data.

For more information, see Shopify's Consumer Privacy Policy. You can exercise certain rights, withdraw consent, or object to Shopify's processing for certain purposes through Shopify's privacy portal at https://privacy.shopify.com.

When you place an order, we process your personal data in order to perform our contractual obligations. This data includes:

• Your name, address and contact data, any alternate delivery addresses or invoice addresses or alternate recipients and, if necessary, your date of birth;
• Contract data, such as the subject matter and duration of the contract and customer category;
• Payment data, such as bank details, credit card data, and payment history.

The data will only be transferred to third parties to the extent necessary in order to implement pre-contractual measures and to fulfill contractual obligations, such as to banks, payment service providers, and credit card companies for processing payment, and to shipping providers for shipping goods.

When you use our FixBot features (for example, asking questions or talking to our voice agent), we process:

• the content of your messages and instructions;
• technical information about your device and connection (such as IP address, browser or app version, language, and timestamps); and
• if you use audio mode, recordings of your voice and automatically generated transcripts.

We use this information to:

• provide the FixBot service (for example, answering your questions, suggesting guides or products, and troubleshooting issues);
• operate, secure, and monitor the performance of FixBot; and
• improve FixBot and other iFixit services, including reviewing conversations to identify quality issues, improve prompts, and measure accuracy, where permitted by law.

We may share FixBot conversation content and transcripts (and, where necessary, audio) with our service providers that host the large language models and voice-processing services we use, including OpenAI (San Francisco, CA), Anthropic (San Francisco, CA), Google (Mountain View, CA), and Cerebras (Sunnyvale, CA). We also use Parallel (San Francisco, CA) as a search provider for retrieving relevant repair content. These service providers are located in the United States. Transfers of personal data from the EU/EEA and UK to these providers are protected by EU Standard Contractual Clauses (SCCs) and, where the provider participates, the EU-US Data Privacy Framework (DPF). These service providers are contractually required to protect your data and may only use it as needed to provide services to us. Our agreements prohibit these providers from using your FixBot conversations to train or improve their own general-purpose models. iFixit may use FixBot conversation data (excluding audio) to evaluate and improve iFixit's own FixBot service — for example, by reviewing conversations to identify quality issues, improve prompts, and measure accuracy. This is done by iFixit, not by the LLM providers.

Enterprise use. Where an enterprise customer deploys FixBot under a separate agreement, iFixit may act as a data processor on behalf of that customer; processing is then governed by the applicable Data Processing Addendum. Enterprise customers may request a DPA by contacting legal@ifixit.com.

For some jurisdictions (for example, residents of the European Union and certain U.S. states), we may:

• limit or disable storage of audio recordings, in line with local legal requirements.

We retain FixBot data as follows:

• Chat logs and transcripts: Retained for the duration of your account. After account closure or deletion request, deleted within a reasonable period unless retention is required by law.
• Audio recordings: Retained only as long as needed for the purposes described above. In the EU, audio is not stored unless you have given consent; where stored, it is deleted or de-identified when no longer needed for service provision or improvement.
• Device diagnostics: Retained for the duration of your account.
• Consent records: Retained for the duration of the relationship plus the applicable statutory limitation period.

When you request deletion of your personal data or close your account, we will delete your FixBot conversation history, audio recordings, and diagnostic uploads within a reasonable period, unless retention is required by law, necessary to resolve disputes, or subject to a legal hold. Aggregated, de-identified data that cannot identify you may be retained indefinitely.

Sensitive data notice: Certain information we process (such as audio recordings or precise geolocation, if provided) may be considered “sensitive” under some U.S. state privacy laws. We do not use FixBot audio to identify individuals through voiceprints or biometric identification. Where required by law, we obtain consent before processing sensitive data for certain purposes, and you may withdraw consent or request deletion as described above.

We use third-party providers for payment processing and fraud prevention. When you place an order, your name, address, email, purchased products, invoice amount, and delivery address may be shared with these providers.

Credit assessment. If you select credit card, direct debit, or purchase on account as your payment method, PayPal may conduct a credit check to minimize payment defaults. These assessments use probability-based scoring calculated using a scientifically recognized mathematical-statistical procedure, including address data. In the case of insufficient creditworthiness, the selected payment method may be refused. If you do not agree to the data transmission, please use another method of payment.

Klarna (EU). Our EU web store uses Klarna Bank AB (Sveavägen 46, 111 34 Stockholm, Sweden) for purchase on account and payment by installments. When you pay via Klarna, your name, email, date of birth, purchased products, invoice amount, and billing/delivery address are transmitted to Klarna. Klarna may check your creditworthiness using probability-based scoring. The legal basis is Art. 6(1)(b) GDPR. For more information, see Klarna’s Privacy Policy.

For more information, see PayPal’s Privacy Statement.

Our EU web store uses the Trusted Shops trust badge (Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany). When the trust badge loads, your IP address, date/time, and data volume are automatically processed and deleted within 7 days. Further personal data is only transferred to Trusted Shops if you consent to use their review services. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in marketing). For more information, see Trusted Shops’ Privacy Policy.

We use the “Facebook Pixel” on our website. The use of this technology enables Facebook to assign visitors to our website to specific groups (for example, visitors to our website according to the areas of interest we have sent to Facebook - the “custom audiences”) for the display of specific advertisements and to thus be able to recognize these groups. This ensures that these users are only shown advertisements that match their interests and that inconveniences caused by inappropriate advertising are avoided. By using the Facebook Pixel, we can also monitor the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our services after clicking on an advertisement.

Additional information about the Facebook Pixel and how it works can be found here. Detailed information on how Facebook processes the data it collects and general information about Facebook advertisements can be found in Facebook’s Data Policy. In your Facebook account under the heading “Settings,” you can object to the collection of your data via the Facebook Pixel and its use for displaying specific advertisements. Information on these settings can be found here (login necessary).

We use a range of Google services including Google Analytics (with demographic features and remarketing), Google Ads (conversion tracking), Google AdSense, Google Fonts, and reCAPTCHA. These services use cookies and similar technologies to collect information such as your IP address, browser type, operating system, referrer URL, pages visited, and time of access. Google uses this data to provide analytics, measure advertising effectiveness, display targeted and remarketing advertisements, serve web fonts, and protect our site from abuse.

Pseudonymized user profiles may be created. IP addresses are anonymized. Data may be transferred to Google servers in the United States; see the Third-Party Cookies table above for Google’s privacy policy links.

‘’’Opt out:’’’ You can disable Google Analytics by installing the browser opt-out plugin, adjust your Google ad settings, or manage cookies in your browser settings. This site is also protected by reCAPTCHA, subject to Google’s Privacy Policy and Terms of Service.

We use Auctane services, including Stamps.com and Encidia, and ShipJunction to ship products you order from us. In order to facilitate delivery of your order, we provide to Auctane and/or ShipJunction data including but not limited to name, address, email address, mobile telephone number, and contents of package. Auctane and/or ShipJunction may use this data to enhance the delivery process for our customers and it may use notifications and geodata for that purpose, which may involve Auctane and/or ShipJunction sharing such details with limited third parties’ data processors, for the purpose of completing the requested services. You can read Auctane's Privacy Policy here, and ShipJunction's Privacy Policy here.

FOR CALIFORNIA RESIDENTS

This Privacy Notice for California Residents supplements the information contained above and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), and any terms defined therein have the same meaning when used in this Notice.

This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals (see iFixit’s California Employee Privacy Notice).

FOR U.S. STATE PRIVACY LAWS (NON-CALIFORNIA RESIDENTS)

This section applies to residents of U.S. states that have adopted comprehensive consumer privacy laws (including, where applicable, Indiana, Kentucky, Rhode Island, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) and supplements the information above.

Depending on your state of residence and subject to applicable law, you may have the right to:

• request access to personal data we process about you;
• request deletion of personal data, subject to legal exceptions;
• request correction of inaccurate personal data;
• obtain a copy of your personal data in a portable format;
• opt out of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects; and
• appeal our decision if we deny your request.

You may exercise these rights by submitting a request via our Request Form or by contacting us at privacy@ifixit.com. We may verify your identity before responding.

If your request is denied, you may appeal our decision by replying to our response or contacting privacy@ifixit.com with the subject line “Privacy Appeal.” We will respond to appeals within the timeframe required by applicable law.

Data breaches: In the event of a data breach involving your personal information, we will notify you and the applicable state attorney general or regulatory authority as required by the breach notification law of your state of residence.

In the preceding twelve (12) months, we have collected the following categories of personal information (as defined in the CCPA/CPRA):

We collect this information directly from you and by observing your actions on our website.

We use personal information to: fulfill orders and process payments; provide and improve our website, products, and services (including FixBot); manage your account; respond to inquiries and provide support; deliver relevant content and advertising (with consent where required); maintain security and prevent fraud; conduct research, testing, and product development (including improving FixBot’s capabilities and our diagnostic tools); and comply with legal obligations. We will not use personal information for materially different purposes without providing you notice.

We may disclose your personal information to service providers for a business purpose. When we do so, we enter a contract that requires the recipient to keep the information confidential and use it only to perform the contract.

In the preceding twelve (12) months, we have disclosed categories A (Identifiers), B (California Customer Records), D (Commercial information), and F (Internet/network activity) to service providers for business purposes.

In the preceding twelve (12) months, we have disclosed categories A (Identifiers) and F (Internet/network activity) to advertising partners for targeted advertising. Under the CCPA/CPRA, these disclosures may constitute "selling" or "sharing" of personal information. You may opt out of such disclosures as described in the Your Rights and Choices section above.

Under the CCPA/CPRA, California residents have the right to: access their personal information, request a portable copy, request correction of inaccurate data, request deletion (subject to statutory exceptions), opt out of the sale or sharing of personal information, and request that we limit the use and disclosure of sensitive personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide our services. We will not discriminate against you for exercising these rights.

We disclose personal information to the categories of third parties described in the "Who we share it with" section above, including service providers (hosting, analytics, payment processing, customer support, AI/LLM providers, shipping), advertising partners, and law enforcement where required by law.

To exercise any of these rights:

• Call us toll-free at 866-613-4948, or
• Complete our request form.

We will verify your identity and respond within 45 days (up to 90 days with notice). You may make a request on behalf of your minor child.

Do Not Track (DNT): Some browsers offer a “Do Not Track” setting that sends a signal to websites requesting that browsing not be tracked. There is no uniform DNT standard; we do not currently respond to DNT signals.

Global Privacy Control (GPC): We recognize the Global Privacy Control signal as a valid opt-out of the sale or sharing of personal information under the CCPA/CPRA. If your browser or extension sends a GPC signal, we will treat it as a request to opt out of the sale/sharing of personal information associated with that browser. To learn more or enable GPC, visit globalprivacycontrol.org.

This Privacy Notice for EU Residents supplements the information contained above and applies solely to all visitors, users, and others who reside in the European Union. We have prepared this data protection declaration to inform you about the type, scope and purpose of the processing of personal data in connection with our website, in accordance with the provisions of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR). “Personal data”, “processing”, “controller”, and “recipient” have the same definitions set forth therein (Art. 4 GDPR).

Data Controller for EU residents:

iFixit GmbH
Sigmaringer Str. 260
70597 Stuttgart, Germany
Tel.: +49 711 - 21724068-0
Fax: +49 711 - 21724068-9
Email: privacy@ifixit.com

Geschäftsführer: Kyle Wiens, Luke Soules, Hillary Trout, Kelly Boss
Registergericht: Amtsgericht Stuttgart, HRB 744920
UST-ID-Nr.: DE288962517

For certain processing activities described in this privacy notice, we use iFixit [US], 1330 Monterey Street, San Luis Obispo, California 93401, USA as a data processor on behalf of iFixit GmbH. iFixit GmbH is responsible for complying with all obligations regarding the exercise of data subject rights under GDPR.

Verantwortlicher i.S.d. § 18 Abs. 2 MStV: Luke Soules (Sigmaringer Str. 260, 70597 Stuttgart, Germany).

Contact details of the Data Protection Officer:

OBSECOM GmbH
Königstr. 40
70173 Stuttgart, Germany
Tel.: +49 711 - 4605025-40
Fax: +49 711 - 4605025-49
Email: datenschutz@obsecom.de
Website: www.obsecom.eu

United Kingdom: This privacy notice also applies to processing of personal data subject to the UK GDPR for users in the United Kingdom using the iFixit UK storefront. Where we transfer personal data from the United Kingdom to recipients outside the United Kingdom, we rely on appropriate safeguards such as an adequacy regulation, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, as applicable. Our designated contact for UK data protection matters is: Kyle Wiens, iFixit GmbH, Sigmaringer Str. 260, 70597 Stuttgart, Germany, privacy@ifixit.com.

We process personal data on the basis of at least one of the following legal bases:

• The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR);
• Performance of a contract with the data subject or for the implementation of pre-contractual measures taken at the request of the data subject (Art. 6 para. 1 sentence 1 lit. b GDPR);
• Compliance with a legal obligation to which we are subject (Art. 6 para. 1 S. 1 lit. c GDPR);
• Protection of our legitimate interests or those of a third party (Art. 6 para. 1 sentence 1 lit. f GDPR)

The following information refers to the legal basis of the individual processing steps contained in this data protection declaration.

We forward personal data to recipients (contractors or other third parties) only to the required extent and only under one of the following conditions:

• The data subject has consented to the transfer;
• The transfer is for the fulfillment of contractual obligations or pre-contractual measures on the initiative of the data subject;
• We are legally obliged to make the transfer;
• The transfer is made on the basis of our legitimate interests or those of a third party.

The transfer of personal data to a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permissions only in accordance with the conditions of Art. 44 ff. GDPR. The following table lists our service providers and the applicable transfer safeguards. EU/EEA-based providers do not require a transfer mechanism; non-EU providers are covered by the mechanisms shown:

For US-based providers: where a provider participates in the EU-US Data Privacy Framework (DPF), we rely on that certification as the primary transfer mechanism. For all US-based providers, we also maintain EU Standard Contractual Clauses (SCCs) as a supplementary or primary safeguard in accordance with Art. 46 GDPR. EU/EEA-based providers process data within the EEA and do not require a transfer mechanism. For Shopify (Canada), we rely on the European Commission's adequacy decision for Canada.

As a data subject who resides in the EU or the United Kingdom, you have the right to: access your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), object to processing (Art. 21), withdraw consent (Art. 7(3)), and lodge a complaint with a supervisory authority (Art. 77). To exercise any of these rights, contact us or our Data Protection Officer using the details above.

In the event of a personal data breach, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR, unless the breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay in accordance with Art. 34 GDPR, describing the nature of the breach, the likely consequences, and the measures we have taken or propose to take.

United Kingdom: The same notification obligations apply under UK GDPR. We will notify the Information Commissioner's Office (ICO) and, where required, affected UK residents in accordance with UK data protection law.

We erase personal data when it is no longer necessary for the purposes for which it was collected, including FixBot conversation data (see FixBot Data Retention section above). We will also erase your data on request under Art. 17 GDPR, unless retention is required by law — for example, 6 years under German Commercial Code (HGB § 257) or 10 years under German Tax Code (AO § 147). Where data must be retained, processing is restricted to the retention purpose (Art. 18 GDPR).

The following table summarizes the GDPR legal basis for each type of processing described above. Where multiple bases apply, the primary basis is listed first.

Additional notes on specific processing:

FixBot. Where required by law (for example, for certain uses of audio recordings for product improvement), we process your data on the basis of your consent (Art. 6(1)(a)). You can withdraw consent at any time with effect for the future by contacting us; this does not affect the lawfulness of processing carried out before withdrawal. FixBot records audio for transcription purposes only — we do not create, collect, or use biometric data (such as voiceprints) from FixBot audio.

Model improvement. We may use FixBot conversation data (excluding audio) to evaluate and improve our FixBot service on the basis of our legitimate interests (Art. 6(1)(f)). This includes reviewing conversations for quality, improving prompts, and measuring accuracy — not training foundation models. This does not involve automated individual decision-making with legal effects under Art. 22. You may opt out by contacting privacy@ifixit.com without affecting the FixBot service.

Community registration. iFixit GmbH and iFixit [US] use a shared system for community accounts. Registering with the iFixit Community requires your data to be transferred to the USA; you can order goods in the EU store as a guest without registering. Data transfers are covered by the safeguards described in the Third Countries section above. Registration is voluntary.

Job applications. We process EU job applications on the basis of Art. 6(1)(b) GDPR (pre-contractual steps). Application data is deleted 6 months after the conclusion of the recruitment process unless you have consented to longer storage. See the Job Applications section above for details.

Transfer mechanisms for Facebook and Google: Facebook and Google participate in the EU-US Data Privacy Framework (DPF). See the Third Countries section above for the full transfer safeguard table covering all US-based providers.

iFixit complies with the principles of the Personal Information Protection and Electronic Documents Act (PIPEDA) for handling personal information of Canadian residents.

Canadian residents have the right to request access to and correction of their personal information, and may withdraw consent for future processing where permitted by law.

Requests can be sent to our Privacy Officer at privacy@ifixit.com.

We retain personal information only as long as necessary for the purposes described in this policy or as required by law, after which it is securely deleted or anonymized.

Cross-border transfers: Personal information of Canadian residents may be processed or stored in the United States or other countries where our service providers are located. While outside Canada, it may be subject to the laws of those jurisdictions. We use contractual and technical safeguards to protect your data wherever it is processed.

Marketing communications: We send promotional emails only with your consent, as required under Canada’s Anti-Spam Legislation (CASL). You can withdraw your consent at any time by using the “unsubscribe” link in our emails or by contacting us.

Data breaches: In the event of a data breach involving your personal information, we will assess the risk of significant harm and, if required by law, notify affected individuals and the Office of the Privacy Commissioner of Canada in accordance with PIPEDA. For Quebec residents, we will also notify the Commission d'accès à l'information du Québec as required by the Act Respecting the Protection of Personal Information in the Private Sector (Law 25).

iFixit complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) when handling personal information of Australian residents. For consumer guarantee rights under the Australian Consumer Law, see the Australia Addendum (Addendum D) in our Terms of Use.

Your rights. Australian users have the right to:

• request access to their personal information (APP 12);
• request correction of inaccurate, out-of-date, or misleading personal information (APP 13);
• make a privacy complaint, which we will handle promptly and in good faith.

Requests can be sent to our Privacy Officer at privacy@ifixit.com.

Retention. We retain personal information only as long as necessary for the purposes described in this policy or as required by law, after which it is securely deleted or de-identified.

Cross-border disclosure (APP 8). Personal information of Australian residents may be disclosed to overseas recipients, including in the United States and the European Union, where our service providers operate. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs, including through contractual obligations (such as EU Standard Contractual Clauses where applicable) and due diligence on the recipient's privacy practices. The countries to which your personal information may be disclosed include the United States (LLM providers, hosting, analytics, customer support), Germany (Langfuse), Spain (Typeform), and other countries where our service providers listed in the Third Countries transfer table above operate.

Notifiable data breaches. If a data breach is likely to result in serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988.

Our website is intended for use by individuals who are at least 18 years old, or who have parental/guardian consent or are emancipated minors. We do not knowingly collect personal information from children under the age of 13 or from EU residents under the age of 16 without parental/guardian consent. If you believe that a child has provided us with personal information without parental/guardian consent, please contact us. We also comply with other age restrictions and requirements in accordance with applicable local laws.

FixBot and children (COPPA). We do not knowingly collect personal information from children under 13 through FixBot. If a child under 13 uses FixBot, their inputs may be transmitted to the following third-party providers for real-time processing: OpenAI (San Francisco, CA), Anthropic (San Francisco, CA), Google (Mountain View, CA), Cerebras (Sunnyvale, CA), and Parallel (San Francisco, CA — search provider). We do not use children's data to train AI models or for any purpose other than generating a real-time response. If FixBot audio features are used by a child, voice input is processed to generate a text transcript only — we do not collect, store, or use voiceprints or other biometric identifiers derived from a child's voice. If we learn that a child under 13 has used FixBot, we will delete their data promptly and notify the parent or guardian if contact information is available.

From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements, or other business reasons. We will provide notice of substantive changes and, where legally required, will obtain your consent. We may provide notice via email, by posting a notification on our website, or by other means, consistent with applicable law.

For all privacy inquiries, data subject requests, or questions about this policy:

Email: privacy@ifixit.com
Phone: 866-613-4948
Request Form to exercise your rights
Postal: iFixit, Attn: Privacy Officer, 1330 Monterey St, San Luis Obispo, CA 93401, USA