Privacy Policy

1. Introduction

RepairMinder is a repair shop management platform that helps businesses track repairs, manage customers, and streamline their workflow. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

This policy applies to the RepairMinder website (repairminder.com), iOS application, web dashboard (app.repairminder.com), customer portal, and associated APIs (collectively, the “Service”).

In this policy, “we”, “us”, and “our” refer to Mendmyi Ltd (trading as RepairMinder), a company registered in England and Wales. “You” and “your” refer to users of the Service, including repair shop staff (“Business Users”) and their end customers (“Customers”).

2. Data Controller

The data controller responsible for your personal data is:

Mendmyi Ltd (trading as RepairMinder)
20-22 Wenlock Road
London, N1 7GU
United Kingdom

For data protection enquiries, contact [email protected].

Where Business Users enter their customers' data into RepairMinder, the Business User is the data controller for that customer data and RepairMinder acts as a data processor on their behalf.

3. Information We Collect

Account Information

• Email address, first and last name
• Company name, business address, and VAT number (if provided)
• Password (stored securely hashed, never in plaintext)

Repair & Device Data

• Device details: brand, model, serial number, IMEI, colour, storage capacity
• Device condition and grade assessments
• Passcode type (PIN, pattern, password, biometric, none) — we store the type only, not the actual passcode
• Find My iPhone status
• Warranty and insurance information (provider, expiry, claim references)
• Diagnostic notes, repair notes, and technician notes
• Device images (pre-repair, post-repair, and diagnostic photos)
• Accessories received with devices
• Parts used in repairs
• Signatures (name, consent, and timestamp for authorisations and collections)

Client/Customer Data

Business Users may enter the following data about their customers:

• Customer names, email addresses, phone numbers, and addresses
• Social media links (if provided)
• Marketing consent status and timestamp
• Notes and comments

Financial Data

• Order totals, line items, and payment amounts
• Payment method type (card, cash, etc.) and card brand/last four digits
• Card payments are processed directly by the payment provider — we do not store full card numbers
• Refund amounts, dates, and reasons

Technical Data

• Device tokens for push notifications
• iOS device model, operating system version, and app version (collected during push notification registration)
• Login timestamps and session information
• IP addresses, browser type, operating system, and device name (for security, rate limiting, and audit logging)
• Email delivery data: whether transactional emails were delivered, opened, or bounced (for service reliability monitoring)

Biometric Data (iOS App)

If you choose to enable biometric unlock, the iOS app uses Face ID or Touch ID to authenticate you locally on your device. Biometric data is processed entirely by your device's secure enclave — we never receive, store, or have access to your biometric data.

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

• Contract performance (Article 6(1)(b)) — processing necessary to provide the RepairMinder service to you, including account management, repair tracking, payment processing, and transactional communications.
• Legitimate interests (Article 6(1)(f)) — processing necessary for our legitimate interests, including: maintaining security (two-factor authentication, rate limiting, audit logging, fraud prevention), monitoring email deliverability to ensure service reliability, and improving the service based on usage patterns. These interests are balanced against your rights and do not override them.
• Legal obligation (Article 6(1)(c)) — retaining financial records as required by UK tax and accounting law.
• Consent (Article 6(1)(a)) — where you have given specific consent, such as for optional features or marketing communications. You may withdraw consent at any time.

5. How We Use Your Information

• Provide and operate the RepairMinder service
• Send transactional communications for repair updates, order confirmations, and account notifications
• Process payments
• Maintain security through two-factor authentication, rate limiting, and audit logging
• Improve the service based on usage patterns

6. Data Storage & Security

Your data is stored on secure cloud infrastructure. Data may be processed in data centres outside the United Kingdom — see Section 10 (International Data Transfers) for details on the safeguards in place.

Security measures include:

• All data encrypted in transit via TLS/HTTPS
• Passwords hashed using industry-standard algorithms; sensitive tokens hashed before storage
• Mandatory two-factor authentication for all staff accounts
• API access controlled via JWT tokens with automatic expiry
• Comprehensive audit logging of all significant actions
• Rate limiting on authentication and API endpoints
• On the iOS app: authentication tokens and sensitive data stored in the device Keychain (hardware-encrypted storage)

7. Third-Party Services

We use third-party service providers to operate the Service. Each provider receives only the minimum data necessary to perform its function. Full details of the providers we use and the data they process are disclosed to you within the application before you begin using the Service.

We do not use third-party analytics, advertising, or tracking services. We do not sell your data to any third party.

8. Data Retention & Deletion

• Account data is retained while your account is active
• Business data (orders, repair records, customer records) is retained for up to 365 days by default. Business Users can configure retention periods in their company settings.
• Audit logs are retained for the duration of the account to maintain a complete security and compliance record
• You may request deletion of your account and personal data at any time by emailing [email protected]
• On account deletion: personal data (name, email, contact details) is permanently removed; repair records are anonymised; device images are deleted from storage
• Backup data is purged within 30 days of a deletion request
• Financial records may be retained beyond account deletion where required by UK law (e.g., HMRC requires records to be kept for at least 6 years)

9. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. When your data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, incorporated into our agreements with third-party processors
• Ensuring that recipients maintain appropriate technical and organisational security measures

You can request further details about the safeguards in place by contacting [email protected].

10. Your Rights

Under the UK Data Protection Act 2018 and UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate personal data
• Erasure — request deletion of your personal data
• Restrict processing — request that we limit how we use your data
• Data portability — request your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact [email protected]. We will respond within one month. This period may be extended by a further two months for complex requests, in which case we will notify you within the first month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Cookies

• The marketing website (repairminder.com) does not use cookies
• The web dashboard (app.repairminder.com) uses essential cookies only for authentication session management
• We do not use analytics cookies, advertising cookies, or third-party tracking cookies

12. Children's Privacy

RepairMinder is a business tool not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For significant changes, we will notify users via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Us

Mendmyi Ltd (trading as RepairMinder)
20-22 Wenlock Road, London, N1 7GU

• Privacy inquiries: [email protected]
• General support: [email protected]