PLANFIX / Documents / California Privacy Notice

California Privacy Notice

Takes effect 27.05.2026

CONTENTS

Takes effect 27.05.2026

If you live in California, this Privacy Notice describes your privacy rights under the California Consumer Privacy Act (CCPA) and how Planfix handles your personal information. It explains what we collect, why, who we share it with, and what you can ask us to do with it.

This Notice complements our Privacy Policy and applies in addition to it. Where this Notice and the Privacy Policy say different things, this Notice controls for California residents.

 

1. WHO THIS NOTICE APPLIES TO

1.1. This Notice applies to you if you live in California and use Planfix.

1.2. Planfix is Planfix, Inc., a California corporation based at 4445 Eastgate Mall, Suite 200, San Diego, CA 92121, USA.

1.3. This Notice does not apply when Planfix processes information on behalf of a business customer — in that case, the business customer (not Planfix) is responsible for responding to your privacy requests. See Section 2 for how that works.

 

2. PLANFIX AS A SERVICE PROVIDER FOR BUSINESS CUSTOMERS

2.1. When a business uses Planfix to manage data about their own customers, employees, or contacts, Planfix processes that data on their behalf as a "Service Provider" under CCPA — not as a "Business" in our own right. The business is responsible for CCPA compliance for the data they upload to their Planfix account.

2.2. As Service Provider, Planfix will:

(a) Not sell or share the data we process on the business's behalf.

(b) Use the data only to provide our service to the business — not for any other purpose.

(c) Not use, retain, or disclose the data outside our direct relationship with the business.

(d) Not combine the data with personal information we receive from anywhere else, except as allowed by California law.

(e) Comply with CCPA and provide the same level of privacy protection that CCPA requires of the business.

(f) Let the business know promptly if we ever can't meet our CCPA obligations.

(g) Cooperate, on reasonable notice and at the business's expense, with the business's efforts to verify we're handling the data correctly.

2.3. If we receive a CCPA request about data we hold on behalf of a business customer, we forward it to them to respond. We cooperate with them on the response (see Section 4.6).

2.4. This Section doesn't change what's in our Terms of Service or any separate data-processing agreement we have with a business.

 

3. WHAT WE COLLECT AND WHY

3.1. Here's what personal information we collect about you, why, where we get it, and how long we keep it.

3.2. We collect:

(a) Identifiers (name, email, postal address, phone number, IP address, account name) — collected from you when you sign up or use Planfix, used to create your account, sign you in, provide the service, support you, and bill you. Kept while your account is active and for 180 days after you delete it (see Privacy Policy §10).

(b) Commercial information (plans you bought, billing history, payment metadata — not card numbers, which go through our payment processor) — collected from you during plan selection and billing, used to provide the service, bill you, and meet tax obligations. Kept 7 years (US tax law).

(c) Internet activity (pages you visit on Planfix, links you click, how long you stay, browser and device) — collected automatically via cookies and logs (see Privacy Policy §§3.3, 3.4), used to run the service, sign you in, and for analytics and security. Kept while your account is active plus 180 days; aggregated analytics may be kept longer in de-identified form.

(d) Approximate location (derived from your IP address; we don't collect precise location) — collected automatically from IP, used for regional service customization and fraud prevention. Kept with related log data.

(e) Professional information (job title, company name, role within your account) — collected from you or whoever set up your account, used for collaboration features and onboarding. Kept while your account is active.

(f) Inferences — limited conclusions we draw from how you use Planfix, derived from your activity, used to improve features and personalize your experience. Kept while your account is active.

(g) Content you upload — when business customers upload data through Planfix, we don't control what's in it. We handle it on their behalf (see Section 2). The business decides what's collected and why.

3.3. The only sensitive personal information we collect is your account log-in (username plus password). We use it only to sign you in and keep your account secure. Nothing else.

3.4. We do not sell your personal information. We do not share it for cross-context behavioral advertising. We have not done either of these in the past 12 months.

3.5. We may share your information with:

(a) Service providers that work for us under contracts requiring CCPA-equivalent rules — for example, infrastructure providers, payment processors, analytics tools (see Privacy Policy §6.2), customer-support tools.

(b) Other customers and their teams within an account, when your information is part of an account they have access to (see Privacy Policy §4.5).

(c) Government and law enforcement, when legally required (see Privacy Policy §§4.1–4.3).

(d) Parties to a corporate transaction — for example, if Planfix is acquired by or merges with another company.

3.6. We keep your information only as long as we need it for the purposes above, or as required by law. Specific retention periods are in Section 3.2 above and in Privacy Policy §10.

 

4. YOUR PRIVACY RIGHTS

4.1. Under CCPA, you have the following rights about how Planfix handles your personal information:

(a) Right to Know — you can ask us what personal information we have about you, where we got it, why we use it, and who we have shared it with.

(b) Right to Delete — you can ask us to delete personal information we have collected from you, with limited exceptions (see Section 4.7).

(c) Right to Correct — if information we have about you is inaccurate, you can ask us to fix it.

(d) Right to Opt-Out of Sale or Sharing — we don't sell your personal information and don't share it for cross-context behavioral advertising. So there's nothing to opt out of right now. If that ever changes, we'll honor your opt-out signals (including the Global Privacy Control) as described in Section 5.

(e) Right to Limit Use of Sensitive Personal Information — you can ask us to limit how we use sensitive personal information. We only use it for authentication and account security (see Section 3.3), so this right is already covered.

(f) Right to Non-Discrimination — we won't penalize you for exercising any of these rights. We won't deny you service, charge you different prices, or downgrade your service quality.

4.2. To exercise any of these rights, you can submit a request through:

(a) the online support form and other contact methods listed at https://planfix.com/support/ ;

(b) postal mail to the address in Section 7.

4.3. Before we act on your request, we verify it's really you. The level of verification depends on the type of request — for routine requests, we check 2 pieces of information you give us against what we have on file; for requests involving specific data, we check 3. If we can't verify you, we'll tell you why and you can try again.

4.4. We'll confirm we got your request within 10 business days. We'll respond to the substance within 45 days. If we need more time (for example, your request is complex), we can take up to 45 more days — but we'll tell you within the first 45 days that we're extending and why.

4.5. You can authorize someone else to submit a request on your behalf. We'll need (a) your written permission, and (b) verification of your identity as described in Section 4.3. If your agent has a valid power of attorney, we'll accept that without separate identity verification.

4.6. If your request is about data we hold on behalf of a business customer (see Section 2), we forward it to them to respond directly. We cooperate with them on the response.

4.7. Why we might keep some data even if you ask us to delete it. California law lets us keep data when we need to:

  • Complete a transaction you started or perform a contract with you;
  • Detect security incidents, fraud, or illegal activity;
  • Debug or fix our service;
  • Comply with a legal obligation (for example, tax records for 7 years);
  • For other limited internal uses that are compatible with how we originally collected the data.

When we keep data under one of these exceptions, we'll tell you which one in our response.

 

5. "DO NOT TRACK" AND GLOBAL PRIVACY CONTROL SIGNALS

5.1. Your browser may let you send a "Do Not Track" (DNT) signal or a "Global Privacy Control" (GPC) signal to websites you visit.

5.2. Right now, Planfix doesn't respond to DNT signals or process GPC signals. We're working on adding GPC support.

5.3. In the meantime, this matters less than it sounds: we don't sell your personal information and we don't share it for cross-context behavioral advertising (see Section 3.4). If you ever want to confirm or exercise an opt-out preference, contact us through the channels in Section 4.2.

 

6. UPDATES TO THIS NOTICE

6.1. We may update this Notice from time to time. When we do, we publish the new version at https://planfix.com/doc/california-privacy/ , and we email you about material changes at the address on your account. Updates take effect immediately when we publish them.

6.2. Please check back periodically. If you keep using Planfix after we update the Notice, that means you've seen the changes. If you disagree with them, you can exercise any of the rights in Section 4.

 

7. CONTACT US

7.1. Questions about this Notice or about how we handle your personal information? Reach us at:

Planfix, Inc.

Attn: Privacy Office

4445 Eastgate Mall, Suite 200

San Diego, CA 92121, USA

Online (preferred): https://planfix.com/support/