RepairOps IconRepairOps

GDPR & Data Processing

Last updated: March 2, 2026

RepairOps is fully committed to compliance with the General Data Protection Regulation (GDPR). We believe that the GDPR represents a significant milestone in data privacy, and we have implemented processes and features to ensure that your shop can operate compliantly while using our platform.

1. Our Role as a Data Processor

For the customer data you upload, store, and process within RepairOps (such as your repair customers' names, phones, and device details), you are the Data Controller, and RepairOps acts as a Data Processor.

2. Data Processing Agreement (DPA)

We offer a standard Data Processing Agreement (DPA) that explicitly details our obligations as a Data Processor under the GDPR. If your shop serves European Union citizens, you can digitally sign our DPA. Please contact privacy@repairops.app to initiate this request.

3. GDPR Features Built-In

RepairOps includes built-in features to help you comply with GDPR requests from your customers:

  • Right to Erasure ("Right to be Forgotten"): With a single click, you can permanently redact a customer's personally identifiable information (PII) while retaining anonymized financial data for accounting purposes.
  • Right to Portability: Export a customer's complete history, tickets, and data in a machine-readable JSON or CSV format.
  • Consent Tracking: Log explicit consent for SMS and email marketing communications directly on the customer profile.

4. Sub-processors

To provide our service, we use a limited number of vetted third-party sub-processors. We ensure that every sub-processor meets strict GDPR compliance standards. Key sub-processors include:

  • Vercel (Application Hosting)
  • Supabase / AWS (Database and Storage)
  • Postmark (Transactional Email)
  • Stripe (Payment Processing)

5. Data Residency Options

For Enterprise customers who require strict data sovereignty, RepairOps offers Data Residency options. You can choose to have your database physically hosted in the EU (Frankfurt or Dublin) to ensure data never leaves the European Economic Area.

6. Security Measures

We implement robust technical and organizational measures to protect personal data, including AES-256 encryption at rest, TLS 1.3 encryption in transit, and Row Level Security (RLS) to enforce multi-tenant isolation. Read more on our Security Page.