New

Everything you need to scale smarter with Fixly.

Get Started
xly

Security

We design Fixly with secure defaults, role-based access, and practical operational controls.

Last updated: April 2026

For personal data processing and cookies, see our Privacy Policy. Optional analytics: .

Security is treated as a product requirement, not an afterthought. We use authenticated sessions, server-side access controls, and protected API routes across sensitive operations such as billing, admin actions, and platform-level monitoring.

Authentication & access controls

Users authenticate via Google sign-in through Firebase Authentication. Sessions are maintained with httpOnly cookies validated server-side on every request. Admin and super-admin actions are gated by role checks so only authorized users can reach billing, platform, and moderation controls.

Data encryption

All data in transit is encrypted via TLS. The PostgreSQL database enforces SSL connections, ensuring data is encrypted between the application and the database. Secrets and API keys are stored as environment variables on the hosting platform — never committed to source code or exposed to the client.

Infrastructure

Fixly runs on Render's managed hosting platform with automatic deploys, isolated build environments, and zero-downtime deployments. The PostgreSQL database is hosted on Render with daily automated backups and point-in-time recovery. Static assets are served through a CDN with HTTPS enforced on all endpoints.

Operational safeguards

Notifications, billing logs, and visit events provide operational visibility for administrators. API routes validate session tokens and user roles before executing any state-changing operation. Rate limiting and input validation are applied to public-facing endpoints.

Incident response

We monitor application errors and uptime through Render's health checks and logging. If a security issue is identified, we prioritize investigation, apply fixes, and notify affected users. To report a vulnerability or security concern, please use our contact page.

If your organization needs a detailed security questionnaire, contact the Fixly team via the contact page. For how we process personal data, see our Privacy Policy.