Privacy Policy — MaintenanceHub
Effective date: 2026-05-07 Last updated: 2026-05-07
What this is. MaintenanceHub is operated by PaxZeroNode (Jason Phebus). This document explains what data MaintenanceHub collects, why, who it's shared with, and how you can request your data be removed. It is written to be read, not skimmed past.
Plain-English summary. We collect the data you give us (your account info, work orders, asset details, photos, service manual PDFs you upload) and a few things needed to make the app work (your push notification token, AI usage cost). We never sell your data, never use it to train external AI, and only share it with the third-party services strictly needed to run MaintenanceHub.
1. Data we collect
From you, directly
- Account information: email address, full name, phone number, profile photo
- Workplace data: asset records (trucks, forklifts, etc., with VINs, mileage, etc.), work orders, photos and receipts you attach, service manual PDFs you upload, vendor information you record
- App usage: which features you use, the time of day, errors that occur
From your device, automatically
- Authentication tokens to keep you signed in
- Push notification tokens so we can deliver alerts you've opted into
- Camera and photo library access when you scan a QR code or attach a photo (only when you tap those features)
- Location: we do not collect device location
From integrations (only when you connect them)
- Motive (formerly KeepTruckin): vehicle details, DVIR submissions, fault codes, mileage. Only data your organization has authorized in the Motive integration.
Generated automatically
- AI usage records: token counts and costs of each SylAi call, used to enforce per-user quotas and bill correctly
- Audit log: who changed what, when. Used for compliance and security investigations.
2. How we use your data
- To provide the service: every feature listed above is the data needed to make it work
- To improve the product: aggregate, de-identified usage patterns help us prioritize features
- To bill correctly: Stripe processes payment information; we store only customer/subscription IDs
- To communicate with you: transactional emails (sign-up confirmation, billing receipts, security notices) and push notifications you've enabled
We do not:
- Sell your data to anyone
- Share your data with advertisers
- Use your work orders, service manuals, or photos to train external AI models
- Track you across other apps or websites
3. Who we share data with
| Recipient | Why | What | |---|---|---| | Supabase (database, auth, storage) | Hosts our database and your files | All data | | Anthropic (Claude API) | Powers SylAi responses | The specific service manual or chat content sent to SylAi for each call. Anthropic's data policy states no training on API inputs. | | Expo / EAS | Push notifications | Notification payloads + your push token | | Stripe | Payment processing | Subscription tier, customer email, payment method (we never see card details) | | Vercel | Web admin hosting (if applicable) | Same database access as Supabase; no separate data store | | Motive | Fleet integration (only if connected) | Same data already in your Motive account |
We do not transfer your data outside the United States except where required by these vendors' standard infrastructure.
4. Data retention
- Active accounts: we retain your data as long as you have an active account
- Cancelled accounts: 90 days after cancellation, all data is deleted from production. Backups are purged within 35 days after that
- Audit logs: retained for 1 year, then aggregated for security analysis only
- Deleted records: when you delete a work order, asset, or photo, it's permanently removed within 30 days
- You can request immediate deletion of all data at any time by emailing the address below
5. Your rights
- Access: request a copy of all your data
- Correction: edit your profile or any record you own
- Deletion: delete your account; we'll erase your data within 30 days
- Portability: export your work orders, assets, and reports as PDF or CSV at any time from inside the app
- Restriction: ask us to stop processing certain data while keeping your account
- Objection: opt out of any specific processing
To exercise any of these, email PaxCode@icloud.com (or your designated support contact). We respond within 30 days.
6. Security
- All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Authentication is via Supabase Auth with optional MFA
- Access to production data is limited to platform administrators (currently: Jason Phebus)
- Daily backups are encrypted and stored in a separate region
- SylAi usage has per-user daily quotas to prevent runaway costs and abuse
- Row-level security policies enforce that users only see their own organization's data
We have not had a data breach. If we ever do, we'll notify affected users within 72 hours.
7. Children
MaintenanceHub is for warehouse and fleet professionals. It is not directed at, nor knowingly used by, children under 16. We do not collect data from children.
8. Changes to this policy
We'll notify you in the app and by email at least 30 days before any material change. The effective date at the top reflects the most recent revision.
9. Contact
PaxZeroNode (operator of MaintenanceHub) Jason Phebus Email: PaxCode@icloud.com
For data subject requests (access / deletion / correction), include "Data Request" in the subject line.
This policy is intentionally human. If you can't tell what we do with your data after reading it, it's a bug — tell us and we'll fix it.