LISSI – HVAC Field Service Management
Last updated: June 27, 2026
Effective date: June 27, 2026
Version: 1.2
redisenomovil v0.8.0 and web platform redesingv4) as of the update date. See "Version History" for the detailed changes.
1. Introduction
LISSI ("we", "our", or "the Platform") is a field service management application designed for companies in the HVAC-R sector (Heating, Ventilation, Air Conditioning, and Refrigeration) and their technical staff.
This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application, web platform, and related services.
By using LISSI, you accept the practices described in this Policy. Use of the Platform is subject to our Terms of Service.
2. Data Controller
The party responsible for processing your personal data is:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Privacy email: soporte@lissi.app
For the purposes of Chilean data protection legislation (Law No. 19,628), LISSI acts as the data controller with respect to the data of platform users, and as the data processor with respect to the data of the end customers of the user organizations.
3. Information We Collect
3.1 Users' Personal Information
| Data | Purpose | Required? |
|---|---|---|
| Email address | Account creation, authentication, and notifications | Required |
| Full name | User identification and report generation | Required |
| Password | Authentication | Required |
| Organization name | Workspace creation | Required (at sign-up) |
| Country | Regional settings | Required (at sign-up) |
| Phone number | Contact and support | Optional |
| Profile photo | Visual identification of the user | Optional |
| Digital signature | Signing work orders and operational documentation | Required for technicians |
| Industry, company size, and age range | Profiling of the organization during onboarding | Optional |
3.2 Work-Related Data
We collect:
- Work orders: descriptions, statuses, dates, assigned technicians, and observations.
- Equipment/asset data: serial numbers, brands, models, capacities, refrigerants, locations, and maintenance history.
- Maintenance photos: images captured during field service visits.
- Customer signatures: digital confirmation of completed work.
- Technical reports: form responses, observations, readings, and measurements.
- Custom templates: forms and checklists created by the organization.
3.3 Technical Information
| Data | Purpose |
|---|---|
| Device type and model | Compatibility and technical support |
| Device identifier | Push notification registration and diagnostics |
| Operating system version | Compatibility and diagnostics |
| Application version | Support and updates |
| IP address | Security and fraud prevention |
| Push notification token (FCM) | Sending work order alerts |
| App usage data | Improving user experience (product analytics) |
| Error logs, diagnostics, and session recording | Technical troubleshooting (see §15) |
3.4 Location Data (GPS)
The mobile application may collect the GPS location of the technician's device when the organization enables location tracking.
- Location permission: the App requests access to the device's location (precise and approximate). On iOS, it is requested "while using the app".
- When it is captured: when starting, pausing, resuming, or completing a work order, and during form completion, only if the organization has location tracking enabled. This feature is disabled by default; each organization decides whether to enable it.
- What is stored: latitude, longitude, accuracy, altitude, timestamp, and the address obtained through reverse geocoding of those coordinates. This data is associated with the corresponding work order.
- Manually entered addresses: we store customer and job site addresses.
- Photo metadata (EXIF): photos may contain location if the user has geolocation enabled on their camera. We recommend disabling it if you do not want it recorded.
- QR code scanning: does not capture GPS coordinates.
4. Device Permissions
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Capture photos and scan QR codes | Yes (field features) |
| Location (GPS) | Record where work orders are performed (if the organization enables it) | Optional / depending on the organization's configuration |
| Storage / Files | Save PDF reports and temporary photos | Yes |
| Internet | Synchronization with the server | Yes |
| Notifications | Work order alerts | Optional |
5. How We Use Your Information
5.1 Primary Purposes
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Platform | Contract performance |
| Manage accounts and authentication | Contract performance |
| Generate reports and technical documentation | Contract performance |
| Support and communication | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
| Product analytics and experience improvement | Legitimate interest |
| Artificial intelligence assistant (see §7) | Contract performance / Consent |
5.2 Product Analytics
We use product analytics tools to understand how the Platform is used and to improve it. This analytics data may be associated with your account (user identifier, email address, name, role, and organization) to diagnose problems and measure feature usage. See §6.1 (PostHog) and §15.
5.3 Aggregate Analytical Use
Additionally, LISSI may process information in an aggregated and anonymized manner —so that it does not allow the identification of individuals or organizations— for sector analytics, product improvement, data model development, technical and energy indicators, HVAC-R industry studies, and the design of new services.
6. Data Sharing and Data Processors
6.1 Providers / Data Processors
We share information with the following technology providers, strictly necessary to operate the Platform:
| Provider | Service | Location | Data |
|---|---|---|---|
| Supabase (on AWS) | Database, authentication, and file storage | USA | All operational and account data |
| Google Firebase (Cloud Messaging) | Push notifications | USA | Device token, device identifier |
| PostHog | Product analytics and session recording | USA (US cloud) | Usage events, user identifier, email, name, role, organization |
| Sentry | Error monitoring and diagnostics | USA | Error logs, user context, screenshots/session captures |
| OpenAI | AI assistant (see §7) | USA | User messages and operational data queried |
| Google (Gemini) | AI assistant (see §7) | USA | User messages and operational data queried |
| Vercel | Web platform hosting and routing of AI requests (AI Gateway) | USA | Web traffic; requests to the AI assistant |
| OpenStreetMap | Maps for displaying locations | International | Coordinates to display the map |
| Google Play / App Store | Application distribution | USA | Installation metrics |
These providers are required to protect the information and use it only for the specified purposes.
6.2 Internal Sharing
| Role | Access |
|---|---|
| Administrator | All data of their organization |
| Supervisor | Data under their supervision |
| Technician | Their assigned orders |
| Customer | Their own information (if enabled) |
Isolation between organizations is guaranteed at the database level (Row-Level Security).
6.3 No Sale of Data
LISSI does not sell, rent, or trade personal data.
6.4 Legal Disclosure
We may disclose data if required by law, a competent authority, the safety of users, or with express consent.
7. Artificial Intelligence Assistant
The web Platform includes a conversational assistant ("AlissIA" / "Lía") available for the plans that enable it.
- Providers: queries are processed using language models from OpenAI and Google (Gemini), accessed through Vercel AI Gateway. The assistant may route traffic between both providers.
- What data is sent: the text you type to the assistant and, depending on the query, operational data from your organization (customer names and contact details, tax identifiers, addresses, work orders, equipment data, technician names, and organization indicators).
- Role of the providers: OpenAI and Google act as data processors and process the information solely to generate the assistant's response.
- Retention: conversations with the assistant are stored in our database (Supabase) associated with your organization for history and audit purposes. See §10.
- Documentation indexing: help search queries are processed using OpenAI embeddings.
The assistant can be disabled at the organization level.
8. International Data Transfers
Your data may be transferred to and processed in the United States through the providers indicated in §6.1 and §7.
These transfers are carried out in accordance with Law No. 19,628, contractual clauses, and the providers' security certifications (e.g. SOC 2, ISO 27001).
9. Storage and Security
9.1 Location
Cloud infrastructure on AWS (USA) provided by Supabase.
9.2 Technical Measures
| Measure | Description |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.2+ |
| Per-organization isolation | Row-Level Security (RLS) |
| Authentication | JWT tokens |
| Access control | RBAC (roles) |
| Credential storage on device | Secure encrypted storage of the operating system |
| Backups | Daily (30-day retention) |
9.3 Organizational Measures
Restricted production access, audit logs, security updates, and periodic reviews.
10. Data Retention
| Type | Retention | Reason |
|---|---|---|
| Account data | Deletion + 30 days | Recovery |
| Orders and reports | 7 years | Legal |
| Maintenance photos | 5 years | Evidence |
| Digital signatures | 7 years | Legal value |
| Audit logs | 3 years | Compliance |
| AI assistant conversations | Until account deletion | History and audit |
| Technical / diagnostic logs | 90 days | Diagnostics |
These periods may be extended due to legal obligations or judicial proceedings.
11. Your Rights
| Right | Description |
|---|---|
| Access | Copy of your data |
| Rectification | Correct errors |
| Deletion | Erase data |
| Restriction | Restrict use |
| Objection | Refuse processing |
| Portability | Export data |
To exercise them, write to soporte@lissi.app. Response within a maximum of 15 business days.
12. Account and Data Deletion
You can request the deletion of your account in two ways:
a) From the application: in your Profile, the "Request account deletion" option (requires re-entering your password). The request is recorded and can be canceled before it is processed.
b) By email: write to soporte@lissi.app with the subject "Account deletion request", indicating your full name and organization.
Process: acknowledgment within 72 hours; deletion within a maximum of 30 days.
- Deleted: profile, credentials, photo, signature, and preferences.
- Retained (anonymized): work orders, audit logs, technical documentation, and customer signatures, in accordance with the retention periods (§10).
13. Third-Party Data (End Customers)
The user organization is responsible for informing and obtaining the consents of its end customers. With respect to that data, LISSI acts as the data processor.
14. Digital Signatures
- They are images, not biometric data.
- Patterns are not analyzed, nor are they used for biometric identification.
- They are stored encrypted.
- Retention: 7 years.
15. Cookies, Local Storage, and Session Recording
Mobile app
Does not use cookies. It uses encrypted local storage for the session and offline cache.
Web
| Technology | Use | Persistence |
|---|---|---|
| Session cookie (Supabase) | Authentication | Persistent (includes refresh token) |
| Analytics cookie (PostHog) | Product analytics identifier | Persistent |
| LocalStorage | Preferences (remembered email, table settings, UTM attribution, navigation state) | Persistent |
| SessionStorage | Form drafts and navigation restoration | Per session |
Session recording: for diagnostics and product improvement, PostHog and Sentry may record the user's session (interactions and screens). Input fields are masked. This recording is for internal use and is not shared with advertising third parties.
We do not use advertising cookies or tracking for advertising purposes. We do use product analytics (PostHog) to improve the Platform, as described in §5.2.
16. Children's Privacy
LISSI is not intended for individuals under 18 years of age. If we detect data belonging to minors, it is deleted immediately.
17. Changes to this Policy
We will notify changes 30 days in advance, through the app, email, and web. Continued use thereafter implies acceptance.
18. Contact Us
| Type | Contact |
|---|---|
| Privacy | soporte@lissi.app |
| Support | soporte@lissi.app |
| Web | lissi.app |
Address:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Appendix A — Processing Summary
| Category | Legal Basis | Retention |
|---|---|---|
| Account data | Contract performance | Deletion + 30 days |
| Authentication | Contract performance | Session duration |
| Work orders | Contract performance | 7 years |
| Maintenance photos | Legitimate interest | 5 years |
| Signatures | Contract performance | 7 years |
| Location (GPS) | Contract performance (if the organization enables it) | Associated with the work order (7 years) |
| AI conversations | Contract performance / Consent | Until account deletion |
| Product analytics | Legitimate interest | Per provider |
| Technical logs | Legitimate interest | 90 days |
| Audit logs | Legal obligation | 3 years |
| Aggregated/anonymized analytics | Legitimate interest | Indefinite |
Appendix B — Application Permissions
Android
| Permission | Source | Purpose |
|---|---|---|
INTERNET | App | Synchronization |
ACCESS_NETWORK_STATE | App / plugins | Connectivity detection |
CAMERA | App | Photos and QR scanning |
READ_EXTERNAL_STORAGE (Android <13) | App | PDF file operations |
WRITE_EXTERNAL_STORAGE (Android <13) | App | PDF file operations |
ACCESS_FINE_LOCATION | App | Work order location tracking |
ACCESS_COARSE_LOCATION | App | Work order location tracking |
POST_NOTIFICATIONS | App | Work order notifications |
VIBRATE | App | Haptic notification alerts |
WAKE_LOCK | Firebase Messaging | Receiving push notifications |
com.google.android.c2dm.permission.RECEIVE | Firebase Messaging | Receiving push notifications |
RECORD_AUDIO | Camera plugin (camera_android) | Declared by the camera library; the App does not record audio. |
READ_MEDIA_IMAGES/READ_MEDIA_VIDEO, ACCESS_BACKGROUND_LOCATION, or Bluetooth permissions.
iOS
| Key | Purpose |
|---|---|
NSCameraUsageDescription | Camera: photos and QR scanning |
NSPhotoLibraryUsageDescription | Selection of evidence and profile images |
NSPhotoLibraryAddUsageDescription | Save PDF reports and photos to the gallery |
NSLocationWhenInUseUsageDescription | Work order location (while using the app) |
NSLocationAlwaysAndWhenInUseUsageDescription | Work order location |
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2025-12-31 | Initial version |
| 1.1 | 2025-12-31 | Spanish version + new sections |
| 1.2 | 2026-06-27 | Reflects the actual operation of the platform: (a) GPS location collection is acknowledged (previously denied); (b) omitted data processors are added: PostHog, OpenAI, Google/Gemini, Vercel, Firebase, OpenStreetMap; (c) new section §7 AI Assistant; (d) correction of Appendix B permissions (location, VIBRATE, plugin RECORD_AUDIO, and FCM permissions added; READ_MEDIA_IMAGES removed; iOS goes from 3 to 5 keys); (e) §15 declares session recording (PostHog/Sentry) and persistent cookies; (f) §12 acknowledges the in-app deletion flow; (g) product analytics associated with the account (not anonymized at the source). |