Table of Contents
1. Introduction
LISSI ("we", "our", or "the Platform") is a field service management application designed for companies in the HVAC-R (Heating, Ventilation, Air Conditioning, and Refrigeration) sector and their technical staff.
This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application, web platform, and related services.
By using LISSI, you agree to the practices described in this Policy. The use of the Platform is subject to our Terms and Conditions.
2. Data Controller
The entity responsible for processing your personal data is:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Privacy Email: cesar@lissi.app
For the purposes of Chilean data protection legislation (Law 19.628), LISSI acts as the data controller regarding platform user data, and as the data processor regarding the data of the end customers of the user organizations.
3. Information We Collect
3.1 Personal User Information
| Data | Purpose | Obligatory? |
|---|---|---|
| Account creation, authentication, and notifications | Mandatory | |
| Full Name | User identification and report generation | Mandatory |
| Phone Number | Contact and support | Optional |
| Profile Picture | Visual user identification | Optional |
| Digital Signature | Signing work orders and operational documentation | Mandatory for technicians |
3.2 Work-Related Data
We collect:
- Work orders: descriptions, statuses, dates, assigned technicians, and observations
- Equipment/Asset data: serial numbers, brands, models, capacities, locations, and maintenance history
- Maintenance photos: images captured during technical service visits
- Customer signatures: digital confirmation of executed work
- Technical reports: form responses, observations, readings, and measurements
- Custom templates: forms and checklists created by the organization
3.3 Technical Information
| Data | Purpose |
|---|---|
| Device type and model | Compatibility and technical support |
| OS version | Compatibility and diagnostics |
| App version | Support and updates |
| IP Address | Security and fraud prevention |
| App usage data | User experience improvement |
| Error logs and diagnostics | Technical troubleshooting |
3.4 Location Data
LISSI does not request GPS location permissions from the device.
However:
- Manually entered addresses: we store addresses of customers and job sites.
- Photo metadata (EXIF): photos may contain location data if the user has geolocation active on their camera.
- QR Code scanning: does not capture GPS coordinates.
4. Device Permissions
| Permission | Purpose | Mandatory? |
|---|---|---|
| Camera | Capture photos and scan QR codes | Yes |
| Storage / Files | Save PDF reports and temporary photos | Yes |
| Internet | Synchronization with the server | Yes |
| Notifications | Work order alerts | Optional |
Note: Denying essential permissions may limit the App's functionality.
5. How We Use Your Information
5.1 Main Purposes
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Platform | Contractual performance |
| Manage accounts and authentication | Contractual performance |
| Generate reports and technical documentation | Contractual performance |
| Support and communication | Contractual performance |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
| Experience improvement | Legitimate interest |
5.2 Analytical Use (Aggregated Data)
The user expressly authorizes LISSI to process information in an aggregated and anonymized form for:
This processing does not allow for the identification of individuals or organizations.
6. Data Sharing
6.1 Providers
| Provider | Service | Location | Data |
|---|---|---|---|
| Supabase | Database and Auth | AWS – USA | All |
| Sentry | Error monitoring | USA | Logs |
| Google Play | App distribution | USA | Metrics |
6.2 Internal Sharing
| Role | Access |
|---|---|
| Administrator | All data |
| Supervisor | Data under their supervision |
| Technician | Their assigned orders |
| Customer | Their information (if applicable) |
6.3 No Sale of Data
LISSI does not sell, rent, or trade personal data.
6.4 Legal Disclosure
We may disclose data if required by law, competent authority, security reasons, or express consent.
7. International Data Transfers
Data may be processed in the United States through providers like AWS and Sentry.
We comply with Law 19.628, contractual clauses, and certifications (SOC 2, ISO 27001).
8. Storage and Security
8.1 Location
Cloud infrastructure on AWS (USA).
8.2 Technical Measures
| Measure | Description |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.2+ |
| RLS | Organizational isolation |
| Authentication | JWT |
| Access control | RBAC |
| Backups | Daily (30 days) |
8.3 Organizational Measures
- Restricted access
- Audits
- Security updates
- Periodic reviews
9. Data Retention
| Type | Retention | Reason |
|---|---|---|
| Account data | Deletion + 30 days | Recovery |
| Orders and reports | 7 years | Legal |
| Photos | 5 years | Evidence |
| Signatures | 7 years | Legal value |
| Audits | 3 years | Compliance |
| Logs | 90 days | Diagnostics |
10. Your Rights
| Right | Description |
|---|---|
| Access | Copy of your data |
| Rectification | Correct errors |
| Erasure | Delete data |
| Limitation | Restrict use |
| Objection | Object to processing |
| Portability | Export data |
Exercise: write to cesar@lissi.app – response within 15 business days.
11. Account and Data Deletion
Process
- Email cesar@lissi.app
- Subject: "Account deletion request"
- Indicate name and organization
- Confirmation within 72 hours
- Deletion within 30 days
Deleted:
- Profile
- Credentials
- Photo
- Signature
- Preferences
Retained (Anonymized):
- Work orders
- Audits
- Technical documentation
- Customer signatures
12. Third-Party Data
The user organization is responsible for informing and obtaining consent from its customers.
LISSI acts as a data processor.
13. Digital Signatures
- Signatures are images, not biometric data
- No patterns are analyzed
- They are stored encrypted
- Retention: 7 years
15. Children's Privacy
LISSI is not intended for individuals under 18 years of age.
If we detect data from minors, it is deleted immediately.
16. Changes to this Policy
- Changes will be notified 30 days in advance
- Via app, email, and web
- Continued use implies acceptance
17. Contact Us
| Type | Contact |
|---|---|
| Privacy | cesar@lissi.app |
| Support | cesar@lissi.app |
| General | cesar@lissi.app |
| Web | https://www.lissi.app |
Address:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Appendix A – Data Processing Summary
| Category | Legal Basis | Retention |
|---|---|---|
| Account | Contractual performance | +30 days |
| Authentication | Contractual performance | Session |
| Orders | Contractual performance | 7 years |
| Photos | Legitimate interest | 5 years |
| Signatures | Contractual performance | 7 years |
| Logs | Legitimate interest | 90 days |
| Audits | Legal obligation | 3 years |
| Analytics | Consent | Indefinite |
Appendix B – Application Permissions
Android
- CAMERA
- INTERNET
- READ_EXTERNAL_STORAGE (Android <13)
- WRITE_EXTERNAL_STORAGE (Android <13)
- READ_MEDIA_IMAGES (Android 13+)
- POST_NOTIFICATIONS
iOS
- NSCameraUsageDescription
- NSPhotoLibraryUsageDescription
- NSPhotoLibraryAddUsageDescription
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2025-12-31 | Initial version |
| 1.1 | 2025-12-31 | Spanish version + new sections |