Table of Contents
1. Introduction
LISSI ("we", "our", or "the Platform") is a field service management application designed for companies in the HVAC-R (Heating, Ventilation, Air Conditioning, and Refrigeration) sector and their technical staff.
This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application, web platform, and related services.
By using LISSI, you agree to the practices described in this Policy. The use of the Platform is subject to our Terms and Conditions.
2. Data Controller
The entity responsible for processing your personal data is:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Privacy Email: cesar@lissi.app
For the purposes of Chilean data protection legislation (Law 19.628), LISSI acts as the data controller regarding platform user data, and as the data processor regarding the data of the end customers of the user organizations.
3. Information We Collect
3.1 Personal User Information
| Data | Purpose | Obligatory? |
|---|---|---|
| Account creation, authentication, and notifications | Mandatory | |
| Full Name | User identification and report generation | Mandatory |
| Phone Number | Contact and support | Optional |
| Profile Picture | Visual user identification | Optional |
| Digital Signature | Signing work orders and operational documentation | Mandatory for technicians |
3.2 Work-Related Data
We collect:
- Work orders: descriptions, statuses, dates, assigned technicians, and observations
- Equipment/Asset data: serial numbers, brands, models, capacities, locations, and maintenance history
- Maintenance photos: images captured during technical service visits
- Customer signatures: digital confirmation of executed work
- Technical reports: form responses, observations, readings, and measurements
- Custom templates: forms and checklists created by the organization
3.3 Technical Information
| Data | Purpose |
|---|---|
| Device type and model | Compatibility and technical support |
| OS version | Compatibility and diagnostics |
| App version | Support and updates |
| IP Address | Security and fraud prevention |
| App usage data | User experience improvement |
| Error logs and diagnostics | Technical troubleshooting |
3.4 Location Data
LISSI collects GPS location data from the technician's device during work order execution, with explicit user consent through the operating system's permission dialog. Collection occurs only when the application is in active use (foreground) and does not capture location in the background.
| Data | Purpose |
|---|---|
| GPS coordinates (latitude/longitude) | On-site presence verification |
| Signal accuracy | Record quality |
| Altitude | Supplementary record |
| Approximate address (reverse geocoding) | Human-readable location identification |
| Location provider (GPS/WiFi/Network) | Technical diagnostics |
| Capture date and time | Operational traceability |
Capture moments: start, pause, resume, and completion of work orders.
User control:
- Requires explicit operating system permission
- Can be revoked at any time from device settings
- The organization can disable this feature via configuration
- If permission is denied, the application works normally without recording coordinates
Additionally:
- Manually entered addresses: we store addresses of customers and job sites
- Photo metadata (EXIF): photos may contain location if the user has geolocation active on their camera
4. Device Permissions
| Permission | Purpose | Mandatory? |
|---|---|---|
| Camera | Capture photos and scan QR codes | Yes |
| Storage / Files | Save PDF reports and temporary photos | Yes |
| Internet | Synchronization with the server | Yes |
| Notifications | Work order alerts | Optional |
| Location (GPS) | Record location during work order execution | No (limited functionality without it) |
Note: Denying essential permissions may limit the App's functionality.
5. How We Use Your Information
5.1 Main Purposes
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Platform | Contractual performance |
| Manage accounts and authentication | Contractual performance |
| Generate reports and technical documentation | Contractual performance |
| Support and communication | Contractual performance |
| Security and fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation |
| Experience improvement | Legitimate interest |
5.2 Analytical Use (Aggregated Data)
The user expressly authorizes LISSI to process information in an aggregated and anonymized form for:
This processing does not allow for the identification of individuals or organizations.
6. Data Sharing
6.1 Providers
| Provider | Service | Location | Data |
|---|---|---|---|
| Supabase | Database and Auth | AWS – USA | All |
| Sentry | Error monitoring | USA | Logs |
| Apple App Store | App distribution (iOS) | USA | Installation and usage metrics |
| Google Play | App distribution (Android) | USA | Installation and usage metrics |
6.2 Internal Sharing
| Role | Access |
|---|---|
| Administrator | All data |
| Supervisor | Data under their supervision |
| Technician | Their assigned orders |
| Customer | Their information (if applicable) |
6.3 No Sale of Data
LISSI does not sell, rent, or trade personal data.
6.4 Legal Disclosure
We may disclose data if required by law, competent authority, security reasons, or express consent.
7. International Data Transfers
Data may be processed in the United States through providers like AWS and Sentry.
We comply with Law 19.628, contractual clauses, and certifications (SOC 2, ISO 27001).
8. Storage and Security
8.1 Location
Cloud infrastructure on AWS (USA).
8.2 Technical Measures
| Measure | Description |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.2+ |
| RLS | Organizational isolation |
| Authentication | JWT |
| Access control | RBAC |
| Backups | Daily (30 days) |
8.3 Organizational Measures
- Restricted access
- Audits
- Security updates
- Periodic reviews
9. Data Retention
| Type | Retention | Reason |
|---|---|---|
| Account data | Deletion + 30 days | Recovery |
| Orders and reports | 7 years | Legal |
| Photos | 5 years | Evidence |
| Signatures | 7 years | Legal value |
| Audits | 3 years | Compliance |
| Logs | 90 days | Diagnostics |
10. Your Rights
| Right | Description |
|---|---|
| Access | Copy of your data |
| Rectification | Correct errors |
| Erasure | Delete data |
| Limitation | Restrict use |
| Objection | Object to processing |
| Portability | Export data |
Exercise: write to cesar@lissi.app – response within 15 business days.
11. Account and Data Deletion
11.1 Deletion from the Application
You can request the deletion of your account directly from the application:
- Open the App and go to Profile
- In the "Danger zone" section, tap Delete my account
- Review the information about the data that will be deleted and what will be retained
- Confirm the request by entering your password
- Deletion will be processed within a maximum of 30 days
11.2 Deletion by Email
Alternatively, you can request deletion by sending an email:
- Send an email to cesar@lissi.app
- Subject: "Account deletion request"
- Include your full name and organization
- You will receive confirmation within a maximum of 72 hours
- Deletion will be processed within a maximum of 30 days
11.3 Data that is Deleted
- Profile information and access credentials (name, email, phone)
- Personal profile photo
- Personal digital signature
- Individual preferences and settings
11.4 Data that is Retained (Anonymized)
Due to legal and contractual obligations:
- Work orders you participated in (technician identity is anonymized)
- Generated technical reports
- Audit records required by law
- Technical documentation required for service traceability
- Customer signatures (belonging to the organization-client relationship)
12. Third-Party Data
The user organization is responsible for informing and obtaining consent from its customers.
LISSI acts as a data processor.
13. Digital Signatures
- Signatures are images, not biometric data
- No patterns are analyzed
- They are stored encrypted
- Retention: 7 years
15. Children's Privacy
LISSI is not intended for individuals under 18 years of age.
If we detect data from minors, it is deleted immediately.
16. Changes to this Policy
- Changes will be notified 30 days in advance
- Via app, email, and web
- Continued use implies acceptance
17. Contact Us
| Type | Contact |
|---|---|
| Privacy | cesar@lissi.app |
| Support | cesar@lissi.app |
| General | cesar@lissi.app |
| Web | https://www.lissi.app |
Address:
LISSI SpA
Granja Sidonia Lote 5, Camino Santa Barbara Km 2
Los Ángeles, Chile
Appendix A – Data Processing Summary
| Category | Legal Basis | Retention |
|---|---|---|
| Account | Contractual performance | +30 days |
| Authentication | Contractual performance | Session |
| Orders | Contractual performance | 7 years |
| Photos | Legitimate interest | 5 years |
| Signatures | Contractual performance | 7 years |
| Logs | Legitimate interest | 90 days |
| Audits | Legal obligation | 3 years |
| Analytics | Consent | Indefinite |
| Location (GPS) | Explicit consent | Work order validity period |
Appendix B – Application Permissions
Android
- CAMERA
- INTERNET
- READ_EXTERNAL_STORAGE (Android <13)
- WRITE_EXTERNAL_STORAGE (Android <13)
- READ_MEDIA_IMAGES (Android 13+)
- POST_NOTIFICATIONS
- ACCESS_FINE_LOCATION
- ACCESS_COARSE_LOCATION
iOS
NSCameraUsageDescription→ Capture photos and scan QR codesNSPhotoLibraryUsageDescription→ Select existing photos for evidence and profileNSLocationWhenInUseUsageDescription→ Record location during work orders
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2025-12-31 | Initial version |
| 1.1 | 2025-12-31 | Spanish version + new sections |
| 1.2 | 2026-03-20 | App Store preparation: added Apple App Store as provider (section 6.1), aligned iOS permissions in Appendix B with actual Info.plist, updated legal address |
| 1.3 | 2026-03-31 | In-app account deletion with password confirmation (section 11.1), email as alternative method (section 11.2), added photo gallery iOS permission (NSPhotoLibraryUsageDescription) |