Core forever free — paid tiers from $29/mo flat per company for advanced features

Privacy Policy

Last updated: ---

We Do Not Sell Your Data

FreeMaint is free, but you are NOT the product.

  • We never sell your personal information to third parties
  • We never share your data with advertisers or marketing companies
  • Your maintenance data is yours alone and stays within your organization
  • Our business model is based on premium features, not data monetization

1. Data Collection

We are committed to protecting your privacy and ensuring the security of your personal information.

2. Data Usage

To provide a comprehensive, professional-grade CMMS solution that remains completely free, empowering businesses of all sizes to optimize their maintenance operations without financial barriers.

3. Data Security

Enterprise-grade security with data encryption, role-based access, and compliance reporting

4. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy.

5. Data residency

All customer data (your CMMS records, uploaded files, user accounts) is stored on OVH datacenters located in France (European Union). Backups are encrypted and retained on the same OVH infrastructure. We do not transfer customer data outside the EU except where strictly necessary to operate the service (for example, for transactional emails routed via Brevo's EU infrastructure or for billing via the Merchant of Record once activated). All such transfers, when applicable, rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data breach notification

FreeMaint acts as your data processor. If we confirm a personal-data breach affecting data we process on your behalf, we notify you without undue delay and within 72 hours — describing the nature of the breach, the categories and approximate number of people and records affected, the likely consequences, and the remediation taken. This commitment is set out in Article 9 of our Data Processing Agreement (available on request at contact@freemaint.com) and meets the deadlines that breach-notification laws place on a processor, including GDPR Article 33 and US state laws such as the Florida FIPA. You then have what you need to notify affected individuals within your own statutory deadline.

7. Your Privacy Rights (GDPR & LGPD)

Under GDPR (Europe) and LGPD (Brazil), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Export your company data (JSON, ZIP, SQL)
  • Right to Object: Opt out of processing for marketing purposes
  • Right to Restriction: Limit how we process your data

How to exercise your rights: open your account Settings and go to the Data section to delete your account or export your data. For other requests, see the Data Protection contact section below.

8. Cookies & Tracking

We use cookies and similar technologies. You can manage your preferences through our cookie banner.

Essential Cookies

Required for basic functionality

Analytics Cookies

Help us improve our service

9. Sub-processors and infrastructure

FreeMaint relies on the following third-party service providers (sub-processors) to operate the platform. Each provider is bound by data processing agreements consistent with GDPR Article 28. We do not sell or share your data with any party for advertising or marketing purposes.

O

OVH (Cloud hosting)

Application servers, database (PostgreSQL), object storage (S3-compatible), and Redis cache are hosted on OVH Public Cloud infrastructure. Data residency: France (EU). OVH is GDPR-compliant and ISO 27001 certified.

B

Brevo (Email service)

Transactional emails (account confirmation, password reset, invitations, billing notifications). No marketing or behavioral data is shared. Data residency: EU.

E

Bugsink (Error tracking)

Self-hosted error monitoring on our own OVH infrastructure (no external SaaS). Captures application errors with sanitized context (passwords, tokens, and cookies are filtered out before transmission).

$

Payment processor (Merchant of Record)

Once paid plans are activated, payments will be processed by a third-party Merchant of Record provider currently being onboarded. The MoR will receive: customer email, billing address, payment method details (handled directly by the MoR — we never store card data), and invoice line items. The specific provider will be disclosed here once onboarding is complete. Data processing agreement and GDPR Standard Contractual Clauses will be in place before any payment is processed.

T

Telegram (Internal notifications)

Internal admin notifications (new signups, feedback) are sent to a private Telegram channel. Customer data is not transmitted; only metadata such as company name and feedback subject lines.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page.

12. Data Protection contact

For all data protection requests (access, rectification, erasure, portability, objection) or any GDPR-related inquiry, contact:

Role: Data protection contact (FreeMaint)
Email: contact@freemaint.com
Address: FreeMaint, Rue Jallouli Fares, Dar Chaabane, Tunisia

We respond within 30 days as required by GDPR Article 12.