Hubalot Privacy Policy

Introduction

Hubalot is built with privacy and security as foundational principles. We believe your data belongs to you—not to us, not to advertisers, and not to third parties.

This Privacy Policy explains what information we collect, how we use and protect it, how we share data with AI providers and Social Media platforms to deliver our services, and how we comply with data protection laws including GDPR, CCPA, and third-party API requirements (including Google and YouTube API Services).

By using Hubalot, you acknowledge and consent to the data practices described in this policy.

1. Information We Collect

To provide, secure, and improve Hubalot's services, we collect the following categories of information:

1.1 Account Information

What we collect:

• Full name
• Email address
• Billing information (credit card details are encrypted and processed by third-party payment processors; Hubalot never stores complete payment card numbers)
• Account preferences and settings
• Subscription tier and billing history

Why we collect it: To create and manage your account, process payments, provide customer support, and deliver subscription benefits.

1.2 User Content & Enhanced Memory Data

What we collect:

• Files and documents you upload to Hubalot
• Content connected via third-party integrations (Google Drive, Gmail, Dropbox, Notion, etc.)
• AI prompts, chat messages, and conversation history
• AI-generated responses and outputs
• Social media posts, captions, and media created within the Socials feature
• Memory notes, insights, and summaries created by our Enhanced Memory system
• Project data, workspace configurations, and organizational structures
• Tags, labels, and metadata you create

Why we collect it: To power the Enhanced Memory system, provide intelligent context to AI models, enable document search and retrieval, generate insights, facilitate social media scheduling, and deliver personalized AI experiences across your workspace.

1.3 Usage & Technical Data

What we collect:

• IP address and general location (city/country level)
• Device type, operating system, and browser information
• Session data, timestamps, and feature usage patterns
• Performance metrics, error logs, and diagnostic data
• Token usage statistics and AI model selection history
• Page views, navigation paths, and interaction events
• Social media publishing status (success/failure logs)

Why we collect it: To monitor system performance, detect security threats, optimize user experience, enforce fair use policies, manage token allocation and fallback systems, and improve our platform.

1.4 Third-Party Integration Data (Optional & User-Initiated)

Hubalot integrates with external services only when you explicitly authorize the connection. We collect data from these services solely to perform the specific actions you request.

Social Media Platforms (Socials Feature):

When you connect accounts (Facebook, Instagram, Threads, Twitter/X, LinkedIn, YouTube, TikTok) via OAuth 2.0:

• Profile Data: We access basic profile information (username, display name, profile picture) to identify the account in your dashboard.
• Tokens: We store encrypted access tokens and refresh tokens to maintain the connection.
• Post Data: We store the ID and URL of posts published via Hubalot for tracking purposes.

We do NOT: Store your passwords or access your private direct messages (DMs).

Google Drive:

• Only the specific files you select via Google Drive Picker
• File metadata (name, type, modification date)
• File content for indexing in Enhanced Memory

Gmail:

• Individual emails you explicitly open for summarization
• Email metadata (sender, subject, date)
• Email content for AI processing (never bulk-ingested or stored permanently without your action)

Dropbox:

• Only files or folders you explicitly select
• File metadata and content for Enhanced Memory indexing

Notion:

• Only pages or databases you explicitly select
• Page content and structure for Enhanced Memory integration

Other Integrations:

• Data access is limited to user-selected items only
• No background syncing or bulk data collection
• All integrations use OAuth 2.0 (we never request or store your passwords)

Important: Hubalot does not crawl, sync, or access your entire cloud storage or email accounts. We only access the specific items you choose to import or process.

1.5 What We Don't Collect

Hubalot does NOT collect:

• Passwords for any service (all integrations use OAuth 2.0)
• Bulk or automated access to your cloud storage or email
• Browsing history outside of Hubalot
• Sensitive personal information (health records, financial account numbers, government IDs) unless you explicitly upload such documents
• Information from children under 13

2. How We Use Your Data

Hubalot uses your information solely to deliver, improve, and secure our services:

2.1 Service Delivery

• Provide core features: Process AI requests, generate responses, manage documents, and deliver workspace functionality
• Social Media Publishing: Schedule and publish your text, images, and videos to the third-party platforms you have connected (Facebook, Instagram, Twitter/X, LinkedIn, YouTube, TikTok, Threads)
• Enhanced Memory system: Analyze, index, and retrieve relevant context from your uploaded content to provide intelligent, personalized AI interactions
• AI model routing: Select appropriate AI models based on your requests and share necessary context with third-party AI providers to generate responses
• AUTO mode functionality: Automatically determine the best AI model for each prompt and route your request with relevant Enhanced Memory context
• Token management: Track usage, implement fallback systems, and ensure fair resource allocation across membership tiers

2.2 Personalization & Intelligence

• Customize your workspace: Remember preferences, settings, and organizational structures
• Generate insights: Create summaries, extract key information, and identify patterns in your content
• Improve relevance: Use conversation history and memory data to provide contextually aware AI responses
• Optimize recommendations: Suggest relevant documents, past conversations, and AI models based on your usage patterns

2.3 Account Management & Billing

• Process payments: Manage subscriptions, process renewals, and handle billing inquiries
• Enforce plan limits: Monitor storage usage (1GB Free / 10GB Pro / 50GB Elite) and token allocations
• Communicate with you: Send account notifications, billing receipts, service updates, and support responses
• Provide customer support: Troubleshoot issues, answer questions, and resolve technical problems

2.4 Platform Improvement & Security

• Analyze usage patterns: Understand how features are used to prioritize development and improvements (using aggregated, anonymized data)
• Detect abuse: Identify unusual usage patterns that may indicate system exploitation, token abuse, or security threats
• Monitor performance: Track system health, response times, and error rates to maintain service quality
• Conduct research: Develop new features and improve AI routing algorithms (using anonymized data only)

2.5 Legal & Compliance

• Comply with laws: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service
• Protect rights: Defend against legal claims and protect the security and integrity of our platform
• Prevent fraud: Detect and prevent fraudulent transactions, account abuse, and unauthorized access

We never sell your personal information or user content to third parties.

3. Data Sharing & Third-Party AI Providers

3.1 Our Commitment: No Data Sales

Hubalot does not sell, rent, lease, or trade your personal information or content to any third party for marketing, advertising, or any other commercial purpose.

Your data is shared only in the limited circumstances described below, and always in service of delivering the functionality you've requested.

3.2 Sharing with AI Model Providers

To deliver AI-powered features, Hubalot must share your prompts and relevant context with third-party AI providers.

When you submit a request to an AI model (or when AUTO mode selects a model for you), we transmit:

• Your prompt or question
• Relevant context from Enhanced Memory (excerpts from your documents, previous conversations, project data, and profile information that our system determines is pertinent to your request)
• Conversation history (for multi-turn dialogues)
• Technical metadata (model preferences, temperature settings, etc.)

Third-party AI providers we work with include:

• OpenAI (GPT-4, GPT-3.5, DALL-E, Whisper)
• Anthropic (Claude Opus, Claude Sonnet, Claude Haiku)
• Google (Gemini Ultra, Gemini Pro, Gemini Flash)
• xAI (Grok)
• Perplexity (Sonar models)
• Mistral AI
• Meta (Llama models)
• Stability AI (image generation)
• ElevenLabs (voice generation)
• Suno (music generation)
• Runway, Pika, Luma (video generation)

Important safeguards:

1. Contractual protections: We maintain data processing agreements with AI providers that prohibit them from using your data to train their models or for purposes beyond processing your specific requests
2. Selective context: Hubalot shares only the context that's relevant to your prompt—not your entire document library
3. No persistent storage: Most AI providers process requests in real-time and do not retain your data after generating responses (subject to their own privacy policies and retention requirements)
4. Provider policies apply: Each AI provider has its own privacy policy and data practices. While we select providers with strong privacy commitments, we encourage you to review their policies
5. Your control: You choose which AI models to use. If you have concerns about a specific provider, you can avoid using their models

3.3 AUTO Mode & Enhanced AUTO Mode Consent

When you activate AUTO or ENHANCED AUTO mode, you explicitly authorize Hubalot to:

• Analyze your prompt to determine the most appropriate AI model
• Share your prompt and relevant Enhanced Memory context with whichever AI provider(s) we select
• Route your request across multiple providers if beneficial (e.g., using one model for research and another for synthesis)
• Make these decisions dynamically without requiring per-request approval

This automated routing is core to Hubalot's value proposition—delivering the best AI for each task while maintaining your context across models.

3.4 Service Providers & Infrastructure Partners

We share limited data with trusted service providers who help us operate Hubalot:

Hosting & Infrastructure:

• Cloud hosting providers (AWS, Google Cloud, or similar) for data storage and computing
• Content delivery networks (CDNs) for performance optimization

Payment Processing:

• Stripe or similar payment processors for billing (they receive payment information directly; we only store tokenized references)

Analytics & Monitoring:

• Error tracking and performance monitoring tools (we use anonymized or pseudonymized data where possible)
• Analytics platforms to understand feature usage (aggregated data only)

Communication:

• Email service providers for transactional emails and support communications

All service providers:

• Are bound by strict data processing agreements
• Are prohibited from using your data for their own purposes
• Must maintain security standards equivalent to or exceeding ours
• Have access only to the minimum data necessary to perform their specific function

3.5 Integration Providers (User-Initiated Only)

When you connect third-party services, we access those services on your behalf using OAuth tokens.

Cloud/Email Services (Google, Dropbox, Notion):

We access specific items you select.

Social Media Platforms (Meta, X, LinkedIn, TikTok, YouTube):

When you schedule a post, we transmit the content (text, image, video) to the respective platform's API for publication. By using this feature, you acknowledge that once content is published to a third-party platform, it is governed by that platform's privacy policy.

3.6 Legal Requirements & Protection of Rights

We may disclose your information if required to do so by law or in response to:

• Valid legal process: Subpoenas, court orders, or other lawful government requests
• Legal obligations: Compliance with applicable laws and regulations
• Safety & security: Protecting the rights, property, or safety of Hubalot, our users, or the public
• Fraud prevention: Detecting, preventing, or addressing fraud, security, or technical issues
• Enforcement: Enforcing our Terms of Service and investigating violations

When legally permitted, we will notify you of such requests and provide you an opportunity to object.

3.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.

4. Data Protection & Security

Security is paramount at Hubalot. We implement industry-leading security measures to protect your data.

4.1 Encryption

Data at rest:

• AES-256 encryption for all stored data (documents, conversations, memory data, account information)
• Encrypted database backups with secure key management
• Separate encryption keys per customer where feasible

Data in transit:

• TLS 1.3+ encryption for all data transmitted between your device and Hubalot servers
• TLS encryption for all communication with third-party AI providers and service providers
• Certificate pinning and strict transport security policies

4.2 Access Controls

Row-level security:

• Database architecture ensures users can only access their own data
• No user can view or access another user's documents, conversations, or workspace

Authentication & authorization:

• Secure password hashing using industry-standard algorithms (bcrypt/Argon2)
• Multi-factor authentication (MFA) available for all accounts
• Session management with automatic timeout and secure token handling
• Role-based access controls for administrative functions

Principle of least privilege:

• Hubalot employees have access only to the systems necessary for their role
• Customer data access is logged and monitored
• Administrative access requires additional authentication

4.3 OAuth Security

All third-party integrations use OAuth 2.0:

• We never request or store your passwords for external services
• OAuth tokens are encrypted and stored securely
• Tokens have limited scopes (minimum permissions necessary)
• You can revoke access at any time from your account settings

4.4 AI Training Protection

Your content is NOT used to train AI models: We have contractual agreements with AI providers prohibiting training on customer data. We use API endpoints that exclude data from training datasets. Your conversations and documents remain private and are not used to improve third-party models.

Exception: Aggregated, anonymized usage statistics may be used to improve Hubalot's routing algorithms—but never in a way that could identify you or reveal your content.

4.5 Infrastructure Security

• Firewalls and intrusion detection/prevention systems
• DDoS protection and rate limiting
• Regular security audits and vulnerability assessments
• Secure coding practices and code review processes
• 24/7 security monitoring and anomaly detection

No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and notifying us immediately of any unauthorized access.

5. Google API & YouTube Services Compliance

Hubalot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Google Drive Integration

Scope Used: https://www.googleapis.com/auth/drive.file

Purpose: Allows Hubalot to access only the specific files a user selects via the Google Drive Picker for Enhanced Memory indexing.

5.2 Gmail Integration

Scope Used: https://www.googleapis.com/auth/gmail.readonly (Restricted Scope)

Purpose: Allows users to open individual emails for AI-powered summarization and analysis.

5.3 YouTube Integration (Socials Feature)

Hubalot allows users to upload and schedule videos to YouTube.

YouTube API Services:

By using the YouTube integration within Hubalot, you agree to be bound by the YouTube Terms of Service.

Google Privacy Policy:

You acknowledge that your use of this integration is subject to the Google Privacy Policy.

Data Access:

Hubalot accesses your YouTube channel solely to upload video content you have scheduled and to retrieve the status of those uploads. We do not access, view, or store your private viewing history.

Revocation:

You can revoke Hubalot's access to your YouTube data via the Google Security Settings page.

5.4 Limited Use Disclosure

Hubalot's use of information received from Google APIs (including YouTube) is limited to:

1. Providing and improving user-facing features (scheduling, summarizing, indexing).
2. Security purposes.
3. Compliance with applicable laws.

Hubalot does NOT:

• Use Google user data for serving advertisements.
• Allow humans to read Google user data unless necessary for security or compliance.
• Transfer Google user data to third parties except as necessary to provide user-facing features.

6. Data Storage, Retention & Deletion

6.1 Storage Limits by Plan

• Free Plan: 1 GB of storage
• Pro Plan: 10 GB of storage
• Elite Plan: 50 GB of storage

6.2 Data Retention & Deletion

Active accounts: Data retained as long as account is active.

Deletion: You can delete individual items or your entire account at any time. Upon account deletion, data is permanently removed within 30 days.

7. Your Privacy Rights

Hubalot respects your privacy rights under applicable laws (GDPR, CCPA/CPRA). You have the right to Access, Correct, Delete, or Export your data. To exercise these rights, email privacy@hubalot.com.

8. Security Monitoring & Incident Response

We employ real-time anomaly detection, automated threat monitoring, and have a 24/7 incident response team. We will notify users within 72 hours of any confirmed data breach.

9. Children's Privacy

Hubalot is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

10. International Data Transfers

Hubalot operates globally. For transfers outside your country, we use Standard Contractual Clauses (SCCs) to ensure adequate protection.

11. Cookies & Tracking Technologies

We use essential cookies for security and analytics cookies for performance. We do NOT use third-party advertising cookies or cross-site tracking for marketing purposes.

12. Marketing Communications

You can unsubscribe from marketing emails at any time. Transactional emails regarding your account status cannot be opted out.

13. Third-Party Links & Services

Hubalot connects to third-party services. By using the Socials feature, you acknowledge that your data, once published, is subject to the privacy policies of the respective platforms:

• YouTube Terms of Service & Google Privacy Policy
• Meta Privacy Policy (Facebook/Instagram/Threads)
• X Privacy Policy
• LinkedIn Privacy Policy
• TikTok Privacy Policy

14. Business Transfers & Corporate Changes

In the event of a merger or acquisition, we will notify you before your data is transferred and becomes subject to a different privacy policy.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of Hubalot after changes take effect constitutes your acceptance of the updated Privacy Policy.

16. Contact Us & Data Protection Officer

Privacy Team: privacy@hubalot.com

Security Team: security@hubalot.com

Support: support@hubalot.com

Mailing Address: Hubalot, Inc. 30 N Gould St Ste N Sheridan, WY 82801

17. Acknowledgment & Consent

By creating an account and using Hubalot, you acknowledge that:

1. You have read and understood this Privacy Policy.
2. You consent to the collection, use, and sharing of your information as described herein.
3. You explicitly consent to the data practices regarding Social Media Integrations (Section 1.4, 3.5, 5.3).
4. You understand your privacy rights and how to exercise them.

18. Specific Disclosures for Regulatory Compliance

GDPR (EU/EEA): Hubalot, Inc. is the data controller. You have the right to lodge a complaint with your local authority.

CCPA/CPRA (California): Hubalot does NOT sell personal information.

19. Transparency Report

We publish an annual Transparency Report detailing the number and types of government requests we receive.

20. Final Notes

Key principles that guide our privacy practices:

• ✓ Your data is yours
• ✓ We don't sell your data
• ✓ Security first
• ✓ Minimal collection
• ✓ User control
• ✓ Compliance

Thank you for trusting Hubalot with your data.