Hubalot Privacy Policy

Effective Date: December 9, 2025
Last Updated: December 9, 2025
Version: 2.1

Introduction

Hubalot is built with privacy and security as foundational principles. We believe your data belongs to you—not to us, not to advertisers, and not to third parties.

This Privacy Policy explains what information we collect, how we use and protect it, how we share data with AI providers and Social Media platforms to deliver our services, and how we comply with data protection laws including GDPR, CCPA, and third-party API requirements (including Google and YouTube API Services).

By using Hubalot, you acknowledge and consent to the data practices described in this policy.

1. Information We Collect

To provide, secure, and improve Hubalot's services, we collect the following categories of information:

1.1 Account Information

What we collect:

Full name
Email address
Billing information (credit card details are encrypted and processed by third-party payment processors; Hubalot never stores complete payment card numbers)
Account preferences and settings
Subscription tier and billing history

Why we collect it: To create and manage your account, process payments, provide customer support, and deliver subscription benefits.

1.2 User Content & Enhanced Memory Data

What we collect:

Files and documents you upload to Hubalot
Content connected via third-party integrations (Google Drive, Gmail, Dropbox, Notion, etc.)
AI prompts, chat messages, and conversation history
AI-generated responses and outputs
Social media posts, captions, and media created within the Socials feature
Memory notes, insights, and summaries created by our Enhanced Memory system
Project data, workspace configurations, and organizational structures
Tags, labels, and metadata you create

Why we collect it: To power the Enhanced Memory system, provide intelligent context to AI models, enable document search and retrieval, generate insights, facilitate social media scheduling, and deliver personalized AI experiences across your workspace.

1.3 Usage & Technical Data

What we collect:

IP address and general location (city/country level)
Device type, operating system, and browser information
Session data, timestamps, and feature usage patterns
Performance metrics, error logs, and diagnostic data
Token usage statistics and AI model selection history
Page views, navigation paths, and interaction events
Social media publishing status (success/failure logs)

Why we collect it: To monitor system performance, detect security threats, optimize user experience, enforce fair use policies, manage token allocation and fallback systems, and improve our platform.

1.4 Third-Party Integration Data (Optional & User-Initiated)

Hubalot integrates with external services only when you explicitly authorize the connection. We collect data from these services solely to perform the specific actions you request.

Social Media Platforms (Socials Feature):

When you connect accounts (Facebook, Instagram, Threads, Twitter/X, LinkedIn, YouTube, TikTok) via OAuth 2.0:

Profile Data: We access basic profile information (username, display name, profile picture) to identify the account in your dashboard.
Tokens: We store encrypted access tokens and refresh tokens to maintain the connection.
Post Data: We store the ID and URL of posts published via Hubalot for tracking purposes.

We do NOT: Store your passwords or access your private direct messages (DMs).

Google Drive:

Only the specific files you select via Google Drive Picker
File metadata (name, type, modification date)
File content for indexing in Enhanced Memory

Gmail:

Individual emails you explicitly open for summarization
Email metadata (sender, subject, date)
Email content for AI processing (never bulk-ingested or stored permanently without your action)

Dropbox:

Only files or folders you explicitly select
File metadata and content for Enhanced Memory indexing

Notion:

Only pages or databases you explicitly select
Page content and structure for Enhanced Memory integration

Other Integrations:

Data access is limited to user-selected items only
No background syncing or bulk data collection
All integrations use OAuth 2.0 (we never request or store your passwords)

Important: Hubalot does not crawl, sync, or access your entire cloud storage or email accounts. We only access the specific items you choose to import or process.

1.5 What We Don't Collect

Hubalot does NOT collect:

Passwords for any service (all integrations use OAuth 2.0)
Bulk or automated access to your cloud storage or email
Browsing history outside of Hubalot
Sensitive personal information (health records, financial account numbers, government IDs) unless you explicitly upload such documents
Information from children under 13

2. How We Use Your Data

Hubalot uses your information solely to deliver, improve, and secure our services:

2.1 Service Delivery

Provide core features: Process AI requests, generate responses, manage documents, and deliver workspace functionality
Social Media Publishing: Schedule and publish your text, images, and videos to the third-party platforms you have connected (Facebook, Instagram, Twitter/X, LinkedIn, YouTube, TikTok, Threads)
Enhanced Memory system: Analyze, index, and retrieve relevant context from your uploaded content to provide intelligent, personalized AI interactions
AI model routing: Select appropriate AI models based on your requests and share necessary context with third-party AI providers to generate responses
AUTO mode functionality: Automatically determine the best AI model for each prompt and route your request with relevant Enhanced Memory context
Token management: Track usage, implement fallback systems, and ensure fair resource allocation across membership tiers

2.2 Personalization & Intelligence

Customize your workspace: Remember preferences, settings, and organizational structures
Generate insights: Create summaries, extract key information, and identify patterns in your content
Improve relevance: Use conversation history and memory data to provide contextually aware AI responses
Optimize recommendations: Suggest relevant documents, past conversations, and AI models based on your usage patterns

2.3 Account Management & Billing

Process payments: Manage subscriptions, process renewals, and handle billing inquiries
Enforce plan limits: Monitor storage usage (1GB Free / 10GB Pro / 50GB Elite) and token allocations
Communicate with you: Send account notifications, billing receipts, service updates, and support responses
Provide customer support: Troubleshoot issues, answer questions, and resolve technical problems

2.4 Platform Improvement & Security

Analyze usage patterns: Understand how features are used to prioritize development and improvements (using aggregated, anonymized data)
Detect abuse: Identify unusual usage patterns that may indicate system exploitation, token abuse, or security threats
Monitor performance: Track system health, response times, and error rates to maintain service quality
Conduct research: Develop new features and improve AI routing algorithms (using anonymized data only)

2.5 Legal & Compliance

Comply with laws: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service
Protect rights: Defend against legal claims and protect the security and integrity of our platform
Prevent fraud: Detect and prevent fraudulent transactions, account abuse, and unauthorized access

We never sell your personal information or user content to third parties.

3. Data Sharing & Third-Party AI Providers

3.1 Our Commitment: No Data Sales

Hubalot does not sell, rent, lease, or trade your personal information or content to any third party for marketing, advertising, or any other commercial purpose.

Your data is shared only in the limited circumstances described below, and always in service of delivering the functionality you've requested.

3.2 Sharing with AI Model Providers

To deliver AI-powered features, Hubalot must share your prompts and relevant context with third-party AI providers.

When you submit a request to an AI model (or when AUTO mode selects a model for you), we transmit:

Your prompt or question
Relevant context from Enhanced Memory (excerpts from your documents, previous conversations, project data, and profile information that our system determines is pertinent to your request)
Conversation history (for multi-turn dialogues)
Technical metadata (model preferences, temperature settings, etc.)

Third-party AI providers we work with include:

OpenAI (GPT-4, GPT-3.5, DALL-E, Whisper)
Anthropic (Claude Opus, Claude Sonnet, Claude Haiku)
Google (Gemini Ultra, Gemini Pro, Gemini Flash)
xAI (Grok)
Perplexity (Sonar models)
Mistral AI
Meta (Llama models)
Stability AI (image generation)
ElevenLabs (voice generation)
Suno (music generation)
Runway, Pika, Luma (video generation)

Important safeguards:

Contractual protections: We maintain data processing agreements with AI providers that prohibit them from using your data to train their models or for purposes beyond processing your specific requests
Selective context: Hubalot shares only the context that's relevant to your prompt—not your entire document library
No persistent storage: Most AI providers process requests in real-time and do not retain your data after generating responses (subject to their own privacy policies and retention requirements)
Provider policies apply: Each AI provider has its own privacy policy and data practices. While we select providers with strong privacy commitments, we encourage you to review their policies
Your control: You choose which AI models to use. If you have concerns about a specific provider, you can avoid using their models

3.3 AUTO Mode & Enhanced AUTO Mode Consent

When you activate AUTO or ENHANCED AUTO mode, you explicitly authorize Hubalot to:

Analyze your prompt to determine the most appropriate AI model
Share your prompt and relevant Enhanced Memory context with whichever AI provider(s) we select
Route your request across multiple providers if beneficial (e.g., using one model for research and another for synthesis)
Make these decisions dynamically without requiring per-request approval

This automated routing is core to Hubalot's value proposition—delivering the best AI for each task while maintaining your context across models.

3.4 Service Providers & Infrastructure Partners

We share limited data with trusted service providers who help us operate Hubalot:

Hosting & Infrastructure:

Cloud hosting providers (AWS, Google Cloud, or similar) for data storage and computing
Content delivery networks (CDNs) for performance optimization

Payment Processing:

Stripe or similar payment processors for billing (they receive payment information directly; we only store tokenized references)

Analytics & Monitoring:

Error tracking and performance monitoring tools (we use anonymized or pseudonymized data where possible)
Analytics platforms to understand feature usage (aggregated data only)

Communication:

Email service providers for transactional emails and support communications

All service providers:

Are bound by strict data processing agreements
Are prohibited from using your data for their own purposes
Must maintain security standards equivalent to or exceeding ours
Have access only to the minimum data necessary to perform their specific function

3.5 Integration Providers (User-Initiated Only)

When you connect third-party services, we access those services on your behalf using OAuth tokens.

Cloud/Email Services (Google, Dropbox, Notion):

We access specific items you select.

Social Media Platforms (Meta, X, LinkedIn, TikTok, YouTube):

When you schedule a post, we transmit the content (text, image, video) to the respective platform's API for publication. By using this feature, you acknowledge that once content is published to a third-party platform, it is governed by that platform's privacy policy.

3.6 Legal Requirements & Protection of Rights

We may disclose your information if required to do so by law or in response to:

Valid legal process: Subpoenas, court orders, or other lawful government requests
Legal obligations: Compliance with applicable laws and regulations
Safety & security: Protecting the rights, property, or safety of Hubalot, our users, or the public
Fraud prevention: Detecting, preventing, or addressing fraud, security, or technical issues
Enforcement: Enforcing our Terms of Service and investigating violations

When legally permitted, we will notify you of such requests and provide you an opportunity to object.

3.7 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.

4. Data Protection & Security

Security is paramount at Hubalot. We implement industry-leading security measures to protect your data.

4.1 Encryption

Data at rest:

AES-256 encryption for all stored data (documents, conversations, memory data, account information)
Encrypted database backups with secure key management
Separate encryption keys per customer where feasible

Data in transit:

TLS 1.3+ encryption for all data transmitted between your device and Hubalot servers
TLS encryption for all communication with third-party AI providers and service providers
Certificate pinning and strict transport security policies

4.2 Access Controls

Row-level security:

Database architecture ensures users can only access their own data
No user can view or access another user's documents, conversations, or workspace

Authentication & authorization:

Secure password hashing using industry-standard algorithms (bcrypt/Argon2)
Multi-factor authentication (MFA) available for all accounts
Session management with automatic timeout and secure token handling
Role-based access controls for administrative functions

Principle of least privilege:

Hubalot employees have access only to the systems necessary for their role
Customer data access is logged and monitored
Administrative access requires additional authentication

4.3 OAuth Security

All third-party integrations use OAuth 2.0:

We never request or store your passwords for external services
OAuth tokens are encrypted and stored securely
Tokens have limited scopes (minimum permissions necessary)
You can revoke access at any time from your account settings

4.4 AI Training Protection

Your content is NOT used to train AI models: We have contractual agreements with AI providers prohibiting training on customer data. We use API endpoints that exclude data from training datasets. Your conversations and documents remain private and are not used to improve third-party models.

Exception: Aggregated, anonymized usage statistics may be used to improve Hubalot's routing algorithms—but never in a way that could identify you or reveal your content.

4.5 Infrastructure Security

Firewalls and intrusion detection/prevention systems
DDoS protection and rate limiting
Regular security audits and vulnerability assessments
Secure coding practices and code review processes
24/7 security monitoring and anomaly detection

No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and notifying us immediately of any unauthorized access.

5. Google API & YouTube Services Compliance

Hubalot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Google Drive Integration

Scope Used: https://www.googleapis.com/auth/drive.file

Purpose: Allows Hubalot to access only the specific files a user selects via the Google Drive Picker for Enhanced Memory indexing.

5.2 Gmail Integration

Scope Used: https://www.googleapis.com/auth/gmail.readonly (Restricted Scope)

Purpose: Allows users to open individual emails for AI-powered summarization and analysis.

5.3 YouTube Integration (Socials Feature)

Hubalot allows users to upload and schedule videos to YouTube.

YouTube API Services:

By using the YouTube integration within Hubalot, you agree to be bound by the YouTube Terms of Service.

Google Privacy Policy:

You acknowledge that your use of this integration is subject to the Google Privacy Policy.

Data Access:

Hubalot accesses your YouTube channel solely to upload video content you have scheduled and to retrieve the status of those uploads. We do not access, view, or store your private viewing history.

Revocation:

You can revoke Hubalot's access to your YouTube data via the Google Security Settings page.

5.4 Limited Use Disclosure

Hubalot's use of information received from Google APIs (including YouTube) is limited to:

Providing and improving user-facing features (scheduling, summarizing, indexing).
Security purposes.
Compliance with applicable laws.

Hubalot does NOT:

Use Google user data for serving advertisements.
Allow humans to read Google user data unless necessary for security or compliance.
Transfer Google user data to third parties except as necessary to provide user-facing features.

6. Data Storage, Retention & Deletion

6.1 Storage Limits by Plan

Free Plan: 1 GB of storage
Pro Plan: 10 GB of storage
Elite Plan: 50 GB of storage

6.2 Data Retention & Deletion

Active accounts: Data retained as long as account is active.

Deletion: You can delete individual items or your entire account at any time. Upon account deletion, data is permanently removed within 30 days.

7. Your Privacy Rights

Hubalot respects your privacy rights under applicable laws (GDPR, CCPA/CPRA). You have the right to Access, Correct, Delete, or Export your data. To exercise these rights, email privacy@hubalot.com.

8. Security Monitoring & Incident Response

We employ real-time anomaly detection, automated threat monitoring, and have a 24/7 incident response team. We will notify users within 72 hours of any confirmed data breach.

9. Children's Privacy

Hubalot is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

10. International Data Transfers

Hubalot operates globally. For transfers outside your country, we use Standard Contractual Clauses (SCCs) to ensure adequate protection.

11. Cookies & Tracking Technologies

We use essential cookies for security and analytics cookies for performance. We do NOT use third-party advertising cookies or cross-site tracking for marketing purposes.

12. Marketing Communications

You can unsubscribe from marketing emails at any time. Transactional emails regarding your account status cannot be opted out.

13. Third-Party Links & Services

Hubalot connects to third-party services. By using the Socials feature, you acknowledge that your data, once published, is subject to the privacy policies of the respective platforms:

YouTube Terms of Service & Google Privacy Policy
Meta Privacy Policy (Facebook/Instagram/Threads)
X Privacy Policy
LinkedIn Privacy Policy
TikTok Privacy Policy

14. Business Transfers & Corporate Changes

In the event of a merger or acquisition, we will notify you before your data is transferred and becomes subject to a different privacy policy.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of Hubalot after changes take effect constitutes your acceptance of the updated Privacy Policy.

16. Contact Us & Data Protection Officer

Privacy Team: privacy@hubalot.com

Security Team: security@hubalot.com

Support: support@hubalot.com

Mailing Address: Hubalot, Inc. 30 N Gould St Ste N Sheridan, WY 82801

17. Acknowledgment & Consent

By creating an account and using Hubalot, you acknowledge that:

You have read and understood this Privacy Policy.
You consent to the collection, use, and sharing of your information as described herein.
You explicitly consent to the data practices regarding Social Media Integrations (Section 1.4, 3.5, 5.3).
You understand your privacy rights and how to exercise them.

18. Specific Disclosures for Regulatory Compliance

GDPR (EU/EEA): Hubalot, Inc. is the data controller. You have the right to lodge a complaint with your local authority.

CCPA/CPRA (California): Hubalot does NOT sell personal information.

19. Transparency Report

We publish an annual Transparency Report detailing the number and types of government requests we receive.

20. Final Notes

Key principles that guide our privacy practices:

✓ Your data is yours
✓ We don't sell your data
✓ Security first
✓ Minimal collection
✓ User control
✓ Compliance

Thank you for trusting Hubalot with your data.

Thank you for trusting Hubalot with your data.

Last Updated: December 9, 2025
Version: 2.1
Effective Date: December 9, 2025

Hubalot, Inc. — One Command Center. Every AI. One Memory.

Effective Date: December 9, 2025
Last Updated: December 9, 2025
Version: 2.1

Introduction

Hubalot is built with privacy and security as foundational principles. We believe your data belongs to you—not to us, not to advertisers, and not to third parties.

By using Hubalot, you acknowledge and consent to the data practices described in this policy.

1. Information We Collect

To provide, secure, and improve Hubalot's services, we collect the following categories of information:

1.1 Account Information

What we collect:

Full name
Email address
Billing information (credit card details are encrypted and processed by third-party payment processors; Hubalot never stores complete payment card numbers)
Account preferences and settings
Subscription tier and billing history

Why we collect it: To create and manage your account, process payments, provide customer support, and deliver subscription benefits.

1.2 User Content & Enhanced Memory Data

What we collect:

Files and documents you upload to Hubalot
Content connected via third-party integrations (Google Drive, Gmail, Dropbox, Notion, etc.)
AI prompts, chat messages, and conversation history
AI-generated responses and outputs
Social media posts, captions, and media created within the Socials feature
Memory notes, insights, and summaries created by our Enhanced Memory system
Project data, workspace configurations, and organizational structures
Tags, labels, and metadata you create

1.3 Usage & Technical Data

What we collect:

IP address and general location (city/country level)
Device type, operating system, and browser information
Session data, timestamps, and feature usage patterns
Performance metrics, error logs, and diagnostic data
Token usage statistics and AI model selection history
Page views, navigation paths, and interaction events
Social media publishing status (success/failure logs)

1.4 Third-Party Integration Data (Optional & User-Initiated)

Hubalot integrates with external services only when you explicitly authorize the connection. We collect data from these services solely to perform the specific actions you request.

Social Media Platforms (Socials Feature):

When you connect accounts (Facebook, Instagram, Threads, Twitter/X, LinkedIn, YouTube, TikTok) via OAuth 2.0:

Profile Data: We access basic profile information (username, display name, profile picture) to identify the account in your dashboard.
Tokens: We store encrypted access tokens and refresh tokens to maintain the connection.
Post Data: We store the ID and URL of posts published via Hubalot for tracking purposes.

We do NOT: Store your passwords or access your private direct messages (DMs).

Google Drive:

Only the specific files you select via Google Drive Picker
File metadata (name, type, modification date)
File content for indexing in Enhanced Memory

Gmail:

Individual emails you explicitly open for summarization
Email metadata (sender, subject, date)
Email content for AI processing (never bulk-ingested or stored permanently without your action)

Dropbox:

Only files or folders you explicitly select
File metadata and content for Enhanced Memory indexing

Notion:

Only pages or databases you explicitly select
Page content and structure for Enhanced Memory integration

Other Integrations:

Data access is limited to user-selected items only
No background syncing or bulk data collection
All integrations use OAuth 2.0 (we never request or store your passwords)

Important: Hubalot does not crawl, sync, or access your entire cloud storage or email accounts. We only access the specific items you choose to import or process.

1.5 What We Don't Collect

Hubalot does NOT collect:

Passwords for any service (all integrations use OAuth 2.0)
Bulk or automated access to your cloud storage or email
Browsing history outside of Hubalot
Sensitive personal information (health records, financial account numbers, government IDs) unless you explicitly upload such documents
Information from children under 13

2. How We Use Your Data

Hubalot uses your information solely to deliver, improve, and secure our services:

2.1 Service Delivery

Provide core features: Process AI requests, generate responses, manage documents, and deliver workspace functionality
Social Media Publishing: Schedule and publish your text, images, and videos to the third-party platforms you have connected (Facebook, Instagram, Twitter/X, LinkedIn, YouTube, TikTok, Threads)
Enhanced Memory system: Analyze, index, and retrieve relevant context from your uploaded content to provide intelligent, personalized AI interactions
AI model routing: Select appropriate AI models based on your requests and share necessary context with third-party AI providers to generate responses
AUTO mode functionality: Automatically determine the best AI model for each prompt and route your request with relevant Enhanced Memory context
Token management: Track usage, implement fallback systems, and ensure fair resource allocation across membership tiers

2.2 Personalization & Intelligence

Customize your workspace: Remember preferences, settings, and organizational structures
Generate insights: Create summaries, extract key information, and identify patterns in your content
Improve relevance: Use conversation history and memory data to provide contextually aware AI responses
Optimize recommendations: Suggest relevant documents, past conversations, and AI models based on your usage patterns

2.3 Account Management & Billing

Process payments: Manage subscriptions, process renewals, and handle billing inquiries
Enforce plan limits: Monitor storage usage (1GB Free / 10GB Pro / 50GB Elite) and token allocations
Communicate with you: Send account notifications, billing receipts, service updates, and support responses
Provide customer support: Troubleshoot issues, answer questions, and resolve technical problems

2.4 Platform Improvement & Security

Analyze usage patterns: Understand how features are used to prioritize development and improvements (using aggregated, anonymized data)
Detect abuse: Identify unusual usage patterns that may indicate system exploitation, token abuse, or security threats
Monitor performance: Track system health, response times, and error rates to maintain service quality
Conduct research: Develop new features and improve AI routing algorithms (using anonymized data only)

2.5 Legal & Compliance

Comply with laws: Meet legal obligations, respond to lawful requests, and enforce our Terms of Service
Protect rights: Defend against legal claims and protect the security and integrity of our platform
Prevent fraud: Detect and prevent fraudulent transactions, account abuse, and unauthorized access

We never sell your personal information or user content to third parties.

3. Data Sharing & Third-Party AI Providers

3.1 Our Commitment: No Data Sales

Hubalot does not sell, rent, lease, or trade your personal information or content to any third party for marketing, advertising, or any other commercial purpose.

Your data is shared only in the limited circumstances described below, and always in service of delivering the functionality you've requested.

3.2 Sharing with AI Model Providers

To deliver AI-powered features, Hubalot must share your prompts and relevant context with third-party AI providers.

When you submit a request to an AI model (or when AUTO mode selects a model for you), we transmit:

Your prompt or question
Relevant context from Enhanced Memory (excerpts from your documents, previous conversations, project data, and profile information that our system determines is pertinent to your request)
Conversation history (for multi-turn dialogues)
Technical metadata (model preferences, temperature settings, etc.)

Third-party AI providers we work with include:

OpenAI (GPT-4, GPT-3.5, DALL-E, Whisper)
Anthropic (Claude Opus, Claude Sonnet, Claude Haiku)
Google (Gemini Ultra, Gemini Pro, Gemini Flash)
xAI (Grok)
Perplexity (Sonar models)
Mistral AI
Meta (Llama models)
Stability AI (image generation)
ElevenLabs (voice generation)
Suno (music generation)
Runway, Pika, Luma (video generation)

Important safeguards:

Contractual protections: We maintain data processing agreements with AI providers that prohibit them from using your data to train their models or for purposes beyond processing your specific requests
Selective context: Hubalot shares only the context that's relevant to your prompt—not your entire document library
No persistent storage: Most AI providers process requests in real-time and do not retain your data after generating responses (subject to their own privacy policies and retention requirements)
Provider policies apply: Each AI provider has its own privacy policy and data practices. While we select providers with strong privacy commitments, we encourage you to review their policies
Your control: You choose which AI models to use. If you have concerns about a specific provider, you can avoid using their models

3.3 AUTO Mode & Enhanced AUTO Mode Consent

When you activate AUTO or ENHANCED AUTO mode, you explicitly authorize Hubalot to:

Analyze your prompt to determine the most appropriate AI model
Share your prompt and relevant Enhanced Memory context with whichever AI provider(s) we select
Route your request across multiple providers if beneficial (e.g., using one model for research and another for synthesis)
Make these decisions dynamically without requiring per-request approval

This automated routing is core to Hubalot's value proposition—delivering the best AI for each task while maintaining your context across models.

3.4 Service Providers & Infrastructure Partners

We share limited data with trusted service providers who help us operate Hubalot:

Hosting & Infrastructure:

Cloud hosting providers (AWS, Google Cloud, or similar) for data storage and computing
Content delivery networks (CDNs) for performance optimization

Payment Processing:

Stripe or similar payment processors for billing (they receive payment information directly; we only store tokenized references)

Analytics & Monitoring:

Error tracking and performance monitoring tools (we use anonymized or pseudonymized data where possible)
Analytics platforms to understand feature usage (aggregated data only)

Communication:

Email service providers for transactional emails and support communications

All service providers:

Are bound by strict data processing agreements
Are prohibited from using your data for their own purposes
Must maintain security standards equivalent to or exceeding ours
Have access only to the minimum data necessary to perform their specific function

3.5 Integration Providers (User-Initiated Only)

When you connect third-party services, we access those services on your behalf using OAuth tokens.

Cloud/Email Services (Google, Dropbox, Notion):

We access specific items you select.

Social Media Platforms (Meta, X, LinkedIn, TikTok, YouTube):

3.6 Legal Requirements & Protection of Rights

We may disclose your information if required to do so by law or in response to:

Valid legal process: Subpoenas, court orders, or other lawful government requests
Legal obligations: Compliance with applicable laws and regulations
Safety & security: Protecting the rights, property, or safety of Hubalot, our users, or the public
Fraud prevention: Detecting, preventing, or addressing fraud, security, or technical issues
Enforcement: Enforcing our Terms of Service and investigating violations

When legally permitted, we will notify you of such requests and provide you an opportunity to object.

3.7 Business Transfers

4. Data Protection & Security

Security is paramount at Hubalot. We implement industry-leading security measures to protect your data.

4.1 Encryption

Data at rest:

AES-256 encryption for all stored data (documents, conversations, memory data, account information)
Encrypted database backups with secure key management
Separate encryption keys per customer where feasible

Data in transit:

TLS 1.3+ encryption for all data transmitted between your device and Hubalot servers
TLS encryption for all communication with third-party AI providers and service providers
Certificate pinning and strict transport security policies

4.2 Access Controls

Row-level security:

Database architecture ensures users can only access their own data
No user can view or access another user's documents, conversations, or workspace

Authentication & authorization:

Secure password hashing using industry-standard algorithms (bcrypt/Argon2)
Multi-factor authentication (MFA) available for all accounts
Session management with automatic timeout and secure token handling
Role-based access controls for administrative functions

Principle of least privilege:

Hubalot employees have access only to the systems necessary for their role
Customer data access is logged and monitored
Administrative access requires additional authentication

4.3 OAuth Security

All third-party integrations use OAuth 2.0:

We never request or store your passwords for external services
OAuth tokens are encrypted and stored securely
Tokens have limited scopes (minimum permissions necessary)
You can revoke access at any time from your account settings

4.4 AI Training Protection

Exception: Aggregated, anonymized usage statistics may be used to improve Hubalot's routing algorithms—but never in a way that could identify you or reveal your content.

4.5 Infrastructure Security

Firewalls and intrusion detection/prevention systems
DDoS protection and rate limiting
Regular security audits and vulnerability assessments
Secure coding practices and code review processes
24/7 security monitoring and anomaly detection

5. Google API & YouTube Services Compliance

Hubalot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5.1 Google Drive Integration

Scope Used: https://www.googleapis.com/auth/drive.file

Purpose: Allows Hubalot to access only the specific files a user selects via the Google Drive Picker for Enhanced Memory indexing.

5.2 Gmail Integration

Scope Used: https://www.googleapis.com/auth/gmail.readonly (Restricted Scope)

Purpose: Allows users to open individual emails for AI-powered summarization and analysis.

5.3 YouTube Integration (Socials Feature)

Hubalot allows users to upload and schedule videos to YouTube.

YouTube API Services:

By using the YouTube integration within Hubalot, you agree to be bound by the YouTube Terms of Service.

Google Privacy Policy:

You acknowledge that your use of this integration is subject to the Google Privacy Policy.

Data Access:

Hubalot accesses your YouTube channel solely to upload video content you have scheduled and to retrieve the status of those uploads. We do not access, view, or store your private viewing history.

Revocation:

You can revoke Hubalot's access to your YouTube data via the Google Security Settings page.

5.4 Limited Use Disclosure

Hubalot's use of information received from Google APIs (including YouTube) is limited to:

Providing and improving user-facing features (scheduling, summarizing, indexing).
Security purposes.
Compliance with applicable laws.

Hubalot does NOT:

Use Google user data for serving advertisements.
Allow humans to read Google user data unless necessary for security or compliance.
Transfer Google user data to third parties except as necessary to provide user-facing features.

6. Data Storage, Retention & Deletion

6.1 Storage Limits by Plan

Free Plan: 1 GB of storage
Pro Plan: 10 GB of storage
Elite Plan: 50 GB of storage

6.2 Data Retention & Deletion

Active accounts: Data retained as long as account is active.

Deletion: You can delete individual items or your entire account at any time. Upon account deletion, data is permanently removed within 30 days.

7. Your Privacy Rights

Hubalot respects your privacy rights under applicable laws (GDPR, CCPA/CPRA). You have the right to Access, Correct, Delete, or Export your data. To exercise these rights, email privacy@hubalot.com.

8. Security Monitoring & Incident Response

We employ real-time anomaly detection, automated threat monitoring, and have a 24/7 incident response team. We will notify users within 72 hours of any confirmed data breach.

9. Children's Privacy

Hubalot is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.

10. International Data Transfers

Hubalot operates globally. For transfers outside your country, we use Standard Contractual Clauses (SCCs) to ensure adequate protection.

11. Cookies & Tracking Technologies

We use essential cookies for security and analytics cookies for performance. We do NOT use third-party advertising cookies or cross-site tracking for marketing purposes.

12. Marketing Communications

You can unsubscribe from marketing emails at any time. Transactional emails regarding your account status cannot be opted out.

13. Third-Party Links & Services

Hubalot connects to third-party services. By using the Socials feature, you acknowledge that your data, once published, is subject to the privacy policies of the respective platforms:

YouTube Terms of Service & Google Privacy Policy
Meta Privacy Policy (Facebook/Instagram/Threads)
X Privacy Policy
LinkedIn Privacy Policy
TikTok Privacy Policy

14. Business Transfers & Corporate Changes

In the event of a merger or acquisition, we will notify you before your data is transferred and becomes subject to a different privacy policy.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of Hubalot after changes take effect constitutes your acceptance of the updated Privacy Policy.

16. Contact Us & Data Protection Officer

Privacy Team: privacy@hubalot.com

Security Team: security@hubalot.com

Support: support@hubalot.com

Mailing Address: Hubalot, Inc. 30 N Gould St Ste N Sheridan, WY 82801

17. Acknowledgment & Consent

By creating an account and using Hubalot, you acknowledge that:

You have read and understood this Privacy Policy.
You consent to the collection, use, and sharing of your information as described herein.
You explicitly consent to the data practices regarding Social Media Integrations (Section 1.4, 3.5, 5.3).
You understand your privacy rights and how to exercise them.

18. Specific Disclosures for Regulatory Compliance

GDPR (EU/EEA): Hubalot, Inc. is the data controller. You have the right to lodge a complaint with your local authority.

CCPA/CPRA (California): Hubalot does NOT sell personal information.

19. Transparency Report

We publish an annual Transparency Report detailing the number and types of government requests we receive.

20. Final Notes

Key principles that guide our privacy practices:

✓ Your data is yours
✓ We don't sell your data
✓ Security first
✓ Minimal collection
✓ User control
✓ Compliance

Thank you for trusting Hubalot with your data.

Thank you for trusting Hubalot with your data.

Last Updated: December 9, 2025
Version: 2.1
Effective Date: December 9, 2025

Hubalot, Inc. — One Command Center. Every AI. One Memory.