Hubalot Privacy Policy

1. Information We Collect

To deliver and improve our services, we collect the following:

• Account Info: Name, email address, and billing details (encrypted)
• User Content: Files, AI prompts, chat responses, memory notes, and insights
• Usage Data: IP address, browser type, session data, and tool usage
• Third-Party Integrations:
  • Google Drive (optional): Only files explicitly selected by the user
  • Gmail (optional): Users may browse their inbox and choose individual emails for summary. Hubalot does not access, store, upload, or scan Gmail messages.
  • Dropbox / Notion (optional): Only user-selected files or pages. Dropbox uses minimal scopes (account_info.read, files.metadata.read, files.content.read). Notion uses read-only (read:content) unless you enable write-back features.

We do not collect passwords or sell any personal information.

2. Data Protection & Security

Hubalot employs strong security protocols to protect your data:

• Encryption: Sensitive user data is encrypted both in transit and at rest
• Access Control: Only you can access your content; strict row-level access is enforced
• API Protection: Input validation, rate limiting, and CSRF/XSS safeguards are in place
• No AI Training: Your content is never used to train third-party AI models

3. Google API Scope Compliance

Hubalot integrates with Google APIs under the Google API Services User Data Policy, including Restricted Scopes.

Gmail Integration (Restricted Scope: https://www.googleapis.com/auth/gmail.readonly)

• Hubalot does not access or store Gmail content
• Users may view their inbox and manually select specific emails
• Summaries and insights are generated using Google Gemini AI only
• Hubalot does not transmit Gmail data to external AI providers
• We do not sync, download, store, or process full email contents
• Only the summary output is optionally saved, encrypted, and associated with your project

This integration follows the principle of data minimization and user consent, meeting the requirements for Restricted Scope compliance without background access or data persistence.

4. How We Use Your Data

We use your data solely to:

• Personalize your AI experience
• Enable project memory and document processing
• Track usage and manage billing
• Improve product performance
• Comply with legal and security obligations

We may use anonymized trends internally for analytics, never linked to individual users.

5. Your Rights

You may:

• Access or delete your personal data
• Disconnect integrations at any time
• Opt out of memory-based personalization
• Unsubscribe from all communications

We comply with GDPR, CCPA, and global privacy standards.
To exercise your rights, contact: privacy@hubalot.com

6. Storage & Retention

We retain data only as long as necessary to deliver services.
You may request full deletion at any time.

7. Security Monitoring

Hubalot maintains:

• Real-time anomaly detection and audit logs
• Scheduled security reviews and token expiration
• Strict deployment controls and vulnerability scanning

8. Children's Privacy

Hubalot is not intended for users under 13. If a child has submitted data, contact us for immediate removal.

9. Changes to This Policy

We may update this policy as features evolve.
You'll be notified of any significant changes in the app or by email.

10. Contact

Email: privacy@hubalot.com
Mailing Address: Available upon request

🛡️ Summary of Hubalot Security Practices