Home › Trust Centre › Privacy Policy
Privacy Policy
How HubDo Collects, Uses, and Protects Your Personal Data
HubDo Ltd | Forma House, 40 Bowling Green Lane, London EC1R 0NE | Company No. 16077463
Last Updated: 22 February 2026
ICO Registration: ZB918144
1. Introduction
HubDo Ltd ("HubDo", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you:
- Visit our websites (hubdo.com and help.hubdo.com)
- Install or use our applications (DoPricer CPQ, DoCurrencies, DoQuotes)
- Communicate with us via email, live chat, or social media
- Subscribe to our marketing emails
We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
Data Controller: HubDo Ltd is the data controller responsible for your personal data. Our contact details are provided in section 13 of this policy.
2. What Personal Data We Collect
We collect different types of personal data depending on how you interact with us.
2.1 Website Visitors
- IP address and approximate location
- Browser type and version
- Device type and operating system
- Pages visited and time spent on our website
- Referring website and search terms used
- Cookie data (see our Cookie Policy)
2.2 App Installers
When you install a HubDo application from the HubSpot App Marketplace, we collect:
- Name
- Email address
- HubSpot portal ID
- HubSpot user ID
- Company name (if provided in your HubSpot account)
For more details on how this data is used, see HubDo Core Terms clause 3.1.
2.3 App Users & Subscribers
- Subscription details (plan type, billing cycle)
- Usage data (line items processed, features used)
- Payment information (handled by Stripe — we do not store card details)
- Support queries and correspondence
2.4 Marketing Contacts
- Name and email address (provided via form submission)
- Company name and job title (optional)
- Marketing preferences and consent records
- Email engagement data (opens, clicks)
2.5 Live Chat Users
- Name and email address (if provided)
- Chat messages and conversation history
- Technical information (browser, device, page visited)
2.6 Social Media Audiences
- Social media profile information (if you interact with our posts)
- Messages sent via social media platforms
- Engagement data (likes, shares, comments)
3. How We Use Your Personal Data
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing and managing our applications and services | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Providing customer support and live chat | Contract performance / Legitimate interest |
| Sending transactional emails (billing, service updates) | Contract performance |
| Sending marketing emails (with your consent) | Consent |
| Identifying the installer and managing the subscription relationship | Legitimate interest |
| Analysing website usage and improving our services | Legitimate interest |
| Complying with legal obligations | Legal obligation |
4. AI Processing
HubDo uses AI-powered tools internally for business operations. We select AI processors who contractually commit not to use customer data to train, fine-tune, or improve their AI models. Full details are set out in the HubDo Core Terms clause 3A.
4.1 HubSpot Breeze AI
Purpose: AI Copilot, content generation, and email suggestions within HubDo's HubSpot environment.
Data accessed: May access CRM data (contacts, deals, emails) when generating content and suggestions, for internal operational purposes.
Training: HubDo has opted out of Breeze AI training data use. HubSpot's AI sub-processors include AWS, Google LLC, and OpenAI.
4.2 Google Gemini (Google Workspace)
Purpose: AI assistance in Gmail, Docs, and Sheets, including tasks involving customer data, for internal operational purposes.
Data accessed: Internal business data; may include customer data when used for data analysis and imports.
Training: Google Workspace Business Plan — customer data is not used to train Google AI models. Governed by Google Cloud Data Processing Addendum, accepted via Admin Console.
4.3 Anthropic Claude
Purpose: AI assistant used for customer cohort analysis, deal data analysis, and internal operations, with HubSpot CRM access via MCP integration.
Data accessed: HubSpot CRM data including customer contacts, deals, and related records, accessed for internal operational purposes.
Training: Anthropic Claude Team plan — customer content is not used for model training by default. Governed by Anthropic Commercial Terms of Service.
Legal basis: Legitimate interest (internal operational efficiency and service improvement).
5. Who We Share Your Data With
We share your personal data only with third-party processors necessary to deliver our services. We do not sell your personal data. We do not share your personal data with any third party for their own marketing purposes.
Our sub-processors include HubSpot (CRM, website, email marketing, live chat), Amazon Web Services (application hosting), Stripe (payment processing), Google Workspace (internal communications and AI), Anthropic (AI assistant), Slack, Basecamp, Zapier, and social media platforms (Facebook, LinkedIn, X) via HubSpot integration.
A full and current list of sub-processors is published at www.hubdo.com/trust/processors.
6. International Data Transfers
Some of our sub-processors are based in the United States. We transfer personal data to the US relying on our processors' own data processing agreements, which incorporate UK Addendums to EU Standard Contractual Clauses or UK International Data Transfer Agreements (IDTA).
We have conducted a Transfer Risk Assessment and assessed the overall risk of these transfers as low, reflecting that HubDo processes B2B business contact data only, with no special category data, using large internationally recognised processors with robust contractual and technical protections.
The UK adequacy decision was renewed on 19 December 2025 and is valid until 27 December 2031, permitting free flow of personal data from EU Member States to the UK without additional safeguards. The Data (Use and Access) Act 2025, in force from 5 February 2026, applies the standard of "not materially lower" protection for international transfer assessments.
7. Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our retention periods by category are:
| Data Category | Retention Period |
|---|---|
| Active customer and subscriber data | Duration of subscription plus 6 months |
| Billing and financial records | 7 years (UK tax and accounting law) |
| Installer data | Duration of subscription plus 6 months |
| Marketing contacts | Until unsubscribe or 3 years of inactivity |
| Support correspondence | 2 years from last contact |
| Live chat history | 2 years from conversation date |
| Website analytics data | 26 months (Google Analytics default) |
After these periods, personal data is securely deleted or anonymised.
8. Your Rights
Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:
- Right of access — to obtain a copy of the personal data we hold about you
- Right to rectification — to have inaccurate or incomplete data corrected
- Right to erasure — to request deletion of your personal data in certain circumstances
- Right to restrict processing — to limit how we use your data in certain circumstances
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interest or for direct marketing
- Right to withdraw consent — where processing is based on consent, to withdraw it at any time
To exercise any of these rights, please contact us at privacy@hubdo.com. We will respond within one month.
9. Security
We implement appropriate technical and organisational measures to protect your personal data, including TLS 1.2+ encryption in transit, access controls, regular security assessments, and incident response procedures. HubDo maintains professional indemnity and cyber liability insurance.
In the event of a data breach, we will notify affected individuals and the ICO within 72 hours where required by law.
10. Cookies
We use cookies on hubdo.com and help.hubdo.com. Full details of the cookies we use and how to control them are set out in our Cookie Policy.
11. Marketing Communications
We only send marketing emails to contacts who have explicitly opted in by checking a consent box on a form. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting privacy@hubdo.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will post changes on this page with an updated "Last Updated" date. For material changes, we will notify you by email or via a prominent notice on our website.
13. Contact Us & Complaints
HubDo Ltd
Forma House, 40 Bowling Green Lane, London EC1R 0NE
Company No. 16077463 | ICO Registration: ZB918144
Email: privacy@hubdo.com
General Support: support@hubdo.com
If you have concerns about how we handle your personal data that we have been unable to resolve, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk/make-a-complaint
Related Documents