Privacy Policy

How HubDo Collects, Uses, and Protects Your Personal Data

HubDo Ltd | Forma House, 40 Bowling Green Lane, London EC1R 0NE | Company No. 16077463

Last Updated: 16 February 2026

ICO Registration: ZB918144

URL: www.hubdo.com/trust/privacy-policy

1. Introduction

HubDo Ltd ("HubDo", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you:

• Visit our websites (hubdo.com and help.hubdo.com)
• Install or use our applications (DoPricer CPQ, DoCurrencies, DoQuotes)
• Communicate with us via email, live chat, or social media
• Subscribe to our marketing emails or newsletters

We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

Data Controller: HubDo Ltd is the data controller responsible for your personal data. Our contact details are provided in section 13 of this policy.

2. What Personal Data We Collect

We collect different types of personal data depending on how you interact with us:

2.1 Website Visitors

• IP address and approximate location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on our website
• Referring website and search terms used
• Cookie data (see our Cookie Policy)

2.2 App Installers

When you install a HubDo application from the HubSpot App Marketplace, we collect:

• Name
• Email address
• HubSpot portal ID
• HubSpot user ID
• Company name (if provided in your HubSpot account)

Note: This information is collected via installation webhooks and stored in HubDo's HubSpot CRM (portal 718383, hosted on AWS us-east-1, USA). For more details, see Core Terms clause 3.1.

2.3 App Users and Subscribers

• Subscription details (plan type, billing cycle)
• Usage data (line items processed, features used)
• Payment information (handled by Stripe; we do not store card details)
• Support queries and correspondence

2.4 Marketing Contacts

• Name and email address (provided via form submission)
• Company name and job title (optional)
• Marketing preferences and consent records
• Email engagement data (opens, clicks)

2.5 Live Chat Users

• Name and email address (if provided)
• Chat messages and conversation history
• Technical information (browser, device, page visited)

2.6 Social Media Audiences

• Social media profile information (if you interact with our posts)
• Messages sent via social media platforms
• Engagement data (likes, shares, comments)

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 To Provide Our Services

• Process app installations and manage subscriptions
• Deliver and operate our applications
• Process payments and send billing notifications
• Provide customer support

Legal basis: Contract (performance of our agreement with you)

3.2 To Communicate With You

• Send service updates and important notices
• Respond to your enquiries and support requests
• Send transactional emails (receipts, password resets)

Legal basis: Contract and Legitimate Interest (providing requested services)

3.3 For Marketing

• Send marketing emails about our products and services (only with your consent)
• Display personalised content on our website
• Run marketing campaigns on social media

Legal basis: Consent (you can withdraw consent at any time)

3.4 To Improve Our Services

• Analyse usage patterns and customer success metrics
• Develop new features and improve existing ones
• Conduct customer research and satisfaction surveys

Legal basis: Legitimate Interest (improving our products and services)

3.5 For Analytics and Performance

• Monitor website performance and traffic
• Understand how visitors use our website
• Optimise user experience

Legal basis: Legitimate Interest (website improvement)

3.6 For Legal and Security Purposes

• Comply with legal obligations
• Detect and prevent fraud or security issues
• Enforce our terms and conditions

Legal basis: Legal Obligation and Legitimate Interest (security and compliance)

4. AI Processing

HubDo uses AI-powered tools internally for business operations. These tools may access customer data for specific purposes:

4.1 HubSpot Breeze AI

• Purpose: Customer support assistance, content generation, email suggestions
• Data accessed: May access CRM data (contacts, deals, emails) when generating content
• Training: HubDo is in the process of opting out of Breeze using customer data for model training (initiated February 2026)
• Sub-processors: HubSpot uses AWS, Google LLC, and OpenAI

4.2 Google Gemini (Google Workspace)

• Purpose: Email drafting, data analysis, bulk data manipulation
• Data accessed: May process customer personal data during analysis tasks
• Training: Google Workspace Business Plan does NOT use customer data to train AI models

4.3 Anthropic Claude

• Purpose: Customer success analysis, usage pattern analysis, support optimization
• Data accessed: Full HubSpot CRM data via MCP integration
• Training: Claude Team Plan does NOT use customer data for model training

Legal basis: Legitimate Interest (improving service delivery and customer success)

Commitment: HubDo selects AI processors who contractually commit not to use customer data for training AI models or for any purpose beyond providing the contracted service to HubDo.

5. Who We Share Your Data With

We share your personal data with third-party service providers who help us operate our business. All processors operate under appropriate data processing agreements.

5.1 Infrastructure and Hosting

• Amazon Web Services (AWS) — Application hosting and OAuth processing (us-east-1, N. Virginia)

5.2 Customer Relationship Management

• HubSpot, Inc. — CRM storage, website hosting, email marketing, live chat, knowledge base
• Zapier LLC — Webhook processing and data routing for app lifecycle events

5.3 Payment Processing

• Stripe Payments Europe Limited / Stripe, Inc. — Payment processing and subscription billing (we do not store card details)

5.4 Communications

• Google LLC (Google Workspace) — Email communications with installers and customers

5.5 Analytics

• Google Analytics — Website analytics and performance monitoring

5.6 Social Media

• Facebook — Social media integration and advertising
• LinkedIn — Professional network integration and advertising
• X (Twitter) — Social media integration

5.7 AI Processors

• Anthropic PBC (Claude) — Customer success analysis and support optimization

For a complete and current list of sub-processors, see www.hubdo.com/trust/processors.

6. International Data Transfers

HubDo is based in the United Kingdom. Some of our service providers are located outside the UK and EU, including in the United States.

6.1 UK to US Transfers

We transfer personal data to the United States under appropriate safeguards:

• Data Processing Agreements incorporating UK GDPR Addendums
• Standard Contractual Clauses (SCCs)
• UK International Data Transfer Agreements (IDTA)

We have assessed that the level of protection provided to your data after transfer is not materially lower than that provided under the UK GDPR, in accordance with the Data (Use and Access) Act 2025.

6.2 EU to UK Transfers

The European Commission renewed the UK adequacy decision on 19 December 2025, valid until 27 December 2031. This allows free flow of personal data from EU Member States to the UK without additional safeguards.

7. How Long We Keep Your Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Active customer data: For the duration of your subscription plus 6 months
• Billing records: 7 years (UK tax law requirement)
• Marketing contacts: Until you unsubscribe or 3 years of inactivity
• Support correspondence: 2 years from last contact
• Website analytics: 26 months (Google Analytics default)
• Live chat history: 2 years from conversation date

After these retention periods, we securely delete or anonymise your personal data.

8. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

8.3 Right to Erasure

You can ask us to delete your personal data in certain circumstances (e.g., when it's no longer necessary or you withdraw consent).

8.4 Right to Restrict Processing

You can ask us to limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

You can request a copy of your personal data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@hubdo.com. We will respond within one month.

9. Security

We implement appropriate technical and organisational measures to protect your personal data:

• Encryption of data in transit (TLS 1.2 or higher)
• Encryption of data at rest where appropriate
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability scanning
• Monitoring and logging of system activity
• Incident response procedures
• Professional indemnity and cyber liability insurance

In the event of a data breach, we will notify affected individuals and the ICO within 72 hours where required by law.

10. Children's Privacy

Our services are intended for business use only. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Marketing Communications

We only send marketing emails to contacts who have explicitly opted in (checked a consent box on a form). You can unsubscribe at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Emailing privacy@hubdo.com with your request
• Contacting us via the details in section 13

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will post any changes on this page with an updated "Last Updated" date. For material changes, we will notify you by email or via a prominent notice on our website.

13. Contact Us and Complaints

If you have questions about this Privacy Policy or how we handle your personal data, please contact us:

Right to Complain

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately:

Related Documents

Cookie Policy | Core Terms | Sub-Processors | Trust Centre