Privacy Policy
Last Updated: May 2026
At HUBly, absolute transparency is our core principle. This comprehensive Privacy Policy outlines exactly what data we collect, how our infrastructure secures it, and the legal rights you hold over your digital footprint.We do not, and will never, sell your personal data to third-party data brokers.
1. Information We Collect
To provide a highly personalized discovery experience, we collect specific data points:
- Authentication Data: When you register, we collect your email address. Passwords are never stored in plain text; they are cryptographically hashed by our auth provider (Supabase). If you use Google or GitHub OAuth, we collect your public profile name and avatar.
- Public Profile Data: Information you voluntarily add in the Account Settings (Bio, Job Role, Social Links, Tech Stack) is collected and made public.
- Behavioral & Usage Data: We track anonymous interactions—such as clicks on a tool's "Visit Website" button—to provide accurate performance analytics to Makers via the Dashboard. We also log AI Assistant query metadata to improve response accuracy.
- Payment Data: We do NOT collect credit card numbers. All payment data is routed directly through our PCI-DSS compliant Merchant of Record (LemonSqueezy).
Please be aware that any reviews you write, comments you post, or tools you add to your "Favorites" are permanently associated with your Public Profile. This transparency is crucial for the integrity of our community rating engine. Do not place sensitive personal information in public text fields.
2. Enterprise-Grade Security Infrastructure
We employ defense-in-depth strategies to protect your data. Our database operates on Row Level Security (RLS) policies. This means that at the database level, no user can read or modify another user's private data (like billing emails or draft tools), even if API endpoints are exposed. All data in transit is encrypted via TLS 1.3.
3. Cookies & Tracking Technologies
HUBly uses essential cookies to maintain your login session and secure your requests against Cross-Site Request Forgery (CSRF). We also utilize minimal first-party analytics cookies to measure aggregated site traffic. We do not use intrusive cross-site tracking pixels.
4. Your GDPR & CCPA Rights
Regardless of your geographic location, HUBly extends strict GDPR and CCPA compliance rights to all users globally:
- Right to Access: You may request a complete JSON export of all personal data we hold associated with your account.
- Right to Rectification: You can instantly update your data via your Account Settings.
- Right to be Forgotten (Deletion): You have a "Delete Account" button in your settings. Clicking this initiates a hard deletion of your authentication record, profile data, and saved collections. (Note: Public reviews may be anonymized rather than deleted to maintain historical tool ratings).
5. Contact the Data Protection Officer
If you have complex privacy inquiries or wish to execute a specific data rights request, please contact our Data Protection Officer directly at privacy@hubly-tools.com or use our Contact Page. We commit to responding within 72 hours.
6. AI Data Processing & Prompts
When you interact with the HUBly AI Engine, your text prompts are processed to generate conversational responses and contextual tool recommendations.
- Third-Party Processors: We utilize Google Gemini's advanced API for natural language generation. Under our enterprise API agreements, your chat data and prompts are NOT used by Google to train their base foundational models.
- Session Privacy: Your AI sessions are stored securely in our database, protected by Row Level Security (RLS). No other user can view your private chat sessions.
- Data Deletion: You have full control over your AI data. You can delete individual AI sessions directly from the AI Engine sidebar, which instantly removes them from our databases.