Privacy policy

We collect account information such as name, email address, company name, workspace settings, user role, billing status, and support communications.

When customers connect services, we collect integration data needed to operate Hubbly OS. This can include Meta ad account IDs, campaign data, Page IDs, lead form IDs, CRM object IDs, call metadata, calendar booking data, and OAuth tokens or API keys.

When customers run campaigns, we process lead data such as names, email addresses, phone numbers, company details, form responses, source metadata, consent records, call outcomes, reply classifications, booking outcomes, and deal feedback.

We use data to operate Hubbly OS, launch and monitor customer campaigns, route leads through agents, provide support, improve reliability, detect abuse, enforce compliance settings, and report outcomes back to customers.

We use campaign and outcome data to provide optimization features, including lead scoring, creative performance analysis, revenue attribution, bot filtering, and closed-loop feedback through integrations such as Meta Conversions API.

Hubbly OS stores application data in Supabase. Supabase provides encryption at rest, access controls, audit tooling, and row-level security policies for tenant separation.

Integration tokens are stored in encrypted form where supported by the platform design. Meta OAuth tokens are encrypted using the configured META_TOKEN_ENCRYPTION_KEY before storage.

We use administrative, technical, and operational safeguards to limit access to customer data to authorized personnel and systems that need it to provide the service.

We share data with third-party processors only as needed to provide Hubbly OS. These may include Meta for ads and Conversions API, Twilio for phone and SMS infrastructure, ElevenLabs for voice generation, OpenAI and Anthropic for language processing, ActiveProspect for TrustedForm verification, CRM providers selected by the customer, Supabase for database services, Vercel and Railway for hosting, and Stripe or other payment processors for billing.

Customers choose which integrations to connect. When a customer connects a third-party account, that provider may process data under its own terms and privacy policy.

Hubbly OS can process phone numbers for calling, SMS, validation, DNC scrubbing, consent storage, and opt-out enforcement. Customers are responsible for ensuring they have the legal right to contact each lead.

For Acquire campaigns, Hubbly OS stores consent records, disclosure text, TrustedForm certificate URLs when available, consent timestamps, revocation data, and channel permissions. Consent records may be retained for at least four years for TCPA audit purposes.

Opt-out requests are processed across channels where required. DNC and suppression checks are used to prevent future outreach to contacts who have opted out or should not be contacted.

Account and workspace data is retained while an account remains active and for a reasonable period after deletion when needed for security, backup, legal, tax, billing, or dispute purposes.

Consent records may be retained for four years or longer where required for legal defense, audit, or regulatory purposes. Campaign logs and integration event records may be retained to support reporting and compliance obligations.

We use cookies and similar technologies for authentication, session management, security, analytics, preference storage, and product diagnostics.

Customers may use tracking pixels or server-side conversion events through their connected ad platforms. Customers are responsible for giving notices and obtaining consent where required for their own campaigns and websites.

Depending on location, users may have rights to access, correct, delete, export, restrict, or object to certain processing of personal data under laws such as CCPA, CPRA, GDPR, and similar privacy laws.

Customers can request access, export, or deletion by contacting privacy@hubbly.com. We may need to verify identity and authority before fulfilling a request.

California residents may request information about categories of personal information collected, sources, business purposes, disclosures, and deletion rights. Hubbly OS does not sell personal information as that term is commonly understood.

If a customer uses Hubbly OS to process California resident data, the customer remains responsible for its own notices, lawful basis, consent, and opt-out handling.

Hubbly OS is not intended for users under 18. We do not knowingly collect personal information from children under 18.

Send privacy requests to privacy@hubbly.com. Include your name, company, the workspace involved, and the request you want us to review.