Privacy Policy

The data controller is Comphedia Ltd, registered in England and Wales. For privacy-related enquiries, contact us at privacy@hubryox.com.

We collect: (a) Account data — name, email address, password hash, profile picture; (b) Organisation data — workspace names, member lists, roles; (c) Content data — documents, flashcards, boards, notes and messages you create; (d) Usage data — login timestamps, feature usage, device and browser information; (e) Payment data — processed securely by Stripe; we do not store credit card numbers.

We process your data based on: (a) Contract performance — to provide the Hubryox service you signed up for; (b) Legitimate interest — to improve our service, prevent fraud and ensure security; (c) Consent — for optional features like marketing communications; (d) Legal obligation — to comply with applicable laws and regulations.

We use your data to: provide and maintain the platform; send transactional emails (verification codes, password resets, event confirmations); process payments and manage subscriptions; improve platform performance and user experience; respond to support requests; comply with legal obligations.

We do not sell your personal data. We share data only with: (a) Infrastructure providers — Amazon Web Services (Frankfurt, Germany) for hosting and storage; (b) Payment processor — Stripe for payment processing; (c) Email service — Amazon SES for transactional emails. All processors are bound by data processing agreements and comply with applicable data protection regulations.

We retain your data for as long as your account is active. After account deletion, personal data is permanently removed within 30 days. Anonymised usage data may be retained for analytics. Billing records are retained for 10 years as required by law.

You have the right to: access your personal data; rectify inaccurate data; request deletion of your data; export your data in a portable format; object to processing based on legitimate interest; withdraw consent at any time. To exercise these rights, contact privacy@hubryox.com. We will respond within 30 days.

Hubryox uses only essential cookies required for the platform to function (session management, language preference, theme preference). We do not use tracking cookies, advertising cookies or third-party analytics cookies.

We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest (AES-256); bcrypt password hashing; two-factor authentication; regular security audits; infrastructure hosted in EU data centres (Frankfurt, Germany) with AWS.

Hubryox is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. The latest version is always available at hubryox.com/privacy.

For privacy-related questions or to exercise your data protection rights, contact us at privacy@hubryox.com or write to: Comphedia Ltd, London, United Kingdom.