Legal

Privacy Policy

Last updated: May 29, 2026 · Effective: May 29, 2026

HubDesk (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use HubDesk — a professional video review and client collaboration platform.

1. Information We Collect

Account Information: When you register for HubDesk, we collect your name, email address, company name, and password (hashed via bcrypt).

Project & Video Data: Video files, project metadata, review comments, annotations, and task checklists you create are stored on our infrastructure (Cloudflare R2 object storage, EU-West region).

Client Reviewer Data: When a client accesses a review portal, we collect their name, email address, and role via a first-visit identity gate. This information is stored in browser cookies and in our comment database to identify feedback authors.

Usage Data: We automatically collect IP addresses, browser type, device type, pages visited, and actions taken within the platform to improve our service quality and security.

Payment Information: Billing is processed by Stripe. We do not store full credit card numbers on our servers. Stripe's privacy policy governs payment data handling.

2. How We Use Your Information

  • To provide and operate the HubDesk platform
  • To send transactional emails (comment notifications, approval alerts, team invitations)
  • To process subscription payments and manage billing
  • To communicate product updates and important service announcements
  • To detect, prevent, and respond to fraud, security incidents, or abuse
  • To analyze and improve our service features and performance

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following lawful bases:

  • Contract Performance: Processing necessary to fulfill our service agreement with you.
  • Legitimate Interests: Analytics, security monitoring, and fraud prevention.
  • Consent: Marketing communications (you can withdraw consent at any time).
  • Legal Obligation: Compliance with applicable laws.

4. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the following rights:

  • Access: Request a copy of personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Portability: Receive your data in a machine-readable format.
  • Objection / Restriction: Limit or object to processing.
  • California Residents (CCPA): You have the right to know what personal information is collected, sold, or disclosed; the right to opt out of sale; and the right to non-discrimination for exercising these rights. HubDesk does not sell personal information.

To exercise these rights, contact us at privacy@hubdesk.space.

5. Data Retention

We retain your account data for as long as your subscription is active. Upon cancellation, your video data and project files are retained in read-only mode for 30 days, after which they are permanently deleted from active storage. Billing and legal records may be retained for up to 7 years as required by applicable law.

6. Data Storage & Security

Video files and project assets are stored on Cloudflare R2 object storage, distributed across secure data centers. Our database is hosted by Supabase (PostgreSQL), with row-level security enforced at the database level. All data is transmitted over HTTPS/TLS. We implement industry-standard security practices including access controls, audit logging, and regular security assessments.

7. Third-Party Services

Supabase

Database & authentication

Cloudflare R2

Video & asset storage

Stripe

Payment processing

Mailtrap / SMTP

Transactional email

Vercel

Application hosting

Cloudflare

CDN & DDoS protection

8. Cookies

HubDesk uses essential cookies for session management and authentication. Client review portals use cookies to remember reviewer identity (name, email, role) and PIN-protected access tokens. We do not use advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or prominent in-app notice at least 30 days before the changes take effect.

10. Contact Us

Data Controller: HubDesk Ltd.

Privacy inquiries: privacy@hubdesk.space

General support: support@hubdesk.space

© 2026 HubDesk. All rights reserved.
Terms of ServiceDocumentation