🔥Launch deal: 20% OFF annual plans•--d --:--:--
Click below to claim
Hubpoint logoHubpoint logo
DiscoverAbout Us
PricingContact
Hubpoint Logo

The scheduling platform that fills calendars and cuts no-shows for service businesses worldwide.

Hubpoint - AI-powered booking and business management platform for SMEs | Product Hunt

Products

  • How It Works
  • Pricing
  • Start Free
  • API Documentation
  • Hubpoint V1 API
  • Blog

Company

  • About Us
  • FAQ
  • Contact
  • Help Center
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • Payment Policy

Use Cases

  • Accountant
  • Barber
  • Beauty Salon
  • Chiropractor
  • Cleaning Service
  • Consultant
  • Dentist
  • Doctor
  • Driving School
  • Gyms & Personal Trainers
  • Language School
  • Massage Therapist
  • Nail Salon
  • Pet Groomer
  • Physiotherapy
  • Real Estate Agent
  • Tattoo Studios
  • Tax Consultant
  • Yoga Studio

© 2026 Hubpoint by Deviofy. All rights reserved.

GDPR Compliant
ISO 27001 Certified
Hosted in EU
GDPR Compliant
Your data stays private
ISO 27001 Certified
Enterprise-grade security
Hosted in EU
Your data stays in Europe

    Privacy Policy

    Last updated: 2026-03-23

    Hubpoint Privacy Policy

    Effective Date: March 22, 2026
    Last Updated: March 22, 2026
    Version: 1.0

    This Privacy Policy describes how Deviofy Digital Technologies FZCO ("Hubpoint", "we", "us", "our") collects, uses, shares, stores, and protects personal data across Hubpoint services.

    This policy is designed for global use and includes specific provisions for users in the EU/EEA/UK/Switzerland and other jurisdictions with similar privacy rights.

    1. Scope

    This policy applies to personal data processed through Hubpoint products and channels, including:

    • www.hubpoint.ai (landing, public informational pages, lead/contact workflows);
    • app.hubpoint.ai (Hubpoint Manager business dashboard);
    • book.hubpoint.ai (public booking interface and appointment selector);
    • collabriq.hubpoint.ai (public/admin collaborative scheduling);
    • backend APIs and account infrastructure;
    • manager dashboards and related business workflows;
    • booking/scheduling experiences for end users;
    • public landing/marketing pages and lead forms;
    • mobile manager application;
    • integrations and support operations.

    This policy does not apply to third-party sites/services that have their own privacy policies.

    2. Roles and Relationship Model

    Depending on context:

    • Hubpoint as Controller/Business: for account administration, billing, security, fraud prevention, legal compliance, internal analytics, and platform operations.
    • Hubpoint as Processor/Service Provider: when business customers use Hubpoint to process their customer/end-user data (for example, appointments, notes, staff schedules, review workflows).
    • Customer as Controller/Business: business customers are responsible for legal grounds, notices, and permissions they require for their end users.

    If required by law, a separate Data Processing Agreement (DPA) can govern processor activities.

    3. Personal Data We Collect

    3.1 Account and Business Profile Data

    May include:

    • name, business/company name, email, phone number;
    • country/language/timezone settings;
    • account role/permissions and profile preferences;
    • authentication and session metadata.

    In some account flows, legal-agreement acceptance state and referral metadata may also be processed.

    3.2 Booking and Scheduler Data

    May include:

    • customer/end-user identity and contact fields (for example name, email, phone);
    • appointment details (time, duration, service/expert selection, branch context);
    • notes/comments, status updates, confirmations/cancellations;
    • review content and ratings where enabled.

    In specific booking or scheduling flows, additional identifiers (for example share hashes, appointment request IDs, and related access tokens/keys) may be processed for workflow continuity.

    3.3 Billing and Subscription Data

    May include:

    • subscription plan, period, trial flags, renewal state;
    • billing contact data;
    • payment transaction metadata (amount, currency, status, timestamps);
    • partial processor references (for example tokenized card/payment method references, masked indicators).

    Hubpoint does not intentionally store full raw card PAN/CVV in application databases.

    Billing processing may involve tokenized references and customer/payment method identifiers provided by payment processors.

    3.4 Marketing, Attribution, and Analytics Data

    May include:

    • campaign/source parameters (utm_*, gclid, fbclid);
    • browser-derived identifiers (ga4_client_id, fbp, fbc where available);
    • page interaction and conversion events (for example sign-up, trial, purchase, booking completion);
    • referrer and landing context;
    • session analytics and performance diagnostics.

    3.5 Communications and Support Data

    May include:

    • contact form submissions;
    • support tickets and feedback;
    • uploaded files/media provided by users;
    • notification interaction states.

    Support and communication channels may include transactional email flows, webhook-connected messaging providers, and in-app notification features.

    3.6 Device and Technical Data

    May include:

    • IP address, user agent, browser/device characteristics;
    • error logs, request metadata, security telemetry;
    • app-level storage identifiers and session keys.

    For mobile manager experiences, device permission metadata may include states associated with microphone, media-library/photo access, and optional camera-related user actions.

    4. Sources of Data

    We collect data:

    • directly from you (forms, account setup, booking actions, support);
    • from your organization admins or teammates;
    • automatically via app/site usage and cookies/similar technologies;
    • from integrated third-party providers (payment, analytics, identity, communications, CRM) where configured.

    5. Purposes of Processing

    We process personal data to:

    • provide, operate, and maintain Hubpoint services;
    • authenticate users and secure accounts;
    • create/manage bookings and scheduling workflows;
    • manage subscriptions, payments, and billing operations;
    • communicate transactional messages and support responses;
    • perform analytics, attribution, and product improvement;
    • detect, prevent, and investigate fraud, abuse, and security incidents;
    • comply with legal obligations and enforce contractual rights.

    6. Legal Bases (Where Required, Including GDPR)

    Depending on context and jurisdiction, legal bases may include:

    • Contract performance: delivering services requested by customer/users.
    • Legitimate interests: service security, fraud prevention, product analytics, system administration.
    • Consent: certain marketing/analytics cookies, optional communications, and specific local-law requirements.
    • Legal obligation: accounting, tax, law enforcement responses, compliance duties.

    Where consent is the basis, you can withdraw consent prospectively.

    7. Cookies and Similar Technologies

    Hubpoint uses cookies/local storage/session storage/mobile storage and tracking tags for operational, analytics, and attribution purposes.
    See cookie-policy.md for detailed categories, keys, and controls.

    8. Sharing and Disclosure

    We may share personal data with:

    • service providers/subprocessors supporting hosting, analytics, security, support, communication, payments, and CRM workflows;
    • payment processors and financial partners for transaction handling;
    • identity/authentication providers where login integrations are used;
    • professional advisors (legal, accounting, audit) under confidentiality;
    • regulators, courts, and law enforcement where legally required;
    • corporate affiliates or successors in mergers/acquisitions/reorganizations, subject to confidentiality and legal safeguards.

    Examples of categories of providers used in Hubpoint environments may include:

    • payment processors;
    • cloud hosting/infrastructure;
    • analytics/event/measurement providers;
    • authentication/identity providers;
    • CRM providers;
    • anti-bot/security challenge providers;
    • messaging and communication providers.

    We do not sell personal data in exchange for monetary consideration in the ordinary SaaS sense unless explicitly disclosed and legally permitted.

    9. International Data Transfers

    Hubpoint and its subprocessors may process data in countries outside your own. Where required, we rely on lawful transfer mechanisms (for example SCCs/UK transfer addenda) and supplementary safeguards.

    10. Data Retention

    We retain personal data only as long as necessary for:

    • service delivery and account continuity;
    • billing, tax, and accounting obligations;
    • dispute resolution and enforcement;
    • security monitoring and fraud prevention;
    • legal/regulatory compliance.

    Retention periods vary by data category and legal duty. When data is no longer needed, we delete, anonymize, or de-identify it unless continued storage is legally required.

    Where technically feasible, we also apply minimization principles to session and attribution data and periodically review retention settings.

    11. Data Security

    Hubpoint applies reasonable technical and organizational measures, including access controls, logging/monitoring, environment controls, and provider-level safeguards.
    No system is fully immune to risk, and users should maintain strong credentials, endpoint security, and internal access governance.

    For shared-responsibility clarity: business customers are responsible for role/access governance inside their organizations, endpoint/device hygiene, and lawful handling of exported data.

    12. Your Privacy Rights

    Subject to applicable law, you may have rights to:

    • access your personal data;
    • correct inaccurate data;
    • request deletion/erasure;
    • restrict or object to certain processing;
    • receive portable data;
    • withdraw consent;
    • avoid unlawful discrimination for exercising rights.

    To exercise rights, contact [email protected] or [email protected]. We may need to verify identity before fulfilling requests.

    13. Jurisdiction-Specific Supplements

    13.1 EU/EEA/UK/Switzerland

    For data subjects in these regions:

    • GDPR/UK GDPR standards apply where relevant;
    • you can lodge complaints with your local supervisory authority;
    • we provide lawful transfer safeguards for cross-border transfers;
    • where Hubpoint acts as processor, controller customers are responsible for lawful instructions and transparency to their end users;
    • where Hubpoint acts as controller, this policy applies directly to our own purposes.

    13.2 Other Regions (Illustrative)

    Depending on local law (for example, U.S. state privacy laws, Brazil LGPD, Canada PIPEDA, etc.), equivalent rights and notice obligations may apply. Hubpoint will address applicable legal requests in good faith and in line with local requirements.

    14. Children and Minors

    Hubpoint services are intended for business and professional use and are not directed to children below legally permitted age thresholds. If we become aware of unauthorized child data processing, we will take appropriate remedial action.

    15. Automated Decision-Making and Profiling

    Hubpoint may use automated rules and analytics for anti-fraud, service optimization, and operational routing. We do not intentionally deploy solely automated decisions producing legal or similarly significant effects without appropriate legal basis and safeguards where required by law.

    16. Communications Preferences

    You may receive transactional communications required to provide service (security, billing, operational updates).
    Marketing messages can usually be managed via account settings, unsubscribe links, or direct request to support.

    17. Security Incident and Breach Response

    Hubpoint maintains incident response procedures and will provide notifications where required by applicable data protection and breach notification laws.

    18. Data Processing Agreement (DPA) and Subprocessor Information

    For enterprise/business customers needing processor terms:

    • request a DPA at [email protected] or [email protected];
    • request current subprocessor information and transfer safeguards;
    • notify us of any special compliance requirements relevant to your sector.

    19. Changes to This Privacy Policy

    We may revise this policy to reflect legal, operational, or product changes. Material updates will be communicated by website notice, in-product notice, email, or account communication where appropriate.

    20. Contact Information

    • Legal Entity: Deviofy Digital Technologies FZCO
    • Registered Address: United Arab Emirates (full registered office address available upon verified legal request)
    • Privacy Contact: [email protected]
    • Additional Privacy/Legal Contact: [email protected]

    21. Transparency and Accuracy Commitment

    This policy is designed to map real Hubpoint functionality across booking, manager, landing, API, analytics, and mobile flows. Because technology evolves, Hubpoint commits to keeping this document updated to avoid under-disclosure and to preserve user transparency.

    You should review this policy periodically for updates.

    22. Important Service-Specific Clarifications

    • Hubpoint Manager (app.hubpoint.ai) is intended for business users managing operations, staff, branches, appointments, and subscription workflows.
    • Appointment Selector (book.hubpoint.ai) is a public-facing booking channel where end users may submit contact and appointment details.
    • Collabriq (collabriq.hubpoint.ai) supports collaborative/public scheduling use cases and may process participant-entered names and response data.
    • Mobile manager services may store session credentials and preferences on device storage and may process optional media/voice workflow metadata depending on enabled features.

    These service-specific clarifications are included to ensure transparency and prevent under-disclosure.