Privacy Policy
Last updated: July 7, 2026
This policy explains how Hubertino (“we”, “us”), an EU-based service and the operator of hubertino.com, handles personal data. It covers two very different things, so it is split accordingly: your data as a visitor or customer, and the business-listing datathe service collects from public sources on our customers' behalf. Contact for anything in this policy: [email protected].
Part I — your data
1. What we collect about you
- Account data — name, email address, and a password (stored only as a salted scrypt hash; we cannot read it).
- Billing data — handled by Stripe, our payment processor. We never see or store card numbers; we store your plan, Stripe customer/subscription references, and a credit ledger of grants and spends.
- Usage data — the scrapes you define (categories, locations, settings), their results, and API keys (stored hashed).
- Technical data — IP address and request logs, used for security and rate limiting.
2. Cookies and analytics
We use essential cookies only: a session cookie that keeps you signed in (httpOnly, expires after 30 days) and a preference for light/dark mode. We use no advertising cookies and run no ad-network trackers.
We do use privacy-friendly, EU-hosted product analytics (PostHog) to understand how the product is used and how well it works — for example how many people who start a scrape complete it. It runs cookielessly: nothing is stored on your device beyond the current page session, we don't track you across other websites, and we never sell this data. For signed-in users we link usage to the account (legitimate interest, to improve the service); you can object at any time by emailing us. If we ever add advertising or cross-site tracking, we will update this policy and ask for consent first.
3. Why we process your data
- To provide the service (contract): accounts, scrapes, results, exports, API access, support.
- To bill you (contract & legal obligation): payments, invoices, tax.
- To send transactional email (contract): email verification, password resets, and important account or billing notices. We do not send marketing email unless you have opted in, and every marketing message would include an unsubscribe.
- To keep the service safe (legitimate interest): abuse prevention, rate limiting, debugging.
4. Who we share it with
We do not sell personal data. We share it only with processors that run the service for us: Stripe (payments, tax), our transactional-email provider, our hosting and web-infrastructure providers, all bound by data-processing agreements. Data is hosted in the EU; some processors (for example Stripe) process data in other countries under appropriate safeguards such as the EU Standard Contractual Clauses. We disclose data beyond that only if the law requires it.
5. How long we keep it
- Account data: while your account exists. You can permanently delete your account yourself at any time in Settings → Delete account — this removes your account, scrapes and remaining credits immediately and cancels any subscription, except what we must keep (e.g. invoices for tax law).
- Scrape results: until you delete the scrape or your account.
- Backups rotate on a 14-day cycle.
6. Your rights
Under the GDPR you can ask for access to, correction of, deletion of, or a portable copy of your data, restrict or object to processing, and withdraw consent where processing is based on it. Email us and we will act within a month. You can also complain to your local supervisory authority.
Part II — business-listing data
7. What the service collects
On our customers' instructions, Hubertino collects publicly available information about businesses from public web pages: business name, address, phone number, website, publicly listed contact email, social-media profile links, opening hours, ratings, and published reviews. Where a business is a sole trader, some of this (a name, an email) can be personal data — so we treat this data with GDPR care even though it is business information from public sources.
8. Why and on what basis
We process this data in our legitimate interest— and our customers' — in making publicly available business contact information usable for business-to-business purposes such as market research and outreach. We collect only what the business itself has published, we do not build hidden profiles, and we do not collect data about private individuals. Customers who export the data become independent controllers of their copy and must use it lawfully (our Terms bind them to that, including anti-spam rules).
9. How long the service keeps it
Job results are stored so customers can access their scrapes, and are deleted when the customer deletes the scrape or account. Internal copies are kept no longer than needed to run the service, and backups rotate on a 14-day cycle.
10. If you are a listed business
If your business appears in data processed by Hubertino, you can exercise your GDPR rights with us: email [email protected] with the business name and the data concerned. We will tell you what we hold, correct it, or delete it from our systems and exclude it from future deliveries where you object. Note that we cannot delete copies our customers exported before your request — for those, the customer is the controller and the request belongs with them — nor remove your information from the public sources it came from.
11. Changes and contact
We will update this policy as the service evolves and note the date at the top; material changes are announced in the app or by email. Anything unclear, any request, any concern: [email protected].