HubWho
Legal

Privacy policy

Effective 2026-06-19. HubWho by Roffik runs HubWho. This page describes how we handle personal data and tenant credentials. Read alongside our

This document is provided as plain-language description and is not a substitute for legal advice. The authoritative version is available on request and signed as part of our DPA.

What we collect

We collect the data you give us when you sign up (name, email), the Vendasta service-account credential file you upload (RSA private key + identifier fields), data you create in HubWho (clients, invoices, products), and operational telemetry (request logs, IP addresses, error reports) needed to run the service.

How we store credentials

Vendasta service-account RSA private keys, payment-processor secrets, and Plaid access tokens are encrypted at rest using AES-256-GCM with a master key held in the hosting environment, not in the database. Plaintext is never returned to the browser, never logged, and never visible to other tenants.

End-client data

When your end-clients pay invoices through the customer portal, their card data is collected directly by the payment processor (Stripe or your direct merchant) — HubWho never sees the card number. We store only the processor's vault token, brand, and last-4 for display.

Sharing data

We do not sell or rent personal data. We share data only with subprocessors strictly necessary to operate HubWho — listed below — and only for that purpose.

Subprocessors

Vercel (hosting), Neon (Postgres), Resend (email), Twilio (SMS), Stripe (payments), Authorize.net or NMI (payments, where the tenant has connected one), Plaid (bank linking), Inngest (background jobs), Cloudflare R2 (file storage), and Vendasta (your existing partner account, accessed via the credentials you provide). A current list is available on request.

Your rights

You can export, correct, or delete your tenant data at any time. We honor GDPR, CCPA, and equivalent privacy regulations. Email hello@hubwho.com for any data request and we'll act within 30 days.

Retention

Tenant data is retained while your account is active. After account closure, we retain operational records for up to 90 days for chargeback and dispute purposes, then permanently delete tenant content. Audit logs are retained for 7 years to comply with financial-record regulations.

Changes

Material changes to this policy will be communicated by email at least 30 days before they take effect. Minor wording updates are reflected here without notice.

Questions? Email hello@hubwho.com. See also our Terms of Service.