Privacy Policy

Last updated: 5 June 2026

Template — review with legal counsel before launch. Replace the bracketed placeholders ([Company], [jurisdiction], [contact email]) with your details.

1. Who we are

hub-ai.dev (the “Service”) is operated by [Company]. This policy explains what we collect and why. Questions: [contact email].

2. What we collect

Account data: your email, and (if provided) display name and avatar — including name/avatar from Google if you sign in with Google.
Billing data: your credit balance and a record of purchases. Card details are handled by our payment provider; we do not store them.
Usage data: basic analytics (page views, key events) to improve the product.
Content: for local (in-browser) jobs, your data and your own API key stay on your device. For async jobs, the inputs you choose are sent to the model provider to produce results.

3. How we use it

To provide and secure the Service, process payments, send transactional email (verification, password reset), prevent abuse, and improve the product. We do not sell your personal data.

4. Processors we use

Lemon Squeezy — payments / merchant of record.
OpenRouter — model inference for paid async jobs.
Brevo — transactional email.
Google — optional sign-in (OAuth).
Google Analytics — usage analytics.

5. Cookies & local storage

We use local storage to keep you signed in and remember preferences, a short-lived cookie for the Google sign-in flow, and analytics cookies. You can clear these in your browser.

6. Retention & deletion

We keep account data while your account is active. You can delete your account from the account page, which removes your profile, sessions, and API keys. Some records (e.g. payment/tax records) may be retained where required by law.

7. Your rights

Depending on your location (e.g. the EEA/UK under GDPR), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact [contact email] to exercise them.

8. Security

Passwords are stored hashed; sessions and API keys are stored hashed. We take reasonable measures to protect your data, but no system is perfectly secure.

9. Children

The Service is not directed to children under the age required by your jurisdiction, and we do not knowingly collect their data.

10. Changes

We may update this policy; material changes will be posted here with a new “last updated” date.