Legal
Privacy Policy
How Hubpitch collects, uses, stores, and protects personal data across hubpitch.ai, app.hubpitch.ai, and the outbound workflows our customers run on the platform.
Last updated: July 3, 2026
Who we are
Hubpitch UG (haftungsbeschränkt) in formation (“Hubpitch”, “we”, “us”) is the provider of the Hubpitch marketing website and SaaS platform.
Service provider address: Forsmannstraße 22A, 22303 Hamburg, Germany.
Privacy contact: contact@hubpitch.ai
For provider and contact details required under German law, see our Legal Notice.
Scope and audience
This policy applies to visitors of hubpitch.ai, users of app.hubpitch.ai, recipients of demo and product communications, and individuals whose data is processed when our customers use Hubpitch for outbound sales.
Hubpitch is a business-to-business (B2B) platform. We do not offer our services to consumers.
Controller and processor roles
Depending on the context, Hubpitch acts as a data controller or as a data processor on behalf of our customers.
When Hubpitch is the controller
- Website visits, demo requests, and marketing interactions on hubpitch.ai
- Account registration, billing, support, and product administration for workspace owners and members
- Security monitoring, fraud prevention, and service reliability
- Product analytics needed to operate and improve Hubpitch as a service
When Hubpitch is the processor
Our customers use Hubpitch to manage leads, send outbound email, publish personalized landing pages, and handle replies. In those workflows, the customer is typically the data controller and Hubpitch processes personal data on the customer’s documented instructions.
Customers remain responsible for having a lawful basis to collect and contact leads, honouring opt-out requests, and responding to data-subject rights for the data they upload or generate in their workspace.
A Data Processing Agreement (DPA) under Article 28 GDPR is available for business customers on request. Enterprise plans may include a custom DPA.
Personal data we process
Website and marketing (hubpitch.ai)
- Contact details you submit in demo or inquiry forms (name, email, company, message content)
- Technical data such as IP address, browser type, device information, referrer, and page views
- Cookie and similar-technology data described in the Cookies section below
Account and workspace data (app.hubpitch.ai)
- Account profile data (name, email address, avatar where available)
- Workspace membership, role, invitations, and authentication/session data
- Billing contact details, subscription status, invoices, and payment references processed via Stripe
- Workspace settings, brand profile, sending identities, domains, and configuration metadata
- Product usage data such as feature activity, AI token consumption, send quotas, and audit events
Outbound workflow data processed for customers
- Lead and prospect records (names, email addresses, company details, tags, notes, import metadata)
- Campaign structure, sequence flows, message drafts, send status, and deliverability signals
- Personalized landing page content generated for individual leads
- Outbound and inbound email content, thread metadata, reply handling, and suppression status
- Recipient engagement on published pages (page visits, CTA clicks, block views, booking clicks, and related event metadata)
- AI prompts, completions, embeddings, and token accounting tied to workspace actions
Support, security, and operations
- Messages you send to support and records of those interactions
- Diagnostic, error, and performance telemetry where needed to keep the service secure and reliable
- Immutable audit and erasure logs required for accountability and legal retention
Where data comes from
- Directly from you when you create an account, book a demo, configure a workspace, or contact us
- From workspace members and administrators acting on behalf of your organization
- From customers who upload or import lead data, connect integrations, or generate content in Hubpitch
- From email recipients when they open messages, visit published pages, click links, or submit unsubscribe requests
- From infrastructure and service providers that help us deliver the platform, as described below
Why we use personal data
Service delivery
- Provide, operate, and maintain the Hubpitch website and application
- Authenticate users, manage workspaces, and enforce role-based access
- Send and receive email, render personalized landing pages, and run campaign workflows
- Generate AI-assisted drafts, personalization, embeddings, and in-product assistance
- Track page engagement and campaign performance for workspace operators
Billing, compliance, and trust
- Process subscriptions, invoices, and plan limits
- Provide workspace-level and lead-level GDPR export and erasure tooling
- Maintain audit trails, suppression lists, and legally required send records
- Detect abuse, protect deliverability, and keep the platform secure
- Respond to support requests and communicate product or security updates
Legal bases (GDPR)
Where GDPR applies, we rely on one or more of the following legal bases: performance of a contract (Art. 6(1)(b)), legitimate interests in operating and securing a B2B SaaS platform (Art. 6(1)(f)), compliance with legal obligations (Art. 6(1)(c)), and consent where required (Art. 6(1)(a)).
Customers are responsible for determining and documenting the lawful basis for processing the lead and prospect data they upload into Hubpitch.
AI features
Hubpitch uses large-language-model providers to power drafting, personalization, embeddings, and in-product assistants. Depending on workspace configuration, prompts may include lead context, brand profile data, campaign content, and operator instructions.
AI outputs are generated automatically and should be reviewed by your team before sending or publishing. We meter AI usage by workspace and retain token accounting needed for billing, limits, and abuse prevention.
Do not submit special categories of personal data or information you are not authorized to share with AI subprocessors unless your organization has assessed the risk and put appropriate safeguards in place.
Retention
We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
- Account and workspace records: for the life of the workspace and a reasonable period thereafter
- Billing and tax-relevant records: as required under commercial and tax law
- Audit and erasure logs: retained to demonstrate accountability; erasure-log rows are designed to survive deletion events they document
- Outbound and inbound message records after lead erasure: metadata and send history may be retained in redacted form where commercial or legal retention duties require proof of transmission
- Suppression entries: retained to honour opt-out and do-not-contact obligations
- Activity log retention: plan-dependent (for example 30 days, 12 months, or unlimited on higher tiers)
Security
We use technical and organizational measures appropriate to a B2B SaaS platform, including access controls, workspace isolation, encrypted transport, secrets hygiene, audit logging, and operational monitoring.
No method of transmission or storage is completely secure. If you believe your account or workspace has been compromised, contact us immediately at contact@hubpitch.ai.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, object to, or port personal data, and to withdraw consent where processing is consent-based.
You may also lodge a complaint with your local supervisory authority. In Germany, this is typically the authority for your place of residence or work.
Exercising your rights
- Hubpitch account holders: contact contact@hubpitch.ai or use in-product privacy controls where available
- Workspace owners and admins: export workspace data from Settings → Privacy & data
- Lead-level access or erasure requests for data controlled by a customer: contact the organization that contacted you; Hubpitch assists our customers in fulfilling those requests through workspace tooling and support
- Marketing contacts: email contact@hubpitch.ai to update or delete demo or newsletter details
Customer responsibilities
- Obtain a valid legal basis before uploading or contacting leads
- Provide required notices and honour opt-out, unsubscribe, and do-not-contact requests promptly
- Configure sending domains, identities, and content in line with applicable anti-spam and data-protection law
- Use Hubpitch export and erasure tools, or contact us, when data-subject requests require action in your workspace
- Avoid uploading unnecessary sensitive data and review AI-generated content before sending
Children
Hubpitch is not directed at children and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact contact@hubpitch.ai.
Changes to this policy
We may update this policy to reflect product, legal, or operational changes. We will post the revised version on hubpitch.ai/privacy and update the “Last updated” date. Material changes may also be communicated through the product or by email where appropriate.
Contact
Questions about this Privacy Policy or our data-protection practices: contact@hubpitch.ai
Postal address: Hubpitch UG (haftungsbeschränkt) in formation, Forsmannstraße 22A, 22303 Hamburg, Germany.