Privacy Policy

Last updated: April 12, 2026

1. Overview

At Juno Maps, LLC d/b/a Hubity ("we," "us," or "our"), your privacy is foundational, not an afterthought. Hubity is built with privacy-first architecture. This policy explains what data we collect, how we use it, and the controls you have.

2. Data We Collect

Account Information

When you create an account, we collect your name, email address, company name, and role. This information is used to personalize your experience and manage your subscription.

Conversations

Messages you send and receive within the Service are stored to provide conversation history and context for AI responses. Conversations are encrypted at rest and are private to you unless you choose to share them with your team.

Knowledge Base Content

Documents, files, and information you upload to your company knowledge base are stored securely and used exclusively to provide contextualized AI responses for your organization. We do not access, read, or share this content outside of providing the Service.

Usage Data

We collect anonymized usage metrics such as message counts, feature usage, and performance data to improve the Service. This data is aggregated and cannot be used to identify individual users or their content.

Sources of Personal Information

We collect personal information from the following categories of sources:

Directly from you: When you register, update your profile, send messages, or upload documents
OAuth identity providers: Google and Microsoft provide your name, email address, and account identifier when you sign in via their services
Your employer / company administrator: Company owners and admins may add your profile, role, and HR information (salary, contact details) on your behalf
Automatically from your device: IP address, browser type, and interaction events collected when you use the Service
Security and fraud prevention: Cloudflare Turnstile collects browser signals to verify you are a human during sign-in

3. How We Use Your Data

Provide, maintain, and improve the Service
Generate AI-powered responses contextual to your business
Send transactional communications (account updates, billing receipts)
Detect and prevent fraud, abuse, and security threats
Comply with legal obligations

We never:

Sell your personal data or business content to third parties
Use your proprietary data to train AI models
Share your conversations or documents with other customers
Display advertising based on your content

4. AI Processing

Hubity uses multiple AI providers. The system automatically selects the most capable model for each task, or respects your workspace's configured provider preferences. The providers we work with are:

Anthropic (Claude) powers the majority of chat, reasoning, coding, writing, and analysis tasks. Anthropic also powers background features including daily briefings, knowledge base analysis, meeting summaries, and document processing.
OpenAI (GPT) is used for tasks where its models perform best, including structured data extraction, chart generation, and quantitative financial analysis. It may also serve as a fallback when the primary provider is temporarily unavailable.
Google (Gemini) is available on Team, Business, and Enterprise plans and is selected for tasks involving very long documents (leveraging its extended context window), multilingual content, and translation. Gemini is also available as a manual model choice.

Each response in the chat interface displays a small attribution noting which model generated it, so you always know which provider processed your query.

All three providers operate under strict data processing agreements that prohibit them from retaining your data beyond the API request lifecycle, using your data to train or improve their models, or sharing your data with any third parties. All transmissions use modern encrypted connections.

Business and Enterprise customers may configure their own API keys (Bring Your Own Key) for any supported provider. When you provide your own key, your data is processed directly under your agreement with that provider rather than through ours.

You may request human review of any automated analysis or recommendation generated by the Service. The Service does not make legally binding or similarly significant decisions about individuals based solely on automated processing.

5. Data Security

We implement comprehensive security measures:

Encryption at rest: All stored data is encrypted using industry-standard methods
Encryption in transit: All data transfers use modern encrypted connections
Access controls: Role-based permissions with principle of least privilege
Infrastructure: Hosted on enterprise-grade infrastructure with continuous monitoring, automated backups, and redundancy
Isolation: Company data is logically isolated. No cross-tenant access is possible
Monitoring: Continuous security monitoring and automated threat detection

6. Data Retention

We retain your data for the duration of your account and in accordance with your plan's conversation history limits. When you delete a conversation, it is permanently removed from our systems within 30 days. When you close your account, your data is deleted within 30 days and encrypted backups are purged within 90 days, except where retention is required by law.

7. Your Rights

You have the right to:

Access: Request a copy of all data we hold about you
Rectification: Correct inaccurate personal information
Deletion: Request deletion of your account and associated data
Portability: Export your data in a standard format
Restriction: Limit how we process your data
Objection: Object to specific data processing activities

To exercise any of these rights, contact us at [email protected]. We respond to all requests within the timeframes required by applicable law.

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not display advertising or sell your data to advertising networks.

We use Google Analytics 4 to understand how visitors use our website (hubity.io). This tool collects anonymized usage data including pages visited, session duration, scroll depth, and general engagement patterns. It uses cookies and a unique analytics identifier. The data is processed by Google under their privacy policy. We use this information solely to improve the product and user experience.

Google Analytics is loaded only after your first interaction with the page (click, scroll, or keypress) and is not active during pure page views with no interaction. You can opt out at any time by installing the Google Analytics Opt-out Browser Add-on.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it promptly.

10. International Data Transfers

Your data may be processed in the United States, where our infrastructure is located. For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland, we rely on applicable transfer mechanisms including approved data transfer frameworks and, where applicable, standard contractual clauses.

11. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for collecting and using your personal data depends on the data and the context:

Contract performance: Processing necessary to provide the Service you signed up for
Legitimate interests: Improving the Service, preventing fraud, and ensuring security
Legal obligation: Compliance with applicable laws and regulations
Consent: Where you have explicitly consented to specific processing activities

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you in the preceding 12 months, including the categories of sources, business purposes, and categories of third parties with whom we shared it
Right to Delete: You may request deletion of your personal information, subject to certain exceptions
Right to Opt-Out: We do not sell or share your personal information with third parties as defined under California law. We do not use your data for cross-context behavioral advertising. You may still submit a formal opt-out request using the methods below
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Right to Correct: You may request correction of inaccurate personal information

Prior 12-Month Disclosures

In the preceding 12 months, we have disclosed the following categories of personal information to the following categories of service providers for business purposes:

Identifiers (name, email, IP address): disclosed to cloud infrastructure providers (Vercel, Neon), error tracking provider (Sentry), and email delivery provider (Resend) to operate the Service
Internet activity (usage metrics, page views): disclosed to website analytics provider (Google Analytics) in anonymized form
Commercial information (subscription plan, billing details): disclosed to payment processor (Stripe) to process transactions
Content (messages, knowledge base documents): disclosed to AI processing providers (Anthropic, OpenAI, and Google depending on task type and workspace configuration) solely to generate responses within the API request lifecycle; not retained by providers

We have not sold or shared personal information for monetary consideration or cross-context behavioral advertising in the preceding 12 months.

How to Submit a Request

You may submit a verifiable consumer request using either of the following methods:

Online form: hubity.io/privacy-request
Email: [email protected]

We will verify your identity before processing your request and respond within 45 days. We may extend the response period by an additional 45 days when reasonably necessary, with prior notice. Authorized agents may submit requests on your behalf; we may require written authorization and proof of identity.

13. Third-Party Services

The Service integrates with the following categories of third-party providers. Each operates under their own privacy policies and data processing agreements:

AI Processing: Anthropic (Claude), OpenAI (GPT), and Google (Gemini). The system routes each request to the most capable available model. All three operate under strict no-retention agreements; no data is retained beyond the API request lifecycle.
Analytics: Anonymized website usage tracking (interaction-triggered only)
Hosting: Enterprise-grade cloud infrastructure with encryption and redundancy
Database: Encrypted database with continuous backups
Email: Transactional email delivery only
Payments: Stripe (we never store card details)

We do not share your data with any providers beyond what is strictly necessary to operate the Service.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through a notice in the Service. The "Last updated" date at the top indicates when the latest revision took effect.

15. Contact Us

For privacy inquiries, data requests, or concerns:

Juno Maps, LLC d/b/a Hubity
20130 Lakeview Center Plaza, Ste. 400
Ashburn, VA 20147
United States

Email: [email protected]
Web: hubity.io