1. Who We Are

Hubeu is operated by Hexer Network Oy, a Finnish company committed to European data sovereignty. We're headquartered in Helsinki, Finland, and all our operations are governed by Finnish and EU law.

Data Controller:

Hexer Network Oy (trading as Hubeu)
PL 13, 00561 Helsinki, Finland
Business ID: FI34666919
Email: privacy@hubeu.com

2. What Data We Currently Collect

As an early-stage platform, we collect only essential data for service operation:

Account Information

Email address (for account creation and authentication via Supabase)
Username/display name (optional)
Account preferences and settings
Newsletter subscription preference (optional - see section 3.1)

Application Data

Deployment configurations and build settings
Application source code and static files (for hosting)
Build logs and deployment history
Domain names and DNS configurations

Technical Data

IP addresses (for security and access control)
Basic usage statistics (deployments, bandwidth)
Error logs and system performance data
Authentication tokens and session data

What We DON'T Collect

Personal browsing behavior or cross-site tracking
Analytics cookies or advertising data
Biometric or sensitive personal information
Payment information (handled by EU payment processors when implemented)
Content of your deployed applications (we don't monitor or analyze your app data)

3. How We Use Your Data

We use your data exclusively for legitimate business purposes:

Service Delivery: Host and deploy your applications on our infrastructure
Account Management: Authenticate users and manage platform access
Technical Support: Troubleshoot issues and provide customer assistance
Security: Protect against fraud, abuse, and unauthorized access
Service Improvement: Analyze platform performance and reliability (aggregated data only)
Communication: Send service updates and security notifications (essential communications only)
Newsletter: Send product updates and tips (only if you opt-in - see section 3.1)

3.1 Newsletter Communications (Optional)

Newsletter is completely optional and requires your explicit consent.

You choose to opt-in during signup or via your profile settings. You can unsubscribe at any time.

What You'll Receive:

Product updates and feature announcements
European cloud infrastructure tips and best practices
Platform news and improvements
Occasional service updates relevant to your usage

Your Control:

Newsletter is completely optional and separate from your account
You actively choose to opt-in (never pre-checked, never automatic)
Unsubscribe anytime via the link in every email
Unsubscribing doesn't affect your Hubeu account or services
Manage preferences in your profile settings

How We Handle Newsletter Data:

Email addresses stored securely in EU-hosted database with encryption
Self-hosted PM2 mailer service (no third-party email processors)
Cryptographically secure unsubscribe tokens for your privacy
Your consent date and subscription status are recorded
Data retained only while subscribed; removed immediately upon unsubscribe

Legal Basis: Consent (GDPR Article 6(1)(a)) - You explicitly opt-in, and we record your consent.

4. Data Storage & Security

Your data is stored exclusively within the European Union:

Current Infrastructure

• Hetzner (Germany) - Primary hosting
• Scaleway (France) - Secondary hosting
• BunnyCDN (Slovenia) - Content delivery
• Self-hosted services (EU) - Newsletter, email

Security Measures

• TLS 1.2+ encryption in transit
• Database encryption at rest
• JWT-based authentication
• EU-only data processing
• Row-level security (RLS)

5. Your Rights (GDPR)

We respect all your GDPR rights. Here's how to exercise them:

Fully Operational

✓ Active

• Access: View your data in profile settings
• Rectification: Update account information anytime
• Erasure: Delete account via profile settings
• Portability: Export your data in JSON format
• Object: Unsubscribe from newsletter anytime

Manual Support

Email us

• Restriction: Contact privacy@hubeu.com
• Complex requests: We respond within 30 days
• Questions: privacy@hubeu.com

6. Cookies & Tracking

We use minimal, essential cookies only:

Authentication: Supabase session cookies to keep you logged in
Preferences: Theme and UI settings (stored locally)
Security: CSRF protection and fraud prevention

✓ No tracking cookies • ✓ No analytics cookies • ✓ No advertising cookies
We don't use Google Analytics, Facebook Pixel, or any other surveillance tools.

7. Data Sharing

We don't sell, rent, or share your personal data. The only data sharing occurs with:

EU Infrastructure Partners: Hetzner, Scaleway, Supabase, BunnyCDN (for service provision)
EU Payment Processors: Stripe (when payment features are implemented)
Legal Requirements: If required by Finnish/EU law or valid court order

All infrastructure partners are EU-based and bound by Data Processing Agreements (DPAs) as required by GDPR.

8. International Transfers

Simple answer: We don't do them. All your data stays within the European Union. No US cloud providers, no data transfers to countries with inadequate protection levels.

9. Data Retention

We retain data only as long as necessary:

Active Account Data: Retained while your account is active
Deleted Account Data: Purged within 30 days of deletion request
Backup Data: Removed from backups within 90 days
Newsletter Data: Immediately removed upon unsubscribe
Security Logs: Retained for 12 months for security purposes
Legal Requirements: Some data may be retained longer as required by Finnish law (e.g., invoices: 6 years)

10. Contact & Complaints

Questions about your privacy? We're here to help:

Privacy Contact

Email: privacy@hubeu.com
Response Time: Within 72 hours

Data Protection Authority

Finnish Data Protection Ombudsman
tietosuoja.fi

11. Changes to This Policy

We'll notify you of any material changes via email (if you have an account) and prominent notice on our platform. You'll have 30 days to review changes before they take effect. This policy evolves as we implement new features and compliance measures.