Privacy / Security

Privacy Policy

HubSync Co. (collectively with its subsidiaries, “Company,” “the Company,” “we,” “us,” and “our,”) respects your privacy and is committed to protecting your privacy through our compliance with this Privacy Policy (the “Policy”). This Policy should be read in conjunction with our Terms of Use, into which this Policy is incorporated by reference.  

This Privacy Policy explains how HubSync collects, uses, and shares your personal information when you visit our website. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). 

This Policy describes:

  • The types of information we collect from you or that you may provide when you visit our website available at: https://hubsync.com/ as well as any websites and blogs directly owned by the Company (collectively, our “Website”), or any related application or software that is published, owned and operated by the company (the “Software”, and together with the Website, the “Platform”).  
  • Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy applies to information we collect on the Platform or in emails and other electronic messages between you and the Platform, and information gathered when you interact with our advertising on third-party websites if such advertisements include links to this Policy.

This Policy does not apply to information collected by us offline or through any other means, including on any other website operated by any third party, or information collected by any third party through any application or content (including advertising) that may link to or be accessible from the Platform (for further information, see below, “Third-party Websites”).

Use of the Software and any user information associated with the Software may also be subject to the terms of separate written agreements between the Company and its contracted clients (“Clients”). When applicable, this Policy may be superseded by specific terms in the aforementioned written agreements between the Company and its Clients. If you use any materials from the Platform, you agree to be bound by the aforementioned written agreements as well as any posted guidelines and policies related to the materials you wish to use, as applicable. When applicable, if you do not agree to the terms of such applicable agreements, you will not be able to use the Software.

Please read this Policy carefully to understand our practices regarding your information and how we will treat it.  If you do not agree with our policies and practices, then please do not use our Platform. By using our Platform, you agree to the terms of this Policy. This Policy may change from time to time (see below, “Changes to this Policy”). Your continued use of our Platform after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

What information does the Platform collect?

To ensure that we provide you with the best possible experience, we will store, use, and share information about you in accordance with this Policy.

Information You Provide to Us

Personal Information is any information that can be used to individually identify you from a larger group, such as data including, but not limited to, your:

  • First and last name;
  • Email address;
  • Mailing address;
  • Social Security numbers;
  • IP address 
  • Browser type 
  • Operating system 
  • Payment information 
  • Financial Information (e.g., tax filings and other personal financial documents);  
  • Comments or messages provided in free text boxes; and
  • Other information you voluntarily provide.

You may provide us Personal Information when you:

  • Request information;
  • Schedule a demonstration;
  • Upload documents or other content on the Platform;
  • Subscribe to our emails or newsletters;
  • Visit our website and use our services; 
  • Register for an account; 
  • Contact us for support;
  • Use the Platform to message other users; and
  • Register yourself with the Platform.

The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email, free text boxes or the Software messaging system, such as contacting the Company to request further information or messaging other users. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data when it is not needed. Additionally, we may ask you to create a username and password that should only be known to you.

Moreover, as a user of the Software, you may have the opportunity to upload the documents and Personal Information of other users or individuals. When uploading such documents or Personal Information, you are solely responsible for obtaining the necessary consents and authorizations from any other users or individuals in accordance with applicable data security laws and regulations, and the Company shall not be responsible or held liable for your failure to obtain the necessary consents.

What Automated Tools Do We Use on our Website?

In addition to the information that you provide to us, we may also collect information about you during your visit to our Website. We collect this information using automated tools that are detailed below. These tools may collect information about your behavior and your computer system, such as your internet address (IP Address), the pages you have viewed, and the actions you have taken while using the Website. Some of the tools we use to automatically collect information about you may include:

  1. Cookies. A “cookie” is a small data file transmitted from a website to your device’s hard drive. Cookies are usually defined in one of two ways, and we may use either (or both) of them:

(1) session cookies, which do not stay on your device after you close your browser, and  
(2) persistent cookies, which remain on your device until you delete them, or they expire.

Of course, if you do not wish to have cookies on your devices, you may turn them off at any time by modifying your internet browser’s settings. However, by disabling cookies on your device, you may be prohibited from full use of the Website’s features or lose access to some functionality.

  1. Google Analytics. One of our trusted third parties is Google Analytics. The Website sends aggregated, non-Personal Information to Google Analytics for the purpose of providing us with the ability to conduct technical and statistical analysis on the Website’s performance. For more information on how Google Analytics supports the Website and uses information sent from the Website, please review Google’s privacy policy available at https://policies.google.com/ technologies/partner-sites

  1. Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. Some of the third-party marketers we engage with may use Web Beacons to track your interaction with online advertising banners on our Website. This information is only collected in aggregate form and will not be linked to your Personal Information.  Please note that any image file on a webpage can act as a Web Beacon.

  1. Embedded Web Links. Links provided in our emails and, in some cases, on third-party websites may include tracking technology embedded in the link. The tracking is accomplished through a redirection system. The redirection system allows us to understand how the link is being used by email recipients. Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you. This data is used to improve our service to you and to help us understand the performance of our marketing campaigns.

  1. Third-party Websites and Services. We work with a number of service providers of marketing communications technology. These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide. The information collected can be gathered on our Website and also on the websites where our marketing communications are appearing. For example, we may collect data where our banner advertisements are displayed on third-party websites.

Do I have any choices in selecting preferences for privacy?

Yes. We want to provide you with relevant information that you have requested.

If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.

We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.

Any such communications you receive from us will be administered in accordance with your preferences and this Policy.

How can I make sure my Personal Information is accurate?

We strive to maintain and process your information accurately. We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements. We employ technologies designed to help us maintain information accuracy on input and processing.

Where we can provide you access to your Personal Information in our possession, we will always ask you for a username and password to help protect your privacy and security. We recommend that you keep your password safe, that you change it periodically, and that you do not disclose it to any other person or allow any other person to use it.

To view and change the Personal Information that you have provided to us, you can log in to your account and follow the instructions on that webpage, or contact us directly for assistance.

Does the Platform collect information about minors?

We do not intentionally seek to gather information from individuals under the age of eighteen (18). We do not target the Platform to minors, and would not expect them to be engaging with our Platform or services. We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet. If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.

How does HubSync use my information?

The information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to:

  • Assisting you with items such as personalized experiences, facilitation of product usage, and enforcement of the Terms of Use.
  • Preventing malicious activity and providing you with a secure experience.
  • Providing service and support for services you request.
  • Providing marketing communications that are effective and optimized for you.
  • Keeping you up-to-date with the latest benefits available from us.
  • Preventing unwanted messages or content.
  • Measuring the performance of our marketing programs.
  • Improve our website and services 
  • Contacting you about services and offers that are relevant to you.

How does HubSync share my information?

We will not share Personal Information with any third parties except as described in this Policy, including the following:

  • Clients. We may share with a Client the basic employee information relevant to your individual Platform account. A Client’s actions are solely based on a Client’s own policies and procedures, so please read those carefully and direct questions to your employer.
  • Vendors. We may share your Personal Information with third-party vendors, contractors, and other service providers working on behalf of the Company who require access to your Personal Information to carry out their support of our Services.
  • Compliance with Laws. We may disclose your Personal Information to a third party if (1) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, subpoena, or court order: (2) to respond to duly authorized information requests from law enforcement or other governmental authorities: (3) to enforce our agreements, policies, or Terms and Conditions of Use: (4) to investigate and help prevent security threats, fraud, or other malicious activity; or (5) to respond to an emergency, which we believe in good faith requires us to disclose such information to assist in preventing the death or serious bodily injury of any person or Company employee.

There are circumstances where the Company may decide to buy, sell, or reorganize its business in selected countries. Under these circumstances, it may be necessary to share or receive Personal Information with prospective or actual partners or affiliates. In such circumstances, the Company will ensure your information is used in accordance with this Policy.

Are any of the websites linked to the Platform owned by HubSync?

No. This Policy does not apply to websites or other domains that are maintained or operated by third parties or our affiliates. Our Platform may link to third-party websites and services, but these links are not endorsements of these sites, and this Policy does not extend to them. Because this Policy is not enforced on these third-party websites, we encourage you to read any posted privacy policy of the third-party website before using the service or site and providing any information.

What if I am a California resident?

Pursuant to California Civil Code Section 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.

Other than as disclosed in this Policy, the Platform does not track users over time and across third-party websites to provide targeted advertising. Therefore, the Platform does not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.

What if I use the Platform outside of the United States?

To provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.

Will this Policy change?

Possibly. If we make any changes to this Policy, a revised Policy will be posted on this webpage and the date of the change will be reported in the “Last Revised” block above. You can get to this page from any of our webpages by clicking on the “Privacy Policy” link (usually at the bottom of the screen).

How does HubSync safeguard my information?

We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password.  If you believe your credentials have been compromised, please change your password. Please also notify us of any unauthorized use.

How long will data be retained? 

We retain your personal information for as long as necessary to provide you with our services and comply with our legal obligations. We also retain your personal information for a reasonable period after you cease using our services in case you need to access or recover your account information. 

Your rights under the GDPR 

Under the GDPR, you have the following rights: 

  • The right to access your personal information 
  • The right to rectify your personal information 
  • The right to erase your personal information 
  • The right to restrict processing of your personal information 
  • The right to object to processing of your personal information 
  • The right to data portability 

To exercise any of these rights, please contact us at privacy@hubsync.com  

Additional information for GDPR compliance 

In addition to the above, we have implemented the following measures to comply with the GDPR: 

  • We have appointed an EU Representative who is responsible for overseeing our compliance with the GDPR. 
  • We have implemented a data breach response plan in the event that your personal information is compromised. 
  • We have provided our employees with training on the GDPR and their privacy obligations. 

We are committed to protecting your privacy and complying with the GDPR. If you have any questions or concerns, please do not hesitate to contact us. 

How do I contact you for more information?

We value your opinions and welcome your feedback.  To contact us about this Policy or your Personal Information, please contact us at privacy@hubsync.com

Security Overview

Security Summary

HubSync is committed to providing the highest level of security for our clients and their data. As part of this commitment, we have achieved General Data Protection Regulation (GDPR) and System and Organization Controls (SOC2) compliances, a rigorous third-party audit of our controls and processes related to Security, Availability, and Confidentiality.

  • Security – Controls that protect against unauthorized access, use, disclosure, alteration or damage to systems.
  • Availability – Controls that keep systems operational and available at a level that meets the highest industry standards.
  • Confidentiality – Controls that protect confidential information throughout its lifecycle from collection and processing to disposal.

To maintain our SOC2 and GDPR compliances, we have deployed HubSync with a “security first” focus along with ongoing supporting controls, including:

Security Hosting

We use the most secure cloud computing environment available today – Amazon WebServices (AWS). AWS data centers and networks are architected to protect information, identities, applications, and devices. All data flowing across our platform is encrypted in transit and our databases housing customer data are encrypted at rest. The network is segmented to prevent unauthorized access. This allows us to achieve rigorous security and compliance requirements, such as data residency, protection, and confidentiality.

24/7 Network Operations Center

HubSync has a dedicated team monitoring systems 24/7, so we can quickly detect and resolve any issues that may arise in our production systems. This ensures the availability of our platform at all times. Our team uses the latest monitoring and performance software with automated alerts, robust logging, and real-time dashboards. Our infrastructure is constantly updated with the latest infrastructure and security releases, and auto-scales as usage increases during peak times (e.g., tax busy season).

Infrastructure Durability & Automation

AWS provides scalable hosting composed of AWS Regions and Availability Zones which allow HubSync to utilize multiple data centers across the United States with failover capabilities to ensure uptime and reliability. By using infrastructure as code (IaC) to manage and automate the provisioning and management of our AWS infrastructure, HubSync ensures that our systems are configured consistently, securely and can be scaled across the AWS cloud platform. We use version control to track changes to our infrastructure and regularly review and test our infrastructure automation and failover.

Threat Detection Management

We use the leading provider of threat intelligence and detection services to monitor cyber security threats and block any potential intrusion attempts. We protect our infrastructure perimeter using tools such as AWS Web Application Firewall, AWS Shield and Firewall Manager. Regular vulnerability scanning is performed by our NOC team along with 24/7incident response support.

Penetration Testing

In addition to regular vulnerability scanning, HubSync engages 2x per year with a trusted third party to simulate cyber-attacks and test the resilience of our systems. This helps ensure the security of our platform and the data of our clients. We use techniques such as simulating attacks from various angles and testing all publicly accessible entry points to ensure that our systems are secure. We also utilize code quality tools on a daily basis to ensure our code is secure as we enhance the platform with new features.

Security Training for Employees

We mandate regular security training for all employees to ensure awareness and education of security best practices along with our policies for reporting potential threats. Our training covers the latest threats and vulnerabilities and provides hands-on exercises to help employees and developers apply what they have learned. This helps ensure the security of our platform and client data.

Overall, these measures help us ensure the security, availability, and confidentiality of our platform and client data. A full SOC2 report is available upon request. If you have any questions about the measures we have in place, please don't hesitate to contact us at privacy@hubsync.com