sighub.io

Privacy Policy

Last updated: July 9, 2026

Sighub.io ("Sighub", "we", "our", "us") is a sole proprietorship based in Rotterdam, the Netherlands, registered with the Dutch Chamber of Commerce (KvK) under number 42083108. We operate the sighub.io website and the Sighub HubSpot application (Renewal Radar). This policy describes what data we access, store, and how we handle it.

What data we access

Sighub reads the following data from your HubSpot portal through the official HubSpot API:

  • Company property definitions and Company values, including names, contract dates, custom properties selected during setup, lifecycle stage, owner, and currency
  • Associated deals, line items, quotes, subscriptions, and supported custom objects when the relevant optional scope is granted
  • Meeting, call, and one-to-one email engagement metadata such as timestamps, direction, outcome, and status — not message or note content
  • Sighub-created tasks, including status, dates, owner, subject, and body used to maintain or close the task
  • Ticket status and counts — not ticket conversation content
  • Contact associations and activity timestamps — not CRM contact email addresses or message content
  • HubSpot owner identifiers, names, and business email addresses when available for task routing and display

Sighub does not read the content of your emails, meeting notes, or ticket conversations. We only access metadata such as dates, counts, and status fields.

A complete overview of the data shared between Sighub and HubSpot is described in this Privacy Policy and in our Data & privacy documentation.

What data we store

Sighub stores the following outside of your HubSpot portal:

  • OAuth tokens: encrypted at rest using AES-256-GCM and used only to authenticate HubSpot API requests
  • Portal configuration: mapped properties, renewal thresholds, owner routing, onboarding and activation state
  • Risk snapshots: HubSpot Company ID and name, renewal date, value and currency, signal type, severity, confidence, evidence strings, owner ID/name, task status, and evaluation timestamps
  • Action records: operational records for Sighub-created tasks, including the same risk context, HubSpot task IDs/status, and the assigned owner's business email address when available
  • Risk controls and outcomes: snooze, mark healthy, renewed, lost, exclude, reasons, and expiry timestamps
  • Reports: optional report-recipient email addresses and random access tokens used for scan, PDF, and share links
  • Billing state: Stripe customer ID, subscription ID, price, plan, status, and billing timestamps. Stripe handles card and full payment details.

What data we do NOT store

  • Email bodies or CRM contact email addresses
  • Meeting notes, note content, or call recordings
  • Ticket conversation content
  • Full copies of HubSpot Company, Contact, Deal, or Ticket records
  • Card numbers or full payment details

Data sharing

Sighub does not sell your data or share it for advertising. We share data only with the providers listed under "Service providers (sub-processors)" below and only to operate the service, process billing, provide website analytics under your consent choice, or receive a form you choose to submit. HubSpot portal data is used exclusively to provide Renewal Radar to your portal.

Data security

  • All data in transit is encrypted via HTTPS/TLS
  • OAuth tokens are encrypted at rest using AES-256-GCM
  • Backend requests are validated using HubSpot's request signature protocol
  • Access to stored data is restricted to authenticated portal sessions

Data retention

  • OAuth tokens, portal configuration, risk snapshots, action records, risk controls, report recipients, and share tokens are retained while the installation is active so the service can monitor, explain, reconcile, and report on renewal risks.
  • Single-use OAuth state records expire after 15 minutes.
  • Portal-linked service data is deleted when HubSpot sends the app-uninstall lifecycle event, or earlier after a verified manual deletion request.
  • Partner inquiry and other contact-form data is retained only as long as needed to answer the inquiry and manage the requested business relationship; you can request deletion at any time.
  • Billing records and transaction data may be retained where required for accounting, tax, fraud-prevention, or legal obligations.

Data deletion

When you uninstall Renewal Radar from HubSpot, Sighub deletes the stored portal record and its linked OAuth tokens, configuration, risk snapshots, action records, risk controls, report recipients, billing links, and share tokens. Tasks previously created in HubSpot remain in your HubSpot account as standard HubSpot tasks.

To request manual deletion of your data, contact support@sighub.io.

Your rights under GDPR

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: request a copy of the data we process about your portal
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your data at any time
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to our processing of your data

To exercise any of these rights, contact support@sighub.io. We will respond within 30 days.

Legal basis for processing

We process your data based on the following legal grounds under GDPR Article 6:

  • Contractual necessity (Art. 6(1)(b)): processing is necessary to provide the Sighub service you installed
  • Legitimate interest (Art. 6(1)(f)): audit logging for security and service reliability
  • Consent (Art. 6(1)(a)): optional website analytics and future marketing cookies on sighub.io, only after you opt in via the cookie banner. You can withdraw consent at any time; withdrawal does not affect the lawfulness of processing carried out before it

International data transfers

Your data may be processed on servers located outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Google (Google Analytics, Search Console) may process data on servers in the United States. Google LLC is certified under the EU–US Data Privacy Framework, and its processing is additionally covered by Standard Contractual Clauses.

Stripe, our payment processor, may process billing data in the United States. Stripe, Inc. is certified under the EU–US Data Privacy Framework, and its processing is additionally covered by Standard Contractual Clauses.

Vercel and Formspree may process website request or submitted-form data outside the EEA. We rely on their applicable data-protection terms and transfer safeguards, including Standard Contractual Clauses where required.

Controller and processor roles

For the data processed inside your HubSpot portal, Sighub acts as the data processor on behalf of your organisation (the data controller). Your organisation determines which HubSpot data Sighub accesses through the property mapping configuration.

For visitor data collected on sighub.io — including consent choices, analytics data, partner inquiries, and optional report-email requests — Sighub is the data controller. You can reach us via the contact details under "Privacy contact" below.

Supervisory authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority in the EEA.

Service providers (sub-processors)

Sighub relies on a small number of trusted infrastructure providers to operate the website and the application. Each provider only processes the data described below and is contractually bound to appropriate data protection terms.

Vercel, website hosting. The marketing website (sighub.io) is deployed on Vercel. Vercel processes request metadata such as IP address, user agent, URL, timing, and technical logs to serve and protect the website.

Formspree, submitted forms. If you submit the contact-led Partner form, Formspree processes the name, work email, company, client-portal range, and optional message you provide so Sighub can respond. Formspree is not required to install Renewal Radar or run the free scan.

Railway, backend and application hosting. The Sighub backend (the service that talks to your HubSpot portal, runs scans and creates tasks) is hosted on Railway. Railway processes technical operational data on our behalf, including incoming API requests, server logs, error traces and the IP addresses of clients interacting with the backend. This data is used solely to run the service, debug failures and protect against abuse.

GoDaddy, domain registration and DNS. The sighub.io domain and DNS records are managed through GoDaddy. As part of resolving the domain, GoDaddy processes technical data such as IP addresses, DNS lookups and request logs. GoDaddy does not have access to application data inside Sighub.

Google Search Console, aggregated search performance. We use Google Search Console to see aggregated search statistics for sighub.io, such as clicks, impressions, average position and search queries. Search Console does not place tracking cookies on visitors through this website. The data we receive from Google is aggregated and not linked to individual visitors.

Google Analytics 4, consent-based website analytics. We use Google Analytics 4 on sighub.io to measure website usage, with Google Consent Mode. Until you accept the Analytics category in the cookie banner, no cookies or personal data are stored on your device and Google only receives aggregated, cookieless measurement signals. After opt-in it places the measurement cookies described in the cookie section below. Analytics data is not used for advertising.

HubSpot, your CRM platform. HubSpot is your platform, not ours. Sighub interacts with your HubSpot portal via the official HubSpot API under the OAuth permissions you grant during installation, as described in "What data we access" above.

Stripe, payment processing. When you subscribe to a paid Sighub plan, payments are processed by Stripe. Stripe collects and processes your billing and payment data (such as your name, email address, payment method and card details, billing address and transaction history) to take payment and prevent fraud. Sighub never receives or stores your full card details; we store only your Stripe customer ID, subscription ID, plan and subscription status. Stripe acts as an independent controller for the payment data it processes. For details see Stripe's own Privacy Policy.

Cookies and tracking on sighub.io

The sighub.io marketing website uses an opt-in approach to cookies and similar technologies. No non-essential cookies are written and no personal data is stored on your device until you give consent through the cookie banner.

Strictly necessary (always on): a single browser localStorage entry that records your consent preferences so we do not have to ask again on every page. No personal data, no third party.

Hosting and security logs (strictly necessary): Vercel processes request metadata and technical logs to deliver and protect the website. Sighub does not use a separate Vercel Analytics tracking script.

Search Console (no cookies on visitors): Google Search Console does not place tracking cookies on visitors through this website. It only reports aggregated search performance data to us from Google's side.

Analytics (off by default): with your consent we use Google Analytics 4 to understand website usage and improve the product experience. We run Google Consent Mode: until you accept the Analytics category, no analytics cookies are placed and Google only receives aggregated, cookieless measurement signals. After opt-in the measurement cookies _ga and _ga_* are placed (first-party cookies that distinguish visitors, valid for up to 2 years). IP anonymization and privacy-friendly settings are enabled where possible. We do not use analytics for advertising or cross-site tracking.

Marketing (off by default): reserved for future advertising or attribution pixels. Not used at this time.

You can change or withdraw your consent at any moment via the Cookie settings link in the footer of every page. Withdrawing consent deletes the analytics cookies and returns Google Analytics to its cookieless mode from that moment on.

This cookie policy applies to sighub.io only. Data processed inside your HubSpot portal by the Sighub application is governed by the rest of this Privacy Policy.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

Privacy contact

The data controller for sighub.io is Sighub.io, a sole proprietorship based in Rotterdam, the Netherlands, registered with the Dutch Chamber of Commerce (KvK) under number 42083108. For privacy-related questions: support@sighub.io