Back to Home

Privacy Policy

Effective Date: April 10, 2026 · Last Updated: April 10, 2026

1. Introduction

BlueOshan Technologies ("we", "our", "us") operates OptiHub, a HubSpot marketplace application. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. We are committed to protecting your privacy and complying with applicable data protection regulations including GDPR and CCPA.

2. Information We Collect

2.1 Account Information

  • Email address — Used for authentication (OTP verification) and communication.
  • Name — Provided during signup or via Google Sign-In.
  • Google account data — If you sign in with Google: profile name, email, avatar URL, and Google ID.

2.2 HubSpot Portal Data

  • Portal ID and domain — Identifies your connected HubSpot account.
  • OAuth tokens — Encrypted access and refresh tokens for maintaining the HubSpot connection.
  • CRM data processed in workflows — Contact, company, deal, and ticket properties passed through workflow actions. This data is processed transiently and not stored permanently.

2.3 Usage Data

  • Execution logs — Action type, status (success/error), execution time, timestamps. Input/output data may be logged for debugging (subject to retention limits).
  • Usage metrics — Daily execution counts by action type.
  • Payment records — Transaction IDs, amounts, plan selections. We do not store credit card numbers.

2.4 Technical Data

  • IP address and browser information — For security, rate limiting, and geo-detection.
  • Timezone and locale — For currency detection (USD/INR).

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To authenticate your identity and manage your account.
  • To execute workflow actions on your behalf within HubSpot.
  • To track usage and enforce subscription plan limits.
  • To process payments and manage billing.
  • To send transactional emails (OTP codes, usage alerts, payment receipts).
  • To respond to support requests and inquiries.
  • To detect and prevent fraud, abuse, and security incidents.

4. Data Storage and Security

Your data is stored on AWS infrastructure (DynamoDB) in the US East region. We implement the following security measures:

  • Encryption at rest — All sensitive data (OAuth tokens, user secrets) is encrypted using AES-256-GCM with unique IVs and authentication tags.
  • Encryption in transit — All communications use TLS 1.2+.
  • Code sandboxing — Custom code executes in isolated VM sandboxes with no filesystem or network access.
  • SSRF protection — Webhook URLs are validated against private IP ranges and metadata endpoints.
  • OTP hashing — Verification codes are stored as SHA-256 hashes, never in plaintext.
  • Access control — JWT-based authentication with token expiration.

5. Data Retention

We retain your data according to the following schedule:

  • Account data — Retained while your account is active, deleted 30 days after account termination.
  • Execution logs — Retained per plan: Free (7 days), Starter (30 days), Pro (90 days), Custom (365 days).
  • Usage data — Retained for 12 months for analytics.
  • Payment records — Retained for 7 years for tax and legal compliance.
  • OTP records — Automatically deleted after 10 minutes (TTL).

6. Third-Party Services

We use the following third-party services:

  • HubSpot — CRM platform integration via OAuth. Subject to HubSpot's Privacy Policy.
  • Google — Sign-In authentication. Subject to Google's Privacy Policy.
  • Amazon Web Services (AWS) — Cloud infrastructure (DynamoDB, Lambda). Subject to AWS Privacy Policy.
  • HDFC Payment Gateway — Payment processing. We do not store credit card details.
  • Gmail SMTP — Transactional email delivery.

7. Your Rights

Under applicable data protection laws (including GDPR and CCPA), you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Update or correct inaccurate personal data.
  • Deletion — Request deletion of your personal data ("right to be forgotten").
  • Portability — Request your data in a machine-readable format.
  • Restriction — Request that we limit processing of your data.
  • Objection — Object to processing based on legitimate interests.
  • Withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at sales@optihub.in. We will respond within 30 days.

8. Cookies and Local Storage

OptiHub uses minimal browser storage:

  • localStorage — Authentication tokens (optihub_user_token, optihub_portal_token) and cached user data. Essential for the Service to function.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (AWS infrastructure). We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top indicates when the policy was last revised.

12. Contact Us

For privacy-related questions or to exercise your data rights:

Email: sales@optihub.in
BlueOshan Technologies, India