Privacy Policy
This Privacy Policy describes how Parcelace Tech Solutions Private Limited ("Hublle", "we", "us", or "our") collects, uses, stores and shares your information when you use our platform, integrations and services. We are committed to transparency, data minimisation and your right to control your personal data.
Information We Collect
1.1 Information You Provide Directly
When you register for or use Hublle, we collect:
- Account information: name, email address, phone number, company name, brand name, job title
- Billing information: processed securely via Razorpay or Shopify Billing — we do not store card numbers directly
- Communications: messages you send us via email, support chat or contact forms
- Profile preferences: notification settings, language preferences, account configuration
1.2 Information Collected Automatically
When you use our platform we automatically collect:
- Log data: IP address, browser type, device type, operating system, pages visited, timestamps
- Usage data: features used, flows created, automation events triggered, campaign performance
- Device data: device identifiers, screen resolution, language settings
- Location data: country and city-level location derived from IP address only
1.3 Information from Third-Party Integrations
When you connect third-party platforms to Hublle, we receive data necessary to operate those integrations. This is described in detail in Sections 3–6 for Facebook/Instagram, Google Gmail, WhatsApp and Shopify respectively.
How We Process Your Information
We process your information for the following purposes only:
2.1 Service Delivery
- Creating and managing your Hublle account
- Delivering WhatsApp automation, inbox, broadcast and flow builder features
- Processing payments and managing subscriptions
- Providing customer support and responding to enquiries
- Sending transactional notifications (order confirmations, billing receipts, system alerts)
2.2 Service Improvement
- Analysing usage patterns to improve product functionality
- Diagnosing technical issues and preventing errors
- Developing new features based on merchant feedback
2.3 Security and Compliance
- Preventing fraud, abuse and unauthorised access
- Complying with applicable legal obligations
- Enforcing our Terms of Service
Facebook & Instagram Data
Hublle is an official Meta Tech Partner. When you connect your Facebook Page or Instagram account, we access Meta Platform Data solely to provide the specific features you have enabled — inbox, comment automation, lead forms, and Click-to-WhatsApp analytics. We process this data on behalf of and at the direction of each merchant, and never for our own independent purposes.
3.1 What Data We Process
Depending on which features a merchant enables, we may process the following Meta Platform Data:
- Instagram & Facebook account identifiers — account ID, username, page ID and access token, used solely to link the merchant's connected account to their Hublle workspace.
- Instagram comments and DMs — comment content and direct messages received on the merchant's Instagram account, processed to power comment automation replies and the unified team inbox.
- Facebook Messenger conversations — incoming messages from the merchant's Facebook Page visitors, processed to display them in the Hublle team inbox and send agent replies.
- Facebook Lead Form submissions — name, phone number, email address and form field responses submitted by users to the merchant's Facebook lead forms, imported into Hublle CRM at the merchant's instruction.
- Ad campaign performance metrics — campaign name, spend, reach, impressions, and cost-per-result for Facebook/Instagram campaigns linked to the merchant's account, displayed in Hublle's analytics dashboard. We do not access or store audience targeting data, ad creatives, or personal user profiles.
3.2 How We Use This Data
Meta Platform Data is used exclusively to deliver the Hublle features the merchant has actively enabled. We do not use Meta Platform Data for advertising, to build user profiles for our own purposes, to train AI or machine learning models, or to share with any third party except the sub-processors listed below who help us operate the platform. Each merchant's Meta data is stored and processed in isolation from other merchants' data.
3.3 Data Retention & Deletion
Inbox conversation data (Instagram DMs and Facebook Messenger messages) is retained for 90 days from the date of receipt, then permanently deleted. Lead form submissions are retained for as long as the merchant maintains their Hublle account. Campaign performance metrics are retained for up to 12 months for dashboard reporting. Access tokens are deleted within 24 hours of a merchant revoking Hublle's connection.
Merchants may request deletion of their Meta Platform Data at any time. End users whose data has been shared with Hublle via a merchant's connected Meta account may also submit a deletion request using the link below.
If you are an end user whose data was shared with Hublle through a merchant's Facebook or Instagram integration, you have the right to request deletion of that data. Submit your request using the form below or by emailing us directly.
Submit Data Deletion RequestWe will acknowledge your request within 48 hours and complete deletion within 30 days, in accordance with Meta's Platform Terms Section 3.d.
3.4 Revoking Access
Merchants can disconnect their Facebook or Instagram account from Hublle at any time from the Hublle dashboard. You can also revoke access directly via Facebook Settings → Settings & Privacy → Settings → Apps and Websites → Hublle → Remove. Upon revocation, all stored access tokens are deleted within 24 hours.
3.5 Sub-Processors
Meta Platform Data may be handled by the following sub-processors solely to operate the Hublle platform. All are bound by data processing agreements prohibiting any independent use of this data.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting for Hublle's backend, database and webhook processing | India (ap-south-1) |
| Cloudflare | CDN and DDoS protection — in-transit only, not stored | Global (in-transit only) |
| Meta Platforms Inc. | API provider — data is accessed via Meta's own infrastructure | USA |
Google Gmail Data
When a merchant connects their Gmail account to Hublle's omnichannel inbox, we access Gmail solely to display incoming emails in the team inbox and to send agent replies from within Hublle. Gmail data is never used for advertising, AI training, or any purpose unrelated to powering the inbox feature.
4.1 What Data We Process
We access and store the following Gmail data, only for emails received after the Gmail connection is established:
- Incoming email content — subject line, sender address, email body and timestamp, stored to display the email in the Hublle team inbox. Retained for 90 days then permanently deleted.
- Sent reply content — the text of replies sent by agents through Hublle, stored for inbox history. Retained for 90 days then permanently deleted.
- Read status — when an agent opens an email in Hublle, we mark it as read in Gmail to prevent duplicate notifications. No email content is accessed or stored for this action beyond what is already captured above.
We do not access emails received before the connection date, Google Contacts, Google Calendar, Google Drive, Gmail drafts, sent folder history, or any Google service data outside of the Gmail inbox.
4.2 How We Use This Data
Gmail data is used exclusively to operate the Hublle team inbox for the connected merchant. Hublle's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
4.3 Revoking Gmail Access
You can revoke Hublle's Gmail access at any time via Google Account → Security → Third-party apps with account access → Hublle → Remove access. Upon revocation, your Gmail OAuth token is deleted from Hublle's systems within 24 hours and no further emails will be fetched.
4.4 Sub-Processors
Gmail data may be handled by the following sub-processors solely to operate the Hublle inbox. All are bound by data processing agreements prohibiting any independent use of this data.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure hosting Hublle's backend and database | India (ap-south-1) |
| Cloudflare | CDN and DDoS protection — in-transit only, not stored | Global (in-transit only) |
| Google LLC | Gmail API provider — data is accessed via Google's own infrastructure | USA |
WhatsApp Business API Data
Hublle operates as a WhatsApp Business API platform. When merchants use Hublle's WhatsApp features, we process the following data on their behalf as a data processor acting under the merchant's instruction.
5.1 Data We Process on Behalf of Merchants
- Customer phone numbers used for WhatsApp automation flows
- WhatsApp conversation content — messages sent and received via automated flows and team inbox
- WhatsApp message template content configured by the merchant
- Automation trigger events (order placed, cart abandoned, COD received, return requested)
- Broadcast list data — phone numbers imported by the merchant for bulk messaging
5.2 Merchant Responsibility
Merchants are solely responsible for obtaining appropriate consent from their customers before sending WhatsApp messages through Hublle. Hublle provides the technical platform — compliance with WhatsApp's Business Policy and applicable messaging laws is the merchant's responsibility.
5.3 Meta's WhatsApp Terms
WhatsApp conversation data processed through Hublle is subject to Meta's WhatsApp Business API terms and Meta's Privacy Policy in addition to this policy. Hublle does not share WhatsApp conversation data with Meta beyond what is required to deliver messages through the WhatsApp Business API.
Shopify Data
When merchants connect their Shopify store to Hublle, we access the following Shopify data to power WhatsApp automation:
| Data Type | Purpose | Stored? |
|---|---|---|
| Order details (ID, items, value, status) | Order notifications, COD verification, returns automation | Yes — 12 months |
| Customer phone numbers | WhatsApp message delivery | Yes — while account active |
| Abandoned cart data | Abandoned cart recovery flows | Yes — 30 days |
| Product catalogue | Product recommendations in WhatsApp flows | Yes — synced periodically |
| Customer email addresses | Account matching and CRM linking | Yes — while account active |
| Payment information | Not accessed — payments handled by Shopify/Razorpay | Never stored |
Shopify data accessed by Hublle is governed by Shopify's Partner Program Agreement and API Terms of Service in addition to this policy. Merchants can disconnect their Shopify store from Hublle at any time from their Hublle dashboard, which will trigger deletion of synced Shopify data within 30 days.
Legal Bases for Processing
We process personal data on the following legal bases under applicable data protection law:
Contract Performance
Processing your account information, billing data and service delivery data is necessary to fulfil our contract with you (our Terms of Service).
Legitimate Interests
We process usage and analytics data on the basis of legitimate interests to improve our product and prevent fraud. We ensure these interests do not override your fundamental rights.
Consent
Where we rely on consent — such as for marketing communications or optional data integrations — you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Legal Obligation
We may process data when required to comply with applicable law, respond to legal process or protect our legal rights.
When We Share Your Data
We do not sell your personal data. We share data only in the following limited circumstances:
8.1 Service Providers
We share data with trusted service providers who process it on our behalf under strict data processing agreements:
- Razorpay — payment processing (India)
- Shopify — billing for App Store merchants
- Meta Platforms — WhatsApp Business API message delivery, Facebook/Instagram integrations
- Google — Gmail integration (processed under Google's terms)
- Amazon Web Services / Cloud providers — infrastructure and hosting
8.2 Business Transfers
In the event of a merger, acquisition or sale of assets, your data may be transferred to the successor entity. We will notify you via email and/or prominent notice before any transfer occurs.
8.3 Legal Requirements
We may disclose data when required by law, court order, or to protect the rights, property or safety of Hublle, our users or the public.
Cookies & Tracking Technologies
Hublle uses cookies and similar technologies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security | Session / 30 days |
| Functional | Remember your preferences, language, dashboard settings | 1 year |
| Analytics | Understand how merchants use the platform to improve features (aggregated, anonymised) | 13 months |
We do not use advertising cookies or third-party tracking cookies for behavioural advertising. You can control cookies via your browser settings. Disabling essential cookies will prevent you from logging in to Hublle.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion request |
| WhatsApp conversation content | 12 months from conversation date |
| Instagram/Messenger inbox messages | 90 days from receipt |
| Gmail inbox messages | 90 days from receipt |
| Facebook lead form data | Duration of account + 90 days |
| Shopify order data | 12 months from order date |
| Billing and payment records | 7 years (legal requirement) |
| Automation logs | 6 months |
| Access tokens (Facebook, Google) | Deleted within 24 hours of revocation |
| Analytics data (aggregated) | 13 months |
When you delete your Hublle account, we initiate deletion of all personal data within 30 days, except where retention is required by law (such as billing records) or where data is stored in backup systems (purged within 90 days).
Data Security
We implement industry-standard security measures to protect your data:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Access tokens encrypted and stored separately from user data
- Role-based access controls — Hublle employees access only data necessary for their role
- Regular security audits and vulnerability assessments
- Two-factor authentication available for all Hublle accounts
Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Email founder@hublle.io |
| Rectification | Request correction of inaccurate personal data | Account settings or email us |
| Erasure | Request deletion of your personal data | Email founder@hublle.io |
| Portability | Receive your data in a structured, machine-readable format | Email founder@hublle.io |
| Restriction | Request restriction of processing in certain circumstances | Email founder@hublle.io |
| Objection | Object to processing based on legitimate interests | Email founder@hublle.io |
| Withdraw Consent | Withdraw consent where processing is consent-based | Account settings or email us |
| Opt-out of Marketing | Unsubscribe from marketing communications | Unsubscribe link in emails or email us |
We will respond to all rights requests within 30 days. We may request identity verification before processing your request. Requests from authorised agents will be processed upon submission of valid authorisation proof.
GDPR — European Economic Area & United Kingdom
If you are located in the EEA or UK, additional rights and protections apply under the General Data Protection Regulation (GDPR) and UK GDPR.
Data Controller
Parcelace Tech Solutions Private Limited is the data controller for personal data processed through Hublle. Our contact details are in Section 18.
International Data Transfers
Your data may be processed in countries outside the EEA, including India and the United States. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission.
Right to Lodge a Complaint
If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority. For EEA residents, find your authority at edpb.europa.eu. For UK residents, contact the Information Commissioner's Office (ICO).
CCPA — California Residents
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
| Category | Collected |
|---|---|
| Identifiers (name, email, phone, IP address) | Yes |
| Commercial information (orders, purchases) | Yes |
| Internet activity (usage logs, feature usage) | Yes |
| Geolocation (country/city level only) | Yes |
| Sensitive personal information | No |
| Biometric information | No |
| Financial information (card numbers) | No — handled by Razorpay/Shopify |
Your CCPA Rights
- Right to Know — request disclosure of personal information collected, used, shared or sold
- Right to Delete — request deletion of your personal information
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale — we do not sell personal information
- Right to Non-Discrimination — we will not discriminate against you for exercising your rights
To exercise CCPA rights, email us at founder@hublle.io or submit a data subject access request at hublle.io/contact-us. We respond within 45 days.
Shine the Light: California Civil Code Section 1798.83 allows California residents to request information about personal data shared with third parties for their direct marketing purposes in the past year. We do not share personal data with third parties for direct marketing.
India — Digital Personal Data Protection Act 2023
Hublle is incorporated in India and complies with the Digital Personal Data Protection (DPDP) Act 2023.
Data Fiduciary
Parcelace Tech Solutions Private Limited is the Data Fiduciary for personal data of Indian residents processed through Hublle.
Your Rights Under DPDP Act
- Right to Information — know what personal data is being processed and for what purpose
- Right to Correction — request correction or updation of inaccurate personal data
- Right to Erasure — request erasure of personal data where consent is withdrawn
- Right to Grievance Redressal — raise a grievance with our Data Protection Officer
- Right to Nominate — nominate another individual to exercise your rights in case of death or incapacity
Consent
Where we process personal data of Indian residents on the basis of consent, we provide clear, plain language notice of the purpose before or at the time of collection. You may withdraw consent at any time by contacting us at founder@hublle.io.
Grievance Officer
For grievances related to processing of personal data of Indian residents, please contact our Grievance Officer at founder@hublle.io. We will acknowledge your grievance within 48 hours and resolve it within 30 days.
Children's Privacy
Hublle is a business-to-business platform intended for use by merchants and businesses. Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18.
If you believe we have inadvertently collected personal data from a child under 18, please contact us immediately at founder@hublle.io and we will delete such data promptly.
Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, services or applicable law. When we make material changes we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to the primary email address on your account
- Display a prominent notice on the Hublle dashboard for 30 days
Your continued use of Hublle after the effective date of an updated policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should stop using Hublle and request account deletion.
We encourage you to review this policy periodically. Previous versions of this policy are available on request by emailing founder@hublle.io.
Contact Us
For any privacy-related questions, requests or complaints, please contact us using the details below. We are committed to resolving your concerns promptly.