Privacy Policy

Done For You Hub ("we," "us," or "our") operates Done For You Hub (the "Service") at https://yourdfyhub.com. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Policy.

2.1 Information You Provide

• Account information: Name, email address, and password when you register.
• Profile information: Any additional details you add to your profile, including business name and industry.
• Payment information: Handled directly by Whop (our payment processor). We do not store your payment card data.
• Communications: Messages you send us for support or feedback.

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, time spent, and interactions with the Service.
• Device information: Browser type, operating system, IP address, and device identifiers.
• Cookies and tracking: See Section 8 (Cookies).

2.3 Business and CRM Data

If you use our CRM integration features, we may process contact information and customer data from your connected systems (including GoHighLevel). You remain the data controller for any customer data you import. We act as a data processor and handle such data only as directed by you. See our Data Processing Addendum (available on request) for details.

2.4 Third-Party Platform Data

When you connect external platforms (Jobber, GoHighLevel, Google Analytics, Search Console, WordPress, and others), we receive data from those platforms on your behalf. The specific data depends on which platforms you connect and which OAuth scopes you authorize. We access only the data within the scopes you authorize and you can disconnect any platform at any time.

We use your information to:

• Provide, maintain, and improve the Service.
• Process transactions and manage your subscription.
• Send transactional emails and account notifications.
• Respond to your support requests and communications.
• Analyze usage patterns to improve features and user experience.
• Run AI-powered audits and analyses of your business data.
• Generate recommendations, insights, and optimization suggestions.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal information to third parties.

We may share your information with:

• Service providers: Third-party vendors who help us operate the Service (hosting, payment processing, email delivery, analytics). These providers are contractually obligated to use your information only as directed.
• Whop: As our payment processor for subscription and credit billing.
• Anthropic, PBC: Our AI provider. Data sent to AI features may be processed by Anthropic in accordance with their privacy policy.
• Connected Platforms: When you authorize an action (or enable auto mode), we transmit data to connected platforms via their APIs only as directed by you.
• Legal requirements: We may disclose information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights or the safety of others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

We do not share your information for advertising purposes.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information, so there is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at support@yourdfyhub.com.

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account cancellation or termination, all OAuth tokens are revoked immediately. Your account data is retained for 30 days to allow reactivation, then permanently deleted. We delete or anonymize your personal information within 90 days of cancellation, except where retention is required by law.

We implement multiple layers of security to protect your information:

• All OAuth tokens and API credentials are encrypted at rest using AES-256-GCM with per-tenant HKDF-derived keys.
• Row-Level Security (RLS) is enforced on all tenant-scoped database tables.
• Passwords are hashed with bcrypt. Authentication uses JWT tokens.
• All data in transit is encrypted via TLS/HTTPS.
• Webhook endpoints verify HMAC signatures before processing.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We use cookies and similar tracking technologies to:

• Keep you logged in to the Service.
• Remember your preferences.
• Analyze usage patterns to improve the Service.
• Understand how users interact with the Service through behavioral analytics.

Microsoft Clarity: We use Microsoft Clarity, a behavioral analytics tool, to understand how users interact with our website through session recordings, heatmaps, and anonymized usage analytics. Clarity collects data such as mouse movements, clicks, scroll behavior, and page navigation. IP addresses are anonymized and no personally identifiable information (PII) is collected by Clarity. For more information, see Microsoft's Privacy Statement.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

We do not use third-party advertising cookies or tracking pixels for advertising purposes. We do not use Google Analytics on the Application itself (we use Google Analytics data only from your connected accounts, for your benefit).

The Service integrates with third-party platforms including GoHighLevel, Google (Analytics, Search Console, Ads, Business Profile, YouTube, Contacts, Sheets), WordPress, and Jobber. We comply with each connected platform's developer terms and API usage policies, including Google's Limited Use requirements. We access Google user data only to provide the Service features you have requested and do not use Google data for advertising or transfer it to third parties except as necessary to provide the Service.

Your information may be transferred to and processed in the United States. If you are located outside the United States, your use of the Service constitutes consent to transfer your information to the United States.

You may:

• Access and update your account information through your account settings.
• Delete your account by contacting us at support@yourdfyhub.com. We will delete your data within 90 days (immediate deletion available on request — processed within 10 business days).
• Opt out of marketing emails by clicking the unsubscribe link in any marketing email.
• Request a copy of your personal data in JSON format by contacting us.
• Disconnect connected platforms at any time through the dashboard, which immediately revokes stored OAuth tokens.

Our Service is designed for business use and is not intended for individuals under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us at support@yourdfyhub.com and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

For privacy-related questions or to exercise your rights:

Done For You Hub
Email: support@yourdfyhub.com
Website: https://yourdfyhub.com