Privacy Policy

1. Introduction and Scope

Plugivo (“Plugivo,” “we,” “our,” or “us”) is committed to protecting the privacy and security of the personal information we handle. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use the Plugivo HubSpot App Marketplace and any applications or integrations offered through it (collectively, the “Services”).

This Policy applies to all users of our Services, including HubSpot portal administrators, end users, and visitors to our website at plugivo.com and app.plugivo.com.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

• Account registration details (name, email address, company name)
• Billing and payment information (processed and stored by Paddle; we do not store card data)
• Support requests, feedback, and communications

2.2 Information Collected via HubSpot

• HubSpot Portal ID and OAuth access tokens (used solely for authentication and app functionality)
• CRM record identifiers accessed during app operations
• App usage metrics and feature interaction logs

2.3 Information from Third-Party Sources

• Public business data retrieved from the Australian Business Register (ABR) API in connection with our ABN Verification service
• Authentication data passed via HubSpot's OAuth 2.0 framework

2.4 Technical and Usage Data

• IP addresses and browser/device information
• Pages visited, session duration, and interaction logs
• Error logs and diagnostic information

3. How We Use Your Information

We use collected information for the following lawful purposes:

• Service Delivery: To authenticate your identity, provision your subscription, and operate app functionality within your HubSpot portal
• Billing & Payments: To manage your subscription and process payments via our third-party payment processor, Paddle
• Communications: To send transactional emails including receipts, renewal notices, usage alerts, and support responses
• Product Improvement: To analyze usage patterns and improve the performance, reliability, and features of our Services
• Security & Compliance: To detect and prevent fraud, abuse, or unauthorized access
• Legal Obligations: To comply with applicable laws, regulations, or lawful government requests

We do not use your information for advertising purposes, and we do not sell your personal data to any third party.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers (Sub-Processors)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or regulatory authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Plugivo, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you prior to your information becoming subject to a different privacy policy.

5. Data Retention

We retain personal data for as long as your account is active or as necessary to provide the Services. Upon account termination, we will delete or anonymize your data within 90 days, except where we are required to retain it for legal or financial compliance purposes.

6. Data Security

We implement industry-standard technical and organizational security measures to protect your information, including:

• TLS/SSL encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Access controls and role-based permissions for internal systems
• Regular security reviews and vulnerability assessments

Despite these measures, no system is completely immune to security risks. We encourage you to use strong, unique passwords and notify us immediately at security@plugivo.com if you suspect any unauthorized access.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
• Right to Restriction: Request that we limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes

For users in the United Kingdom and European Union (UK GDPR / GDPR): You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data lawfully.

For users in California (CCPA): You have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information (we do not sell personal information).

To exercise any of these rights, please contact us at privacy@plugivo.com. We will respond within 30 days.

8. Cookies and Tracking Technologies

We use essential cookies to maintain your authenticated session and ensure core functionality. We do not use third-party advertising cookies or tracking pixels. For full details, please refer to our Cookie Policy.

9. Children's Privacy

Our Services are intended for business professionals and are not directed at children under the age of 16. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately at privacy@plugivo.com.

10. International Data Transfers

Plugivo operates globally. Your data may be transferred to and processed in countries other than your own, including the United States and the United Kingdom. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as required under GDPR.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes via email or a prominent notice on our platform at least 14 days before the changes take effect.