Privacy Policy

Last updated: March 2025

This Privacy Policy explains how DHub ("we", "us", or "our") collects, uses, and protects your personal data when you use Dhub at dhub.dev and related services (together, "the Service"). We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR) and applicable Lithuanian and EU data protection law.

1. Data Controller

DHub is the data controller responsible for your personal data. You can contact us at hello@dhub.dev for any privacy-related questions.

2. Data We Collect

Account Data

When you sign up, we collect your name, email address, and authentication credentials (or OAuth tokens if you sign in via GitHub).

Usage and Analytics Data

We use PostHog to collect anonymised product analytics, including pages visited, features used, session duration, and interaction events. This helps us understand how the Service is used and where to improve it. PostHog is configured to respect your privacy and does not sell your data.

Technical Data

We automatically collect standard log data such as IP address, browser type, operating system, and referring URLs when you access the Service. This data is processed by Amazon Web Services (AWS), our cloud infrastructure provider.

GitHub Integration Data

If you connect a GitHub account or repository, we access the content and metadata within the scope of the permissions you grant (e.g. repository contents, commit history). This data is used solely to provide the Service's editing and sync functionality and is not used for any other purpose.

Communications

If you contact us by email, we retain your messages and contact details to respond to your enquiry and for our records.

3. How We Use Your Data

We process your personal data to:

• Provide, maintain, and improve the Service;
• Manage your account and subscription;
• Process payments and send transactional communications;
• Monitor performance, security, and reliability of the Service;
• Analyse usage patterns to improve product features;
• Comply with legal obligations.

4. Legal Basis for Processing

We rely on the following legal bases under the GDPR:

• Contract performance — processing necessary to provide the Service under our Terms and Conditions;
• Legitimate interests — analytics and security monitoring to operate and improve the Service;
• Legal obligation — where processing is required by law;
• Consent — where you have explicitly opted in (e.g. marketing communications, if applicable).

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted sub-processors necessary to deliver the Service:

• Amazon Web Services (AWS) — cloud hosting and infrastructure (data may be stored in EU or US regions);
• PostHog — product analytics (EU-hosted instance where available);
• GitHub, Inc. — for repository access where you choose to connect a GitHub account;
• Payment processors — for billing (subject to their own privacy policies).

All sub-processors are required to process your data only on our instructions and in compliance with applicable data protection law.

6. International Data Transfers

Some of our sub-processors (including AWS and GitHub) may transfer data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymise your personal data within 90 days, unless we are required by law to retain it longer. Anonymised analytics data may be retained indefinitely.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you;
• Rectification — ask us to correct inaccurate data;
• Erasure — request deletion of your data ("right to be forgotten");
• Restriction — ask us to restrict processing of your data;
• Portability — receive your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at hello@dhub.dev. We will respond within 30 days. You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (VDAI).

9. Cookies

We use cookies and similar technologies for session management and analytics (via PostHog). You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10. Security

We implement industry-standard technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at hello@dhub.dev.