Privacy Policy

OfficeHubb ("we," "us," or "our") operates the OfficeHubb platform at officehubb.net and related subdomains (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have. It applies to two categories of people: our customers (insurance agencies and their team members) and the prospects and clients whose information our customers store in the Service.

For information our customers provide about themselves and their team (account info, billing, support communications), we act as the data controller.

For information our customers store in the Service about their insurance prospects and policyholders, the customer agency is the data controller and we act as the data processor on the customer's behalf. We process that data only as instructed by the customer and as needed to operate the Service.

If you are a prospect or policyholder of an OfficeHubb customer agency and want to access, correct, or delete your information, please contact that agency directly. We will work with the agency to honor verified requests.

Account information. Name, email address, profile photo, and authentication credentials managed through Clerk.

Agency information. Agency legal name, brand name, address, phone, website, logo, business hours, Google Business Profile metadata.

Team data. Roles, memberships, internal chat messages, internal notes, dashboard preferences, sign-in events, daily activity events.

Billing information. Subscription tier, billing cycle, Stripe customer and subscription IDs. Card details are tokenized by Stripe; we do not store full card numbers.

Usage data. Log data such as IP address, browser type, pages visited, feature usage, and error reports, used to operate, secure, and improve the Service.

Support communications. Messages you send through the in-app support chat, including any context (current page, agency settings) we attach to help our team respond.

Our customers use the Service to operate their insurance business. The information they collect through the Service includes:

• Identity (first/last name, date of birth)
• Contact information (phone, email, mailing address)
• Vehicle and property details (make, model, year, address, photos, square footage, year built)
• Driver and household information (spouse, additional drivers)
• Policy information (carrier, policy number, effective date, prior coverage)
• Quote and sales records, commission data, and notes
• Files and photos uploaded by the prospect or by the agency (e.g. driver's license images, property photos, declarations pages)
• Chat transcripts between the prospect and the agency or the AI intake assistant

We process this data only as instructed by the customer agency.

We use cookies and similar technologies for two purposes:

Essential operation. Authentication and session management (set by Clerk and by the Service). Stripe sets its own cookies during checkout for fraud prevention.

Visitor analytics and CRM engagement.We use HubSpot's tracking code on our marketing site to understand how visitors find and use our content, and to associate site activity with contacts we already have in our CRM (for example, when a prospect clicks a link from one of our outreach emails). HubSpot honors the browser "Do Not Track" signal. You can opt out by clearing cookies from hs-scripts.com and hubspot.com, or by enabling DNT in your browser before visiting.

We do not use third-party advertising or retargeting trackers (no Google Ads, Meta Pixel, or similar). We do not sell or share personal information for cross-context behavioral advertising.

• Provide, maintain, secure, and improve the Service
• Process subscription payments via Stripe and partner payouts via PayPal
• Power AI features (described in Section 7) using Anthropic's Claude models
• Send transactional emails (account, billing, security, support) via Resend
• Facilitate agency-configured integrations such as Google Reviews
• Respond to support requests and troubleshoot reported issues
• Detect, prevent, and respond to fraud, abuse, or violations of our Terms
• Generate de-identified, aggregated analytics to operate and improve the Service

We do not sell personal information. We do not use your client data to train third-party AI models.

Several features send data to Anthropic, PBC for processing under their enterprise terms (no model training on our data):

• Prospect intake chatbot — sends each prospect's answers (name, phone, email, product interest, vehicle/home details, etc.) to generate the next question and a structured intake summary.
• In-app support assistant — sends your support question along with non-sensitive account context (your role, tier, current page) to draft a response.
• Text enhancement — sends the agency name or description text you submit for polishing.
• Dashboard suggestions cron — sends summarized sales metrics (no client names or PII) to generate daily insights.
• Google connection helper — sends the agency name and address fields you supply.

The following providers act as data processors on our behalf, with access to only the minimum data they need:

• Clerk — authentication and identity management
• Supabase — database hosting, file storage, and realtime infrastructure
• Vercel — application hosting
• Stripe — payment processing
• PayPal — partner payout processing (when applicable)
• Anthropic — AI processing for features described above
• Resend — transactional email delivery
• Google — Places API and Reviews integration when configured by an agency
• HubSpot — marketing-site visitor analytics, CRM, and outreach engagement (marketing site only; not used to process customer or prospect data inside the Service)

Each provider maintains its own privacy policy. We do not sell personal information to any of them.

When you provide your mobile phone number through an opt-in surface operated by an OfficeHubb customer agency (the public quote form, verbal consent recorded by an agency representative, or another opt-in path), your mobile number and SMS opt-in data are used solely to send you SMS messages about your insurance quote, policy updates, and renewals from the agency you opted in with. The agency is the registered sender (TCR brand) for those messages; OfficeHubb operates as the agency's data processor and SMS infrastructure provider.

Mobile information (including phone numbers and SMS opt-in / consent data) will not be shared with third parties or affiliates for promotional or marketing purposes. Mobile information is shared only with our SMS infrastructure provider (Telnyx) as needed to deliver the messages you opted in to receive, and with the agency representative responsible for your account.

You can opt out at any time by replying STOP to any message. Reply HELP for help. Standard message and data rates may apply. Message frequency may vary.

We retain account data for as long as the account is active. Some objects (such as soft-deleted pipeline cards and chat threads) are retained for a configurable period to allow recovery, then removed. When an account is deleted, we remove personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as billing records, fraud prevention, or audit logs).

We use industry-standard safeguards including TLS for data in transit, encrypted storage at rest, access controls, audit logging, and authentication via a third-party identity provider. Internal access to customer data is limited to staff who need it to operate or support the Service, and platform-support sessions that view a customer account are audit-logged and read-only. No system can be guaranteed 100% secure; you remain responsible for keeping your credentials confidential and for setting appropriate roles within your agency.

The Service is operated in the United States and customer data is stored on servers located in the United States. By using the Service from outside the United States you acknowledge that your information will be transferred to and processed in the United States.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your information
• Object to or restrict certain processing
• Receive a copy of your information in a portable format
• Withdraw consent where processing is based on consent

To exercise these rights as a customer, contact us through our contact page. As a prospect or client of an OfficeHubb customer agency, please contact that agency directly; we will assist them in honoring verified requests.

If you are a California resident, you have the rights described in Section 13 above, plus the right to know the categories and specific pieces of personal information we have collected, and the right to opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.

The Service is not directed to anyone under 18 and we do not knowingly collect personal information from children. Our customers are responsible for ensuring that intake forms they configure are not used to collect information from minors without appropriate consent.

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. We will notify you of material changes by email or in-app notice and, where appropriate, ask you to re-accept the updated policy.

If you have questions about this Privacy Policy or our practices, reach us through our contact page, or, if you're signed in, through the in-app support chat.