This Privacy Policy explains how DMHub Inc. (“DMHub”, “we”, “us”) collects, uses, and protects information when you use our platform at dmhub.ai. We process data responsibly and in line with applicable law, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Information We Collect

Account and profile data. When you sign up, we collect your name, email address, and business details. If you sign in via a social provider (Google, Apple, Facebook, GitHub), we receive the profile information that provider shares with us.

Usage data. We collect logs of actions you take on the platform — pages visited, features used, button clicks, and errors encountered. This helps us improve the product and diagnose issues.

Channel and customer data. DMHub connects to messaging channels on your behalf (WhatsApp, SMS, email, web chat). The customer contact records, conversation history, and message content you manage through DMHub are your business data. We process this data to operate the service but do not use it for our own purposes.

Payment data. Billing is handled by Stripe. We store your subscription status and Stripe customer ID but never see raw card numbers or full bank details.

How We Use It

We use your data to operate and improve the DMHub platform: creating and managing your account, processing payments, delivering messages through your connected channels, powering AI features, and sending transactional emails (receipts, security alerts, feature updates).

We may use aggregated and anonymized usage data to understand how the product is used and to make it better. We do not sell your personal data to third parties, and we do not use your customer message content to train AI models.

We may contact you about your account, service changes, or — if you have opted in — product news. You can unsubscribe from marketing emails at any time.

Legal Basis (GDPR Art. 6)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your data under the following legal bases:

Contract (Art. 6(1)(b)). Processing necessary to provide the service you signed up for — account management, message delivery, billing.
Legitimate interests (Art. 6(1)(f)). Security monitoring, fraud prevention, product analytics (where your interests do not override ours), and service-improvement research.
Consent (Art. 6(1)(a)). Marketing emails and non-essential cookies, where you have explicitly opted in.
Legal obligation (Art. 6(1)(c)). Where we are required by law to retain or disclose data.

Third-Party Processors

We share data only with trusted vendors who help us run the platform. Each sub-processor is contractually bound to protect your data and use it only for the purpose we specify.

Neon — Postgres database hosting (user and customer data at rest)
Vercel — Application hosting and edge functions
Stripe — Payment processing and subscription management
Twilio — SMS and WhatsApp message delivery
Meta (WhatsApp Cloud API) — WhatsApp Business message routing
Resend — Transactional email delivery
Cloudflare — CDN, R2 file storage, and DDoS protection
PostHog — Product analytics (anonymized where possible)
Sentry — Error monitoring and diagnostics
Pusher — Real-time WebSocket events
Inngest — Background job processing
Loops — Marketing email sequences (opted-in users only)

International Transfers

DMHub is based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or another country that may not offer the same level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on the EU-US Data Privacy Framework where applicable.

Our Data Processing Addendum (DPA) — available at /legal/dpa — sets out these safeguards in detail and is incorporated by reference into our Terms of Service.

Data Retention

We keep your account data for as long as your account is active or as needed to provide the service. If you close your account, we delete or anonymize your personal data within 90 days, except where we are required by law to retain it longer (for example, financial records may be kept for up to 7 years).

Customer message content managed through your DMHub inbox is retained until you delete it or request erasure. Automated backups are purged within 30 days after deletion.

Your Rights

Depending on where you live, you have the following rights regarding your personal data. We respond to all requests within 30 days.

Access. Request a copy of the personal data we hold about you.
Rectification. Ask us to correct inaccurate or incomplete data.
Erasure. Request deletion of your personal data (“right to be forgotten”).
Portability. Receive your data in a machine-readable format.
Restriction. Ask us to pause processing while a dispute is resolved.
Objection. Object to processing based on legitimate interests or for direct marketing.
Withdrawal of consent. Withdraw any previously given consent at any time.

To exercise any right, email us at privacy@dmhub.ai or use the data export/delete controls in your account settings. If you are in the EEA, you also have the right to lodge a complaint with your local supervisory authority.

Children

DMHub is a business platform not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us at privacy@dmhub.ai and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a notice in the dashboard at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

DMHub Inc., 548 Market St, San Francisco, CA 94104.
Email: privacy@dmhub.ai
For EU/UK data subjects, our EU representative can be contacted via the same email.