Privacy Policy

Last updated: April 25, 2026Effective date: April 25, 2026

This Privacy Policy describes how Hubflo Corp. ("Hubflo," "we," "us," or "our") collects, uses, discloses, and protects information when you use WinPal (the "App"), our website at winpal.app, and related services (together, the "Services"). WinPal is operated by Hubflo Corp., the U.S. subsidiary of Hubflo.

WinPal helps independent service professionals create estimates and invoices, send them to their clients, and collect payments. This Policy covers three groups of people whose information we handle:

  • Pros — the service professionals who sign up for and pay for the Services.
  • Clients — the customers of Pros, whose information Pros add to estimates and invoices.
  • Visitors — anyone who browses our marketing website.

If you are a Client and have questions about why your information is in the Services, please contact the Pro who is serving you. With respect to Client information, Hubflo acts as a "processor" (under GDPR) or "service provider" (under CCPA) on the Pro's behalf. The terms governing that relationship are in our Data Processing Addendum.

1. Summary

Who we areHubflo Corp., a Delaware corporation, headquartered at 1411 Broadway, New York, NY 10018. WinPal is operated by Hubflo Corp., the U.S. subsidiary of Hubflo.
Contactprivacy@winpal.app
Data controllerHubflo (for Pro and Visitor data); the Pro (for Client data they enter into the Services)
PaymentsProcessed by Stripe via Stripe Connect Standard. Hubflo is not the payment processor and does not store card numbers.
AI featuresWe use OpenAI, Anthropic, and Google (Gemini) to generate estimates from photos. We do not send identifiable personal information to AI providers, and none of our AI providers train on our customers' content.
International transfersWe transfer data to the United States and other countries. Standard Contractual Clauses and the EU-U.S. Data Privacy Framework apply where required.
Your rightsAccess, correct, delete, port, object, restrict processing, withdraw consent. In-app deletion is available.
ChildrenServices are not directed to anyone under 18.

2. Information we collect

2.1 Information you provide

Account and billing (Pros): Name, email, phone number, password, business name, business address, tax ID (if you provide one), subscription plan, and billing history. Payment card details for your subscription are collected and stored by Stripe (or by Apple / Google if you subscribe through the App Store or Google Play) on our behalf — we do not see or store your full card number.

Profile and business content (Pros): Company logo, service areas, pricing, line items, branding settings, and any other content you choose to add.

Client information you enter (Pros): When you create an estimate or invoice, you enter information about your Client, such as name, email, phone number, service address, and job details. You are responsible for the accuracy of this information and for having a lawful basis to share it with us. With respect to this information, you are the controller and Hubflo is the processor.

Photos and media (Pros): Photos you capture or upload for use in estimates, job records, and branding.

Communications: Messages you send to our support team, responses to surveys, and feedback.

2.2 Information collected automatically

Device and usage data: Device type, operating system and version, app version, unique device identifiers, IP address, approximate location (derived from IP), language, time zone, referring page, pages and screens viewed, features used, and timestamps.

Crash and performance data: When the app crashes or errors occur, we collect diagnostic data (stack traces, device state, app version) via Sentry to fix bugs.

Product analytics: We use PostHog to understand how Pros use the app — which features are used, where users drop off, and how to improve the product.

Marketing analytics (website only): On our marketing website, we use Meta (Facebook) Pixel and Google Ads conversion tracking to measure the effectiveness of our ads. These are not present inside the app itself.

Subscription management: We use RevenueCat to manage in-app subscriptions and sync subscription state between Apple, Google, and our systems.

2.3 Information from third parties

Apple / Google (in-app purchases): When you subscribe through the App Store or Play Store, Apple or Google tells us that a purchase occurred and shares a transaction receipt. They do not share your payment card with us.

Stripe (client payments): When your Client pays an invoice, Stripe tells us the payment status and the last four digits of the card used. Stripe holds the card data under its own terms.

Auth providers: If you sign in with Apple or Google, we receive the name and email you authorize them to share.

3. Permissions we request (mobile app)

We request the following device permissions. You can revoke any of them in your device settings at any time.

  • Camera and photo library — to let you capture or choose photos for estimates, job records, and client records. We do not access your photos without your action.
  • Push notifications — to alert you when a client views an estimate or invoice, a payment is received, or an estimate is about to expire.
  • Contacts — only if you tap "Import from Contacts" to add a client. We only access contacts you select and do not upload your full address book.
  • Location — we do not request device location at launch.

4. How we use information

Providing the Services. Creating and managing your account; sending estimates, invoices, reminders, and receipts; generating PDFs; syncing data between your devices; managing your subscription; processing payments through Stripe.

AI features. When you use AI-assisted estimating, we send the photo and relevant non-identifying project context to our third-party AI providers — OpenAI, Anthropic, and/or Google (Gemini) — to produce a draft. AI features are off by default and require your explicit in-app consent before any data is sent to an AI provider. You can review and revoke consent at Settings → Privacy → AI features.

Communications. Sending transactional messages (account, billing, security, and product-notification emails); responding to your support requests; sending SMS reminders via Twilio when you or your Client have opted in; orchestrating multi-channel notifications via Novu; sending marketing emails via Resend — you can opt out at any time.

Product improvement. Understanding how Pros use the app, which features work, which don't, and where to invest. We rely on aggregated and de-identified analytics wherever possible.

Security and fraud prevention. Detecting and preventing fraud, abuse, unauthorized access, and violations of our Terms.

Legal and compliance. Complying with tax, accounting, anti-money-laundering, and other legal obligations; responding to lawful requests from authorities; enforcing our Terms.

Advertising (website only). Measuring the performance of our marketing campaigns and reaching people who are likely to benefit from the Services. We do not run third-party advertising inside the app.

5. Legal bases (for users in the EEA, UK, and Switzerland)

We process personal data under the following legal bases under GDPR:

  • Contract — to provide the Services you signed up for.
  • Legitimate interests — to improve the Services, prevent fraud, secure our systems, and for direct marketing of similar products (you can object at any time).
  • Consent — for non-essential cookies, marketing emails where consent is required, and certain optional features. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other laws.

6. How we share information

We do not sell personal information. We share information in the following circumstances:

Service providers (processors). We share data with vendors that help us run the Services. Each is bound by a written data-processing agreement.

VendorPurposeData categories
SupabaseDatabase, auth, backendAll stored app data
VercelAPI hostingRequest data, logs
StripeSubscription billing + Client payments via Connect StandardBilling identifiers, payment metadata
RevenueCatMobile subscription managementSubscription state, pseudonymous user ID
Apple / GoogleIn-app purchase infrastructurePurchase receipts
OpenAI, Anthropic, Google (Gemini)AI estimate generationPhotos, project context (no identifiable PII)
ResendTransactional and marketing emailEmail address, email content
NovuNotification orchestrationUser ID, notification content
TwilioSMS remindersPhone number, message content
ExpoPush notification deliveryPush token, notification payload
PostHogProduct analyticsPseudonymous event data
SentryCrash and error reportingDiagnostic data, device state
Meta, Google AdsWebsite advertising measurementWebsite events (not in-app)

Business transfers. If Hubflo is acquired, merged, or sells substantially all of its assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

Legal. We may disclose information when we reasonably believe disclosure is required by law, subpoena, court order, or other legal process; to protect the rights, property, or safety of Hubflo, our users, or others; or to investigate fraud or security incidents.

With your consent. For anything else, we'll ask first.

7. Payments — important disclosures

Payments on the Services are handled by Stripe in two separate ways:

Your subscription to WinPal. When you pay your monthly or annual subscription on the web, Stripe processes that payment as our payment processor.

Client payments on your invoices. When you enable payment collection on invoices, your Clients pay directly through Stripe Connect Standard. In this arrangement:

  • Stripe, not Hubflo, is the payment processor. Hubflo does not touch, hold, or process your Clients' payment card data.
  • You enter into a direct relationship with Stripe. When you connect your Stripe account, you accept Stripe's Connected Account Agreement and Services Agreement.
  • Stripe may obtain information from credit agencies to verify your identity.
  • Refunds, disputes, chargebacks, payouts, and tax reporting on Client payments are handled between you and Stripe.

8. Data retention

  • Active accounts — for the life of your account.
  • After account deletion — most personal data is deleted within 30 days. Some data is retained longer to comply with legal obligations (for example, tax and accounting records for up to 7 years).
  • Backups — data persists in encrypted backups for up to 90 days after deletion from production, after which it is overwritten.
  • Marketing lists — until you unsubscribe, plus 30 days to process the request.
  • Support tickets — 3 years after resolution.

9. Your rights

Depending on where you live, you have some or all of the following rights:

  • Access — get a copy of the personal data we hold about you.
  • Correction — correct inaccurate or incomplete data.
  • Deletion — delete your account and associated personal data. You can initiate account deletion from within the app at Settings → Account → Delete Account. We will delete your data within 30 days, subject to the retention exceptions in Section 8.
  • Portability — receive your data in a portable format.
  • Object or restrict — object to or restrict certain processing, including direct marketing.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time without affecting prior processing.
  • Non-discrimination — we will not discriminate against you for exercising your rights.

To exercise any of these rights, email privacy@winpal.app. We will respond within the time required by applicable law (generally 30–45 days). We may need to verify your identity before fulfilling a request.

EEA / UK users: you have the right to lodge a complaint with your local data protection authority.

California users (CCPA/CPRA): You have the right to know, delete, correct, limit use of sensitive personal information, and opt out of "sale" or "sharing" of your personal information. We do not sell personal information. We do use Meta Pixel and Google Ads on our marketing website, which may constitute "sharing" for cross-context behavioral advertising under CPRA. You can opt out by using Global Privacy Control. We will honor GPC signals.

Other US states: You have similar rights under your state's privacy law. To exercise them, email privacy@winpal.app.

10. Security

We use administrative, technical, and physical safeguards to protect personal data. Measures include:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Row-level security on our database.
  • Access controls, least-privilege permissions, and audit logging.
  • Regular security reviews and penetration testing.
  • PCI compliance by Stripe for all payment-card processing.
  • Incident-response procedures and breach notification in accordance with applicable law.

No system is perfectly secure. You are responsible for keeping your password confidential.

11. International data transfers

Hubflo is based in the United States. If you use the Services from outside the United States, your information will be transferred to, processed in, and stored in the United States and other countries where our vendors operate.

For transfers from the EEA, UK, or Switzerland, we rely on:

  • The EU-U.S. Data Privacy Framework (where a recipient is certified), and
  • Standard Contractual Clauses (and UK IDTA / addendum where applicable) for transfers to other countries.

You can request a copy of our transfer mechanisms by emailing privacy@winpal.app.

12. Children

The Services are not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at privacy@winpal.app and we will delete it.

13. Do Not Track and Global Privacy Control

Our marketing website responds to Global Privacy Control (GPC) signals as an opt-out of "sharing" under CPRA. We do not respond to traditional "Do Not Track" browser signals because there is no industry standard for how to interpret them.

14. Third-party links

The Services may contain links to third-party websites or services. We are not responsible for those sites. Their privacy practices are governed by their own policies.

15. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by email, in the app, or by posting a prominent notice before the change takes effect. The "Last updated" date at the top reflects the most recent version.

16. Contact

Hubflo Corp.
1411 Broadway
New York, NY 10018
privacy@winpal.app

WinPal is operated by Hubflo Corp., the U.S. subsidiary of Hubflo. For general questions, contact hello@winpal.app.