Privacy Policy

1. Introduction

Aptitude 8 ("we", "us", or "our") operates Aggreg8, a cross-portal HubSpot reporting platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect information provided through our authentication provider (Clerk), which may include your name, email address, and organization details.

HubSpot Data

When you connect a HubSpot portal, we access the following data in read-only mode via the HubSpot API:

• Deals — deal name, amount, close date, create date, deal stage, pipeline, and owner information
• Contacts — first name, last name, email, create date, lifecycle stage, lead status, and analytics source
• Companies — name, create date, lifecycle stage, and associated deal information
• Pipelines & Stages — pipeline definitions and stage configurations

We do not write, modify, or delete any data in your HubSpot portals. All HubSpot data is fetched live at the time of each request and is not stored or cached in our database.

Data We Store

We store the following in our database:

• OAuth tokens (encrypted with AES-256-GCM) for maintaining your HubSpot portal connections
• Portal connection metadata (portal ID, portal name)
• Configuration settings (pipeline categories, lifecycle stage mappings)
• Organization and membership information

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — generating unified reports across your connected HubSpot portals
• Authenticate your identity and manage your account and organization
• Maintain and improve the Service, including troubleshooting and security monitoring
• Communicate with you about your account, support requests, and service updates

We do not sell, rent, or share your personal information or HubSpot data with third parties for marketing purposes.

4. Third-Party Services

The Service integrates with the following third-party providers:

• HubSpot — CRM data access via OAuth. Governed by HubSpot's Privacy Policy
• Clerk — Authentication and user management. Governed by Clerk's Privacy Policy
• DigitalOcean — Application hosting and managed database with encryption at rest

5. Data Security

We take the security of your data seriously and implement the following measures:

• OAuth tokens are encrypted using AES-256-GCM before storage
• Database hosted on DigitalOcean Managed PostgreSQL with encryption at rest
• All data transmitted over HTTPS/TLS
• Role-based access control within organizations via Clerk
• Application monitoring and error tracking via Sentry

6. Data Retention

We retain your account information and portal connection data for as long as your account is active. HubSpot CRM data is not stored — it is fetched live from HubSpot on each request. When you disconnect a portal or delete your account, we remove the associated OAuth tokens and configuration data from our database.

7. Your Rights

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Revoke access — disconnect your HubSpot portals at any time from within the Service or from your HubSpot account settings

To exercise any of these rights, contact us at [email protected].

8. Cookies

The Service uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Our authentication provider (Clerk) may set cookies necessary for secure sign-in functionality.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].