Privacy Policy
Last updated: March 2, 2026
1. Introduction
Hubbi ("we", "our", or "us") operates the Hubbi healthcare coordination platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web and mobile applications.
We take the privacy and security of your health-related information extremely seriously. Please read this policy carefully. By using the Service, you consent to the practices described herein.
2. Information We Collect
2.1 Information You Provide
- Account information (name, email address)
- Family member and patient profiles
- Medication schedules and tracking logs
- Appointment details and medical facility information
- Uploaded medical documents and records
- Doctor access permissions and collaboration data
- Notification preferences
2.2 Information Collected Automatically
- Device information (browser type, operating system)
- Usage data (pages visited, features used, timestamps)
- IP address and approximate location
- Error and performance data (via Sentry)
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Send medication reminders and appointment notifications
- Facilitate family coordination and doctor collaboration
- Send transactional emails (invitations, confirmations, alerts)
- Monitor and fix errors and performance issues
- Respond to your support requests
- Comply with legal obligations
4. Data Storage and Security
Your data is stored in a PostgreSQL database hosted by Supabase with enterprise-grade security measures including:
- Encryption at rest and in transit (TLS 1.2+)
- Row Level Security (RLS) policies ensuring users can only access their own data
- Regular automated backups with point-in-time recovery
- SOC 2 Type II compliant infrastructure
Authentication is handled via secure magic links and OAuth providers (Google, Apple). We do not store passwords.
5. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase | Database, authentication, file storage | All user data |
| Vercel | Web application hosting | Request logs, IP addresses |
| Resend | Transactional emails | Email addresses, email content |
| Twilio | SMS notifications | Phone numbers, message content |
| Sentry | Error monitoring | Error data, device info, IP address |
| Google / Apple | OAuth authentication | Email, name (from OAuth profile) |
6. Data Sharing
We do not sell your personal data. We share data only in the following circumstances:
- Within your family group: Family members you invite can see shared patient data based on their assigned role (admin, caregiver, or viewer).
- With doctors you authorize: Healthcare providers you grant access to can view relevant patient records.
- With service providers: As described in Section 5, strictly for operating the Service.
- Legal requirements: When required by law, regulation, or legal process.
7. Data Retention
We retain your data for as long as your account is active. After account deletion:
- Personal data is deleted within 30 days
- Backups containing your data are purged within 90 days
- Anonymized, aggregated data may be retained for analytics
- Data required for legal compliance may be retained as required by law
8. Your Rights (GDPR)
If you are in the European Economic Area, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Data Portability: Request an export of your data in a machine-readable format
- Restriction: Request limitation of processing of your data
- Objection: Object to processing of your data
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at privacy@hubbihealth.com. We will respond within 30 days.
9. Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication and security (Supabase auth tokens). These cannot be disabled.
- Error tracking: Sentry uses cookies and local storage to correlate error reports for debugging purposes.
We do not use advertising or marketing cookies. We do not track users across third-party websites.
10. HIPAA Applicability
Hubbi is designed to help families coordinate healthcare. While we implement strong security practices including encryption, access controls, and audit logging, Hubbi is not currently a HIPAA-covered entity or business associate. The Service is intended for personal and family use to coordinate care, not for use by healthcare providers as part of their clinical operations.
If you are a healthcare provider considering Hubbi for clinical use, please contact us to discuss a Business Associate Agreement (BAA).
11. Children's Privacy
The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. Patient profiles for minors should be created and managed by their parent or legal guardian.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: