Privacy Policy

Last updated: March 9, 2026

Introduction

ParentChild ("we", "our", "us") provides a HubSpot integration that automatically creates parent-child company associations based on domain hierarchy. This Privacy Policy describes how we collect, use, and protect information when you use our service.

Information We Collect

HubSpot OAuth Tokens

When you install ParentChild, we receive OAuth access and refresh tokens from HubSpot. These tokens are necessary to read company domain data and create associations on your behalf.

Company Data (Transient)

ParentChild reads two company properties from your HubSpot portal: domain and name. This data is processed transiently in server memory only for the duration of the request and is not stored, logged, or persisted outside of HubSpot.

Usage Data

We track the number of parent-child associations created per billing cycle per portal for the purpose of enforcing free tier limits. We store: portal ID and association count. No company-specific data is included.

How We Use Information

• OAuth tokens: To authenticate API requests to HubSpot on your behalf (reading company domains, creating associations)
• Company domain/name data: Processed in-memory to find parent companies and create associations. Not stored.
• Usage counts: To enforce free tier limits (100 associations/billing cycle)

Data Storage

• OAuth tokens are stored in Supabase (hosted on AWS infrastructure in the United States)
• No company data is persisted outside of HubSpot
• Usage counts are stored in Supabase

Data Retention

• OAuth tokens are retained while your app installation is active
• When you uninstall ParentChild, all stored data (tokens, usage records) is immediately and permanently deleted
• We do not retain any data after uninstallation

Data Sharing

We do not sell, share, or transfer your data to any third parties. Your data is only used to provide the ParentChild service.

Security

• All communication uses HTTPS/TLS encryption
• OAuth tokens are stored in a secure database with restricted access
• We follow the principle of minimal data access — we only request the HubSpot scopes necessary for our functionality (companies.read, companies.write)

GDPR Compliance

If you are in the European Economic Area (EEA):

• Legal basis: We process data based on your consent (installing the app) and legitimate interest (providing the service you requested)
• Data minimization: We only access company domain and name — no personal data, contacts, or other objects
• Right to deletion: Uninstalling the app deletes all stored data immediately. You can also contact us to request deletion.
• Right to access: Contact us to request a copy of any data we store related to your portal
• Data processor: Supabase (AWS infrastructure) serves as our data sub-processor

Children's Privacy

ParentChild does not knowingly collect data from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification.

Contact

For privacy-related inquiries or GDPR data protection requests:
Email: hello@parentchild.app