Privacy Policy

Last updated: April 30, 2026

Introduction

ParentChild, operated by Signal Helm LLC, a Colorado limited liability company ("we", "our", "us"), provides a HubSpot integration that automatically creates parent-child company associations based on domain hierarchy. This Privacy Policy describes how we collect, use, and protect information when you use our service.

Information We Collect

HubSpot OAuth Tokens

When you install ParentChild, we receive OAuth access and refresh tokens from HubSpot. These tokens are necessary to read company domain data and create associations on your behalf.

Account Email

During installation, we collect the email address associated with your HubSpot user account. This is used solely to send you transactional notifications (e.g., free tier limit alerts).

Company Data (Transient)

ParentChild reads two company properties from your HubSpot portal: domain and name. This data is processed transiently in server memory only for the duration of the request and is not stored, logged, or persisted outside of HubSpot.

Association Tracking Records

ParentChild tracks which parent-child associations it creates (portal ID, parent company ID, child company ID, and creation timestamp). This data powers the "Remove All Associations" undo feature and is stored in Supabase. No company names, domains, or other company properties are stored — only HubSpot record IDs.

Settings Data

Your configuration preferences are stored in Supabase, including: activation status, excluded domain extensions, regional linking preference, and domain property selection.

Usage Data

We track the number of parent-child associations created per billing cycle per portal for the purpose of enforcing free tier limits. We store: portal ID and association count. No company-specific data is included.

How We Use Information

• Account email: To send transactional notifications such as free tier limit alerts
• OAuth tokens: To authenticate API requests to HubSpot on your behalf (reading company domains, creating associations)
• Company domain/name data: Processed in-memory to find parent companies and create associations. Not stored.
• Usage counts: To enforce free tier limits (100 associations/billing cycle)

Data Storage

• OAuth tokens, your account email, settings, and association tracking records are stored in Supabase (hosted on AWS infrastructure in the United States)
• No company property data (domains, names, etc.) is persisted outside of HubSpot — only HubSpot record IDs are stored for association tracking
• Usage counts are stored in Supabase

Data Retention

While installed (active or deactivated)

• OAuth tokens, account email, settings, and association tracking records are retained
• Deactivating the app pauses processing but does not delete any stored data

Upon uninstall

To fully uninstall ParentChild, you must complete both of the following steps:

1. Uninstall from ParentChild: Click the "Uninstall ParentChild" button at the bottom of your ParentChild settings page. This immediately deletes your OAuth tokens, account email, settings, and association tracking records from our servers.
2. Uninstall from HubSpot: In your HubSpot portal, go to Settings → Integrations → Connected Apps → ParentChild → Uninstall. This revokes OAuth access and removes the app from your HubSpot account.

Important: HubSpot does not notify third-party apps when you uninstall from your HubSpot portal. If you only uninstall from HubSpot without first uninstalling from the ParentChild settings page, your OAuth tokens and settings may remain on our servers until we detect the revoked access. We strongly recommend completing both steps to ensure your data is cleared immediately.

• The "Remove All Associations" undo feature becomes unavailable after uninstall because tracking data is deleted
• Usage counts (portal ID and association count per billing cycle), your tier (Free/Pro), and original install date are retained to prevent abuse of free tier limits. If you reinstall, your billing cycle and usage history continue from where they left off.
• Existing parent-child associations in HubSpot are not affected — they are native HubSpot records and remain in place
• No company-specific data (domains, names, etc.) is ever stored or retained

Data Sharing

We do not sell, share, or transfer your data to any third parties. Your data is only used to provide the ParentChild service.

Security

• All communication uses HTTPS/TLS encryption
• OAuth tokens are stored in a secure database with restricted access
• We follow the principle of minimal data access — we only request the HubSpot scopes necessary for our functionality (companies.read, companies.write)

GDPR Compliance

If you are in the European Economic Area (EEA):

• Legal basis: We process data based on your consent (installing the app) and legitimate interest (providing the service you requested)
• Data minimization: We only access company domain and name — no personal data, contacts, or other objects
• Right to deletion: Clicking "Uninstall ParentChild" on the settings page immediately deletes all stored data (tokens, email, settings, association tracking). Usage counts and tier are retained for anti-abuse purposes. You can also contact us to request full deletion.
• Right to access: Contact us to request a copy of any data we store related to your portal
• Data processors: Supabase (AWS infrastructure) serves as our data sub-processor. Lemon Squeezy (as Merchant of Record) processes payment data for Pro tier subscriptions.

Children's Privacy

ParentChild does not knowingly collect data from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification.

Contact

For privacy-related inquiries or GDPR data protection requests:
Email: hello@parentchild.app