Privacy Policy
1. Who We Are
GigaCarp, LLC ("Provider," "we," "us") operates the following software-as-a-service products available through the HubSpot platform:
- Redactify — automatic sensitive-data detection and redaction in HubSpot engagement records
- Delete — bulk and GDPR-compliant deletion of CRM objects via HubSpot workflow automation
- Dedupify — duplicate detection and merging for HubSpot CRM records
Data controller / operator:
GigaCarp, LLC
2105 S 122nd Ave
Omaha, NE 68144
United States
Privacy contact: privacy@orangemage.ai (monitored inbox — to be provisioned before launch)
No designated Data Protection Officer (DPO) is named at this time. A DPO is not legally required for a micro-SaaS at this scale (we do not process special-category data at scale under GDPR Article 37), but the privacy contact above serves as the responsible point of contact for all data subject rights requests and supervisory authority inquiries.
2. Scope of This Policy
This Policy applies to:
- Personal data collected from you when you install or use our Services.
- Personal data processed by our Services on behalf of your organization (your HubSpot CRM records).
This Policy does not apply to:
- The HubSpot platform itself (governed by HubSpot's own Privacy Policy at
legal.hubspot.com/privacy-policy). - Third-party services linked from our marketing site.
3. Data We Collect and Why
3.1 Account and Billing Data
When you install a Service via HubSpot OAuth, we collect:
| Data | Source | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| HubSpot Portal ID | HubSpot OAuth token exchange | Identify your portal for authentication and per-portal configuration | Performance of contract (Art. 6(1)(b)) |
| HubSpot Hub ID (Account ID) | HubSpot OAuth | Associate configuration with your account | Performance of contract |
| OAuth access token and refresh token | HubSpot OAuth | Authenticate API calls to HubSpot on your behalf | Performance of contract |
| Billing email address | Stripe checkout | Send invoices and subscription notifications | Performance of contract; Legitimate interest |
| Stripe customer ID and subscription ID | Stripe | Track subscription status and enforce access | Performance of contract |
3.2 Configuration Data
| Data | Source | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Redaction pattern rules (Redactify) | Customer-configured in app settings | Define which patterns trigger redaction | Performance of contract |
| Selected HubSpot engagement fields (Redactify) | Customer-configured | Define which fields to scan | Performance of contract |
| Duplicate matching rules (Dedupify) | Customer-configured | Define merge behavior | Performance of contract |
| Default action settings (redact / clear / delete) | Customer-configured | Govern how matched records are processed | Performance of contract |
3.3 HubSpot CRM Data (Processed on Your Behalf)
Our Services access HubSpot CRM records via HubSpot's API using the OAuth scopes you granted. This data is processed on your behalf (you are the data controller; GigaCarp, LLC is the data processor).
Per-product data access:
| Service | HubSpot OAuth Scopes | Data Accessed |
|---|---|---|
| Redactify | crm.objects.contacts.read/write, sales-email-read |
Contact records (read for context); engagement records including email body content (via sales-email-read), call notes, meeting notes — scanned for pattern matches, never stored |
| Delete | crm.objects.contacts.read/write, crm.objects.companies.read/write, crm.objects.deals.read/write, tickets |
CRM object records for the purpose of deletion |
| Dedupify | crm.objects.contacts.read/write, crm.objects.companies.read/write, crm.objects.deals.read/write, crm.schemas.*, optionally tickets |
Contact, company, and deal records for duplicate detection and merge |
Important — Redactify email content: Redactify reads the body of HubSpot engagement records, including sales emails, call notes, and meeting notes, solely to detect and redact configured patterns. We do not store, index, log, or retain the original content of engagement records. Audit logs record only: the HubSpot object type and ID, the action taken, the names of fields that were modified, and which pattern rules matched — never the underlying text.
3.4 Usage and Audit Log Data
| Data | Retention | Purpose |
|---|---|---|
| Redaction audit log (Redactify): object type, object ID, action, matched pattern names, field names, originating user email, timestamp | 90 days (rolling) | Customer-facing audit trail visible in the Redactify Settings UI |
| Usage events per portal (all Services) | 90 days | Internal analytics, billing limit enforcement |
| Server application logs | 30 days | Error diagnosis and security monitoring |
3.5 Website and Marketing Data
When you visit orangemage.ai, we may collect standard web server access logs (IP address,
browser, page requested, timestamp).
We do not use analytics cookies or tracking scripts on this site. No analytics service (GA4,
Plausible, Fathom, or equivalent) is deployed on orangemage.ai. If analytics tracking is
introduced in the future, a cookie consent banner and a dedicated cookie policy section will
be added before any such tracking goes live.
4. How We Use Your Data
We use collected data to:
- Authenticate and authorize your access to the Services.
- Process HubSpot CRM records on your behalf per your configuration.
- Enforce subscription status (check active billing before processing events).
- Provide you with usage statistics and audit logs within the app.
- Send billing notifications and service announcements via email.
- Diagnose errors and maintain Service reliability.
- Comply with legal obligations.
We do not:
- Sell your personal data to third parties.
- Use your HubSpot CRM data for our own analytics or machine learning.
- Read engagement content (e.g., email bodies) for any purpose other than pattern matching.
- Store the original content of records that Redactify has processed.
5. Data Sharing and Sub-Processors
We share data only with the following categories of sub-processors required to deliver the Services:
| Sub-Processor | Purpose | Data Category | Location | DPA / Addendum |
|---|---|---|---|---|
| Google Cloud Platform — Firestore, Cloud Run, Pub/Sub, Secret Manager | Hosting, database, message queuing, secrets management | All data categories | us-central1 (Iowa, USA) | cloud.google.com/terms/data-processing-addendum |
| Stripe | Subscription billing and payment processing | Billing email, subscription status, payment method metadata | USA | stripe.com/legal/dpa |
| HubSpot | OAuth token validation, CRM API access | OAuth tokens, CRM records (read/write per scope) | HubSpot's infrastructure | legal.hubspot.com/dpa |
Data residency: All Provider-operated infrastructure runs in Google Cloud Platform's
us-central1region (Iowa, USA). No Customer Data is transferred to other GCP regions by Provider's systems.
We do not use any other sub-processors. We will update this section and notify affected customers before adding new sub-processors.
6. International Data Transfers
Provider's infrastructure is located in the United States. If you are located in the European Economic Area (EEA), UK, or Switzerland, your data is transferred to the US under one of the following safeguards:
- Standard Contractual Clauses (SCCs): Provider's Data Processing Agreement (see
orangemage.ai/legal/dpa) incorporates the EU Standard Contractual Clauses (2021/914/EU, Controller-to-Processor, Module 2) for transfers from the EEA to Provider's US infrastructure. - Sub-processor SCCs: Google Cloud and Stripe have their own SCC-based transfer mechanisms in their respective DPAs (linked in Section 5).
7. Data Retention
| Data Category | Retention Period |
|---|---|
| OAuth access and refresh tokens | Retained while your subscription is active; deleted within 30 days of subscription cancellation |
| HubSpot CRM data (in-transit) | Not stored; processed in memory and not persisted |
| Redaction audit logs | 90 days rolling; deleted when subscription is cancelled after 30-day grace period |
| Usage event records | 90 days rolling |
| Stripe billing records | Retained per Stripe's requirements (typically 7 years for financial records) |
| Application server logs | 30 days |
| Configuration/settings data | Retained while subscription is active; deleted within 30 days of cancellation |
After deletion, data is not recoverable. Retention periods may be extended if required by applicable law (e.g., legal hold, regulatory investigation).
8. Your Rights
8.1 GDPR Rights (EEA and UK Residents)
If you are in the EEA, UK, or Switzerland, you have the following rights under the GDPR (or UK GDPR):
- Right of access (Art. 15): Request a copy of personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate personal data.
- Right to erasure (Art. 17): Request deletion of your personal data (subject to legal obligations).
- Right to restriction (Art. 18): Request that we restrict processing in certain circumstances.
- Right to data portability (Art. 20): Receive your personal data in a machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
- Right to lodge a complaint: You have the right to complain to your national data protection authority (e.g., ICO in the UK, your EEA supervisory authority).
To exercise GDPR rights, contact: privacy@orangemage.ai
We will respond to verified requests within 30 days (extendable to 90 days for complex requests).
8.2 CCPA Rights (California Residents)
California residents have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of personal information (subject to legal exceptions).
- Right to opt-out of sale: We do not sell personal information. No opt-out mechanism is required.
- Right to non-discrimination: We will not discriminate against you for exercising CCPA rights.
To exercise CCPA rights, contact: privacy@orangemage.ai
We do not sell or share (for cross-context behavioral advertising) personal information.
8.3 Note on CRM Data
The personal data within your HubSpot CRM (your customers' data) is data you control. We process it on your behalf as a data processor. Requests from your customers regarding their data under GDPR or CCPA must be directed to you as the data controller. We will support you in responding to such requests as required under our Data Processing Agreement.
9. Security
We implement the following security measures to protect your data:
- All data in transit is encrypted using TLS 1.2+.
- Data at rest is encrypted using GCP's default encryption (AES-256).
- OAuth tokens are stored in Google Cloud Firestore with access controls limited to Service infrastructure.
- Internal service-to-service communication uses OIDC-based authentication (GCP service accounts).
- Application secrets (OAuth client credentials) are stored in GCP Secret Manager.
- Access to production systems is limited to authorized personnel.
Despite these measures, no system is completely secure. In the event of a data breach affecting your personal data, we will notify affected customers and, where required by law, the relevant supervisory authority, within 72 hours of becoming aware of the breach.
10. Children's Privacy
Our Services are not directed at individuals under 16 years of age, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will delete it promptly.
11. Changes to This Policy
We will post any updates to this Privacy Policy at orangemage.ai/legal/privacy-policy with a
revised "Last Updated" date. For material changes, we will notify affected customers via email at
least 30 days before the change takes effect.
12. Contact
For privacy questions, rights requests, or concerns:
Email: privacy@orangemage.ai
Operator:
GigaCarp, LLC
2105 S 122nd Ave
Omaha, NE 68144
United States
Last Updated: 2026-04-15