Privacy Policy
Last updated: 23 May 2026 Β· Version 2.0
This policy explains how MarketHub collects, uses, and protects your personal data. By using the platform you confirm that you have read and understood this policy.
1. Data Controller
MarketHub is operated by CAIO DIGITAL STUDIO S.R.L., a Romanian legal entity.
CAIO DIGITAL STUDIO S.R.L.
Registered office: Strada Alexandru Macedonsky nr. 6A, Cluj-Napoca, Cluj County, Romania
Tax ID: RO52220769 Β· Trade Register No.: J2025055360002
Email / DPO: office@caiostudio.eu
Supervisory authority: ANSPDCP
2. What is MarketHub
MarketHub is a marketing platform for businesses, with four modules: Email Marketing, SMS Marketing, Google Ads and Apple Search Ads, plus a company directory and an AI assistant that helps you write messages. Emails are sent from your own email accounts (Own SMTP or "Sign in with Google" connection.)
3. What data we collect
3.1 Data provided by you (user)
- Account: email (username), encrypted password (bcrypt), optional name, optional company name, IP address at authentication.
- Sending configuration: SMTP/IMAP credentials (AES-128 + HMAC encrypted) OR Google OAuth tokens (encrypted) if you connect a Gmail/Workspace account; optional personal API keys.
- Billing: company name, address, tax ID, payment history via Stripe (we do NOT store card details β Stripe is PCI-DSS compliant).
- Created content: email/SMS templates, campaigns, lists β everything you create on the platform.
3.2 Data about your campaign recipients
- Contacts: name, email, phone, website, address, category, public Google reviews (from Google Places API).
- Communications: the content of sent emails/SMS and detected replies.
- Results: opens, clicks, bounces, unsubscribes, replies.
Your responsibility: you are the data controller for contacts in your campaigns; MarketHub is the processor. You must have a legal basis (B2B legitimate interest, consent) and comply with GDPR + Law 506/2004.
3.3 Automatically collected data
- Technical logs: IP, user-agent, URLs, response time. Retention 90 days.
- Essential cookies: session (HttpOnly, Secure), CSRF. No third-party tracking cookies in the application.
4. Google API Data β Limited Use
If you choose to connect your account Gmail / Google Workspace via "Connect with Google", MarketHub gains access to the Gmail API only with permission gmail.send ("Send email on your behalf").
- We use this access exclusively to send your emails tale (the campaigns you launch), from your address.
- We do NOT read, modify, label, or store the contents of your mailbox. We do not have permission to read your inbox.
- We do not use Google data for ads and do not sell it.
- We do not transfer this data to third parties, except where strictly necessary to provide the service (actual sending via Google), to comply with the law, or with your explicit consent.
- No human reads this data, except in permitted cases: your consent, security/abuse purposes, or legal obligation.
- You can disconnect your account at any time from MarketHub and revoke access at myaccount.google.com/permissions.
MarketHub's use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the "Limited Use" requirements.
5. Legal Basis (GDPR)
| Purpose | Legal Basis |
|---|
| Service provision (login, sending campaigns) | Contract performance |
| Billing + tax records | Legal obligation |
| Security, abuse prevention, product improvement | Legitimate interest |
| Marketing from MarketHub | Consent (opt-in) |
| Your recipients' data | You are the controller, we are the processor (DPA available) |
6. Third-Party Processors
| Processor | What it does | Location |
|---|
| Google (Gmail API, Google Ads, Sign-In, Maps/Places) | Email sending (at your request), Google Ads, authentication, public business data | EU / USA |
| Anthropic (Claude) | AI assistant for writing messages | USA (SCCs) |
| SMS gateway provider | SMS sending | EU / USA |
| Apple (Search Ads) | Apple Search Ads campaigns | EU / USA |
| Stripe | Payment processing | Ireland / USA |
| Hostinger | Infrastructure (hosting) | EU |
7. International Transfers
Some processors are based in the USA. For these, we have Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Your Rights (GDPR Art. 15-22)
- Access, Rectification, Erasure ("right to be forgotten", except for data subject to a legal retention obligation)
- Restriction, Portability (JSON/CSV export from your account), Objection
- Withdrawal of consent at any time and complaint to ANSPDCP
Request them at office@caiostudio.eu β we respond within 30 days.
9. Retention
- Active account: for the duration of the subscription + 90 days after cancellation
- Invoices: 10 years (legal tax obligation)
- Technical logs: 90 days
- Google OAuth tokens: until disconnection/revocation; deleted upon account deletion
- After account deletion: data pseudonymized / permanently deleted within 30 days
10. Security
- Passwords: bcrypt hash. Secrets (SMTP, OAuth tokens, API keys): AES-128 encryption + HMAC.
- HTTPS required (TLS 1.2+). HttpOnly + Secure session cookie. CSRF protection. Daily backups.
In the event of a breach affecting your data, we will notify you within 72 hours and report to ANSPDCP.
11. Cookies
We use ONLY essential cookies: mailhub_session (authentication) and mailhub_csrf (CSRF protection). No third-party tracking in the application.
12. Children
The platform is for users aged 16 and over. We do not knowingly collect data from minors under 16 years of age.
13. Changes
We may update this policy. Major changes will be notified via email + in-app banner at least 30 days in advance.
14. Contact & complaints
DPO / contact: office@caiostudio.eu Β· Authority: ANSPDCP
Consumers: ANPC Β· SAL Β· ODR-EU
Privacy Policy
Last updated: 23 May 2026 Β· Version 2.0
This policy explains how MarketHub collects, uses, and protects your personal data. By using the platform you confirm that you have read and understood this policy.
1. Data controller
MarketHub is operated by CAIO DIGITAL STUDIO S.R.L., a Romanian company.
CAIO DIGITAL STUDIO S.R.L.
Registered office: Strada Alexandru Macedonsky nr. 6A, Cluj-Napoca, Cluj County, Romania
VAT: RO52220769 Β· Company reg.: J2025055360002
Email / DPO: office@caiostudio.eu
Supervisory authority: ANSPDCP (Romania)
2. What MarketHub is
MarketHub is a marketing platform for businesses, with four modules: Email Marketing, SMS Marketing, Google Ads, and Apple Search Ads, plus a business directory and an AI assistant that helps you write your messages. Emails are sent from your own email accounts (your own SMTP, or by connecting an account with "Sign in with Google").
3. Data we collect
3.1 Data you provide (user)
- Account: email (username), hashed password (bcrypt), optional name, optional company name, IP address at login.
- Sending setup: SMTP/IMAP credentials (encrypted AES-128 + HMAC) OR Google OAuth tokens (encrypted) if you connect a Gmail/Workspace account; optional personal API keys.
- Billing: company name, address, VAT ID, payment history via Stripe (we do NOT store card data β Stripe is PCI-DSS).
- Content you create: email/SMS templates, campaigns, lists.
3.2 Data about your campaign recipients
- Contacts: name, email, phone, website, address, category, public Google reviews (from the Google Places API).
- Communications: the content of the emails/SMS you send and the replies detected.
- Results: opens, clicks, bounces, unsubscribes, replies.
Your responsibility: you are the data controller for the contacts in your campaigns; MarketHub is the processor. You must have a legal basis (B2B legitimate interest, consent) and comply with GDPR and applicable law.
3.3 Data collected automatically
- Technical logs: IP, user-agent, URLs, response time. Retained 90 days.
- Essential cookies: session (HttpOnly, Secure), CSRF. No third-party tracking cookies in the app.
4. Google API data β Limited Use
If you choose to connect your Gmail / Google Workspace account via "Connect with Google", MarketHub receives access to the Gmail API only with the gmail.send scope ("Send email on your behalf").
- We use this access exclusively to send your emails (the campaigns you start), from your own address.
- We do NOT read, modify, label, or store the contents of your mailbox. We do not request any read access to your inbox.
- We do not use Google user data for advertising and we do not sell it.
- We do not transfer this data to third parties except as strictly necessary to provide the service (the actual sending through Google), to comply with applicable law, or with your explicit consent.
- No humans read this data, except where permitted: with your consent, for security/abuse purposes, or to comply with the law.
- You can disconnect the account at any time in MarketHub and revoke access at myaccount.google.com/permissions.
MarketHub's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Legal basis (GDPR)
| Purpose | Legal basis |
|---|
| Providing the service (login, sending campaigns) | Performance of a contract |
| Billing + tax records | Legal obligation |
| Security, abuse prevention, product improvement | Legitimate interest |
| MarketHub marketing | Consent (opt-in) |
| Your recipients' data | You are the controller, we are the processor (DPA available) |
6. Third-party processors
| Processor | Purpose | Location |
|---|
| Google (Gmail API, Google Ads, Sign-In, Maps/Places) | Sending email (at your request), Google Ads, authentication, public business data | EU / US |
| Anthropic (Claude) | AI assistant for writing messages | US (SCCs) |
| SMS gateway provider | SMS delivery | EU / US |
| Apple (Search Ads) | Apple Search Ads campaigns | EU / US |
| Stripe | Payment processing | Ireland / US |
| Hostinger | Infrastructure (hosting) | EU |
7. International transfers
Some processors are in the US. For those we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Your rights (GDPR Art. 15-22)
- Access, Rectification, Erasure ("right to be forgotten", except data we must retain by law)
- Restriction, Portability (JSON/CSV export from your account), Objection
- Withdraw consent at any time and lodge a complaint with ANSPDCP
Request them at office@caiostudio.eu β we respond within 30 days.
9. Retention
- Active account: for the subscription term + 90 days after cancellation
- Invoices: 10 years (tax obligation)
- Technical logs: 90 days
- Google OAuth tokens: until you disconnect/revoke; deleted when you delete your account
- After account deletion: data pseudonymized / permanently deleted within 30 days
10. Security
- Passwords: bcrypt hashing. Secrets (SMTP, OAuth tokens, API keys): AES-128 + HMAC encryption.
- HTTPS enforced (TLS 1.2+). HttpOnly + Secure session cookie. CSRF protection. Daily backups.
In case of a breach affecting your data, we notify you within 72 hours and report to ANSPDCP.
11. Cookies
We use ONLY essential cookies: mailhub_session (authentication) and mailhub_csrf (CSRF protection). No third-party tracking in the app.
12. Children
The platform is intended for users over 16. We do not knowingly collect data from children under 16.
13. Changes
We may update this policy. Major changes are notified via email + in-app banner at least 30 days in advance.
14. Contact & complaints
DPO / contact: office@caiostudio.eu Β· Authority: ANSPDCP
Consumers: ANPC Β· SAL Β· ODR-EU