MY-T-HUB is operated by BACOYO Ltd. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why we collect it, and your rights.
1. Who We Are
MY-T-HUB is a SaaS platform operated by BACOYO Ltd, United Kingdom. For data protection enquiries, contact us at info@mythub.xyz.
2. What Data We Collect
Account Data
- Full name, email address, company name, phone number
- Password (stored as a one-way Argon2id hash — never in plain text)
- Google account ID if you register via Google OAuth
- Timezone preference and account settings
Billing Data
- Subscription plan and status
- Payment processing is handled entirely by Stripe. MY-T-HUB never stores card numbers or payment instrument details.
Usage Data
- Login timestamps, IP addresses, browser and device type
- Geographic location derived from IP (country, city) via MaxMind GeoLite2
- Export history: filenames, row counts, timestamps
- Audit log of account actions (logins, exports, settings changes)
Supplier Credentials
- SFTP hostnames, usernames, and passwords you enter for your suppliers
- All credentials are encrypted at rest using AES-256 (Fernet) and are never accessible to other users or shared with third parties
Communications Data
- Emails sent to you (verification, password reset, trial reminders) via Brevo transactional email
3. How We Use Your Data
- To provide, operate, and improve the MY-T-HUB platform
- To authenticate your identity and secure your account
- To process subscription payments via Stripe
- To send transactional emails (verification, password reset, trial notifications)
- To detect fraud, abuse, and security threats (TOR exit node detection, login anomalies)
- To comply with legal obligations
4. Legal Basis for Processing (UK GDPR)
- Contract: Processing necessary to deliver the service you have signed up for
- Legitimate interests: Security monitoring, fraud prevention, platform improvement
- Legal obligation: Compliance with UK law
- Consent: Marketing communications (where applicable)
5. Data Sharing
We do not sell your data. We share data only with trusted third-party processors required to operate the platform:
- Stripe — payment processing (UK/EU data transfer covered by SCCs)
- Brevo — transactional email delivery
- MaxMind — IP geolocation (GeoLite2, processed locally on our server)
- Sentry — error tracking (anonymised stack traces only)
6. Data Retention
- Account data: retained for the duration of your account plus 90 days after deletion
- Audit logs: retained for 12 months
- Unverified accounts: automatically deleted after 7 days
- Password reset tokens: deleted immediately after use or after 24 hours
7. Security
MY-T-HUB uses industry-standard security measures including:
- Argon2id password hashing (time cost 2, memory 64MB)
- AES-256 Fernet encryption for all stored credentials
- TLS/SSL encryption in transit
- Redis session management with 24-hour rolling expiry
- Two-factor authentication (TOTP) available for all accounts
- Account lockout after 5 failed login attempts
8. Your Rights (UK GDPR)
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and data
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Object — object to processing based on legitimate interests
To exercise any right, email info@mythub.xyz. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (Information Commissioner's Office).
9. Cookies
MY-T-HUB uses the following cookies:
- session_id — secure, httpOnly session cookie. Essential for authentication. Expires after 24 hours of inactivity.
- csrftoken — CSRF protection token. Essential for security.
- myt-theme — stores your dark/light mode preference. Stored in localStorage, not a cookie.
We do not use advertising cookies or third-party tracking cookies.
10. Changes to This Policy
We may update this policy from time to time. We will notify registered users by email of any material changes. The latest version is always available at www.mythub.xyz/privacy-policy.
11. Contact
For any data protection queries: info@mythub.xyz
MY-T-HUB — operated by BACOYO Ltd, United Kingdom