Privacy Policy

Last updated: March 2026

info1. Introduction

ClickSync (“we”, “our”, “us”) provides a synchronization service between HubSpot CRM and ClickUp project management. This Privacy Policy explains how we collect, use, store, and protect your data when you use our service.

database2. Data We Collect

When you connect your accounts, we collect and store:

• OAuth tokens: Encrypted access and refresh tokens for HubSpot and ClickUp. These allow us to read and write data on your behalf. Tokens are encrypted at rest using AES-256-GCM encryption.
• Account identifiers: Your HubSpot portal ID, ClickUp workspace ID, and ClickUp user ID. These identify your accounts but are not personally identifiable.
• Sync configuration: Your field mappings, sync pair settings, and sync event logs (timestamps, record IDs, success/failure status).
• Deal and task metadata: Deal names, amounts, stages, and task names that pass through our sync service. We do not store the full content of your deals or tasks — only the metadata needed to perform and log sync operations.

We do not collect: passwords, payment card details (handled by Stripe), contact personal information, email content, or any data beyond what is needed for sync.

settings3. How We Use Your Data

• To synchronize deal and task data between HubSpot and ClickUp as configured by you
• To detect changes and prevent duplicate records
• To display sync activity and error information in your dashboard
• To improve the reliability and performance of the service

lock4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase (AWS US-East-1). All OAuth tokens are encrypted at rest using AES-256-GCM. All data transmission uses HTTPS/TLS 1.2+. We do not store tokens in logs, URLs, or client-side code.

public5. Third-Party Services

• HubSpot API: To read and write CRM deal data
• ClickUp API: To read and write project management task data
• Stripe: To process subscription payments (Stripe handles all payment data)
• Supabase: Database hosting
• Railway: Backend application hosting
• Vercel: Frontend application hosting

delete6. Data Retention and Deletion

We retain your data for as long as your account is active. Upon disconnecting your accounts or requesting deletion, we will delete all your data within 30 days, including: OAuth tokens, sync configurations, field mappings, object links, and sync event logs.

To request data deletion, disconnect your accounts in the Settings page or contact us at the email below.

gavel7. Your Rights

If you are in the European Economic Area, you have the right to:

• Access the data we hold about your account
• Request correction of inaccurate data
• Request deletion of your data
• Request portability of your data
• Object to processing of your data

To exercise these rights, contact us at the email below.

mail8. Contact

For privacy-related questions or requests, contact us at: viraj@clicksync.co