Privacy policy

iSolutions Hub Pte Ltd ("iSolutions Hub," "we," "us") is a Singapore-incorporated company and the billing entity for the service. All invoices are issued in Singapore dollars; iSolutions Consultancy Pte Ltd (ISC) is a related entity that may appear on historical Singapore invoices.

For data-protection purposes under PDPA, GDPR, and CCPA, we act as the data controller for our own marketing site visitors and account holders, and as the data processor for content our customers create on the platform.

Account data: name, email, password hash, profile photo, country, billing address, language preference.

Content data: anything you create or upload — brand voices, articles, images, knowledge-base documents, AI-agent training material.

Usage data: pages you view, features you use, error logs, performance metrics. We log these to operate and improve the service.

Payment data: billing email and invoice history. Today we invoice via bank transfer; online card payments launch next, at which point a PCI-compliant payment processor will hold full card details and we'll never see the raw number.

Integration data: when you connect Gmail, Google Calendar, social platforms, or notification channels, we store the OAuth tokens and the metadata needed to operate the integration. We don't read content beyond what the integration needs.

Marketing site: when you visit isolutionshub.com we collect minimal performance metrics (page-load time, IP for rate-limiting). If you accept the analytics category on the cookie banner, we also collect Google Analytics 4 usage data (pageviews, events, device type, approximate location from IP) — until then, analytics storage stays denied. We never load advertising or remarketing tags.

To provide the service: render the app, run the article workflow, draft articles, send notifications, charge subscriptions.

To communicate with you: transactional emails (account, billing, security), and product updates if you've opted in.

To improve the service: aggregate usage analytics, error reports, and feature performance. Aggregate means stripped of personal identifiers.

To comply with the law: tax records, legal requests we're required to honour, fraud prevention.

We do not train AI models on your content. We do not sell or rent your data to anyone.

With sub-processors who help us run the service. The full list (with vendor, purpose, region, and data category) lives at /security. We notify customers 30 days before adding or replacing any sub-processor.

Once content reaches a sub-processor, that sub-processor's privacy policy governs how it is handled — not ours. We pick reputable providers and review their terms, but we cannot recall or control data after transmission.

With law enforcement when required by valid legal process. We push back on overbroad requests and notify the customer where law allows.

With the public on your behalf when you publish content (articles, social posts, embeds). That's the whole point of the service; the published content is yours, governed by your terms with your audience.

We never share for marketing, advertising, or research without explicit consent.

Connecting a Google account is optional and powers the AI Inbox. When you connect, we request only the scopes the features you turn on require: reading your email (to find, summarise, and draft replies), sending email (to send replies you approve), modifying email (to label and organise messages), managing your Google Calendar and its events (to find times and schedule meetings), and your email address (to identify the connected mailbox).

iSolutions Hub's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only to provide and improve the features you enable. We do not sell it, use it for advertising, or use it to train generalised AI/ML models, and we do not transfer it to others except as needed to operate the service for you or as required by law.

Your access and refresh tokens are encrypted at rest and used only on our servers — never exposed to third parties. You can revoke our access at any time from your Google Account security settings or from within the app. See our Data Deletion page for how to remove the connected data.

Connecting Facebook, Instagram, or LinkedIn is optional — everything else works without it. When you connect, we ask only for the permissions needed to publish on your behalf, and we only ever publish when you press Publish.

Here's exactly what each connection lets us do:

Facebook — see the list of Pages you manage (so you can pick one) and publish the posts you create to the Page you choose.

Instagram — publish image posts to the Instagram Business account linked to your Facebook Page. Instagram requires an image and a Business or Creator account.

LinkedIn — confirm who you are (your name, photo, and email) and post to your personal LinkedIn feed.

We don't read your private messages, follower lists, or browsing history, and we never touch anything beyond what publishing needs. Connection tokens are encrypted and used only on our servers — never sold or shared with anyone else. You can disconnect any account at any time from Settings → Connectors or from the platform's own settings, and access stops immediately. See our Data Deletion page to remove connected data.

To protect users and meet our content-safety obligations, we automatically scan messages you send to AI assistants — and the assistants' replies — for unsafe or abusive content (such as content that sexually exploits a minor, threats of violence, or instructions for self-harm) and for prompt-injection attempts. Scans use OpenAI's free Moderation API (omni-moderation-latest) and a small set of pattern-matching heuristics. When a scan flags a message we store the full message verbatim, the classifier output, your user ID, and the surface (chat / Writer / etc.) in a private 'abuse_reports' record visible only to our admin team for safety review. We block requests in only one case — content that appears to sexually exploit a minor — and log everything else without interrupting your work. Reports are retained indefinitely so we can investigate patterns across time.

Active accounts: indefinitely while the account is active.

Deleted content: immediately removed from active systems; backups age out within 30 days.

Closed accounts: 30 days for billing and dispute purposes, then deleted (or anonymised where deletion conflicts with our legal record-keeping obligations like tax law).

Logs: 6 months for application logs, 1 year for security logs.

Under PDPA (Singapore), GDPR (EU/UK), and CCPA (California), you have the right to: access your data, correct it, port it to another service, delete it, and (where applicable) object to processing or limit our use of it.

We respond to all rights requests within 30 days. Email privacy@isolutionshub.com — verifying your identity may take an additional working day.

You also have the right to lodge a complaint with the relevant supervisory authority (PDPC in Singapore, your national DPA in the EU).

Primary infrastructure runs in Singapore. Some sub-processors process data in the United States (AI providers, payment processing) or globally (Google APIs, social-media APIs). For EU/UK customers we rely on Standard Contractual Clauses; for SG customers we comply with PDPA's cross-border requirements (PDPA Section 26).

Strictly-necessary cookies always run: authentication, security (CSRF), language and currency preferences, and the cookie that remembers your consent choice. These can't be disabled.

Analytics: when you accept the analytics category on the cookie banner, we load Google Analytics 4 (via Google Tag Manager) on the marketing site, the app, and the chat widget. It sets the _ga cookie and a per-stream _ga_… cookie and helps us see which pages and features get used. Until you accept, Google Consent Mode v2 keeps analytics storage denied — no _ga cookie, no advertising cookies. We never load advertising or remarketing tags. You can change or withdraw your choice anytime via the cookie banner.

The service is not intended for users under 16. We don't knowingly collect data from anyone under 16. If you believe we have, email privacy@isolutionshub.com and we'll delete the data within 7 working days.

Material changes (new sub-processor, new data category, new sharing practice) get 30 days' notice via email and an in-app banner. Minor wording fixes get a quiet update with a new "last updated" date at the top.

Privacy contact: privacy@isolutionshub.com Postal: iSolutions Hub Pte Ltd, Singapore DPO: as designated by the company at registration; see our security page for current contacts.

If you're not happy with our response, you have the right to escalate to your jurisdiction's data protection authority. We'll cooperate fully with any such investigation.