Privacy Policy

OneHub360 is a small-business platform covering CRM, pipeline, shared inbox, live chat, invoicing, and analytics. It is operated by Dan Morrell as a sole proprietor, based in Illinois, USA. Throughout this policy, “OneHub360,” “we,” and “us” refer to this service.

• OneHub360 (Dan Morrell, sole proprietor)
• Email: dan.morrell@mixmastered.com
• Phone: +1-312-725-0326
• Location: Illinois, USA

Account data

• Name, email, phone, company name, and password (hashed).
• Billing details processed by Stripe. We do not store card numbers.
• Preferences and settings you configure inside the app.

Customer and contact data you bring in

• Contacts, deals, notes, and files that you add directly or import through integrations you connect.
• Email messages synced from Gmail or Outlook when you connect a mailbox, including subjects, bodies, sender and recipient addresses, and attachments.
• Shopify data when you install the OneHub360 Connect app: orders (order ID, line items, totals, customer email), customers (name, email, phone), checkouts and abandoned carts, and product catalog (read-only sync).
• Clover data when connected: orders, items, and customer records used for point-of-sale reconciliation.

Usage data

• IP address, browser and device information, pages visited, and actions performed inside the app.
• Server logs for security, debugging, and abuse detection. Typical retention is 90 days.

• Operate, secure, and support the service.
• Sync data you have explicitly authorized from third-party integrations, and keep that data up to date through webhooks and periodic polling.
• Send you product alerts, security notices, billing receipts, and messages you have configured inside the app (for example, abandoned-cart notifications you set up for your own store).
• Diagnose bugs and improve reliability.
• Comply with legal obligations.

We do not sell your data. We do not share it with advertisers. We do not share data across tenants.

You choose which integrations to connect. We only access the scopes required to run the features you turn on, and we store access tokens encrypted at rest. You can disconnect any integration at any time from the app settings, which revokes our access and stops future syncs.

• Application data is stored in a SQLite database on a private VPS controlled by OneHub360.
• Access tokens and other secrets are encrypted at rest. Passwords are stored as salted hashes, never in plain text.
• All traffic to and from the app uses HTTPS.
• The database is backed up daily at 3:00 AM Central Time. Backups are encrypted.
• Administrative access to the server is limited to the operator and is protected by key-based SSH authentication.

No system is perfectly secure. We do not claim SOC 2, ISO 27001, HIPAA, or PCI certification. If you handle regulated data, you are responsible for confirming OneHub360 is an appropriate fit for your use case.

You can:

• Access the data we hold about you.
• Export your data in a machine-readable format.
• Correct information that is wrong.
• Delete your account and associated data.
• Disconnect any integration at any time from the settings page.

Use the controls in Settings → Privacy, or email dan.morrell@mixmastered.com. We respond to verified requests within 30 days.

We use a small number of first-party cookies required for sign-in, session management, and CSRF protection. These cannot be disabled without breaking the app. We do not run third-party advertising trackers on our marketing pages or inside the app.

If we introduce product analytics in the future, we will update this page and, where required, ask for consent.

• Active accounts: data is retained as long as the account is in use.
• Deleted accounts: data is held for 30 days to allow for recovery, then fully purged from the live database and from the next backup rotation.
• Server logs: up to 90 days.
• Billing records: retained as required by applicable tax and accounting law, typically up to 7 years.

We honor the Shopify mandatory compliance webhooks. When a merchant uninstalls OneHub360 Connect or a shopper requests redaction, Shopify sends us one of the following, which we process automatically:

• customers/redact — delete all data we hold about the identified customer for that shop.
• shop/redact — delete all data we hold for the shop, sent 48 hours after uninstall.
• customers/data_request — compile the data we hold on the identified customer and return it to the merchant.

For GDPR or other jurisdiction-specific requests not covered by Shopify webhooks, email dan.morrell@mixmastered.com. We fulfill verified requests within 30 days.

When you use OneHub360 to manage your own customers' data, you are the controller and OneHub360 is the processor acting on your instructions. You are responsible for having a lawful basis to process that data and for responding to your customers' rights requests. We will assist in good faith with any request you pass to us.

We will update this page when our practices change. If the change is material, we will notify account holders by email before it takes effect. The effective date at the top always reflects the current version.

• OneHub360 (Dan Morrell, sole proprietor)
• Email: dan.morrell@mixmastered.com
• Phone: +1-312-725-0326
• Location: Illinois, USA