Retro Hub AI Inc. ("we," "our," or "us"), a corporation incorporated in British Columbia, Canada (Business Number 719420036RC0001), operates the RetroHub AI platform available at retrohubai.com and dev.retrohubai.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using RetroHub AI you agree to the practices described here.
When you create an account we collect your name and email address. If you sign in via a third-party OAuth provider (Google or GitHub) we receive the profile data those providers share with us — typically your name, email address, and profile picture.
If you connect social media accounts (LinkedIn, Twitter/X, Facebook/Meta) to use our Social Suite features, we store the OAuth access tokens issued by those platforms. All tokens are encrypted at rest using AES-256-GCM before being written to our database. We never store your social media passwords.
We store the inputs you submit to AI features (prompts, context, uploaded content) and the outputs generated, so you can access your history and saved documents. This data is scoped to your account and not shared with other users.
Payment processing is handled by NMI (Network Merchants Inc.). We never receive or store raw card numbers, CVVs, or full payment card data. Our system stores only the vault/token ID returned by NMI, which references your payment method on NMI's PCI-compliant infrastructure.
We collect usage data such as which features you use, timestamps of AI generation requests, and token/cost metrics. For security and abuse prevention we log IP addresses; however, IPs are hashed (salted) before storage — we do not retain raw IP addresses in our analytics tables.
We integrate with the following third-party services. Each has its own privacy policy.
| Service | Purpose | Data Shared |
|---|---|---|
| Google OAuth | Sign-in | Name, email, profile picture |
| GitHub OAuth | Sign-in | Name, email, profile picture |
| NMI (Network Merchants) | Payment processing | Billing details (not stored by us) |
| Twitter/X API | Social Suite publishing | Your posts & OAuth token (encrypted) |
| LinkedIn API | Social Suite publishing | Your posts & OAuth token (encrypted) |
| Meta (Facebook) API | Social Suite publishing | Your posts & OAuth token (encrypted) |
| Ollama / AI model providers | AI content generation | Your prompts (sent for inference) |
| Cloudflare Tunnel | Secure infrastructure routing | Network traffic metadata |
Your data is stored in a PostgreSQL database hosted on our private infrastructure (a QNAP NAS device located in a secured facility). The server is not directly accessible from the public internet — all traffic is routed through Cloudflare Tunnel with TLS encryption in transit.
Social media OAuth tokens are encrypted with AES-256-GCM before being written to the database. IP addresses used for security logging are hashed with a static salt and are not stored in plaintext. We use timing-safe comparison functions for all secret verification to prevent timing-based attacks.
While we take reasonable technical and organisational measures to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security.
We retain your account data for as long as your account is active. AI generation history is retained to power your saved documents sidebar; you may delete individual saved documents at any time. Archived workflow sessions are automatically cleaned up after 30 days. Audit logs are retained for security and compliance purposes and survive account deletion (the user ID reference is set to null on deletion to anonymise the record).
You have the right to:
We use cookies strictly for authentication. Auth.js v5 sets a session cookie after you sign in to keep you logged in across page loads. This cookie is HTTP-only, Secure, and SameSite=Lax. We do not use advertising or tracking cookies.
Our Progressive Web App (PWA) may store data in your browser's local storage for offline functionality. This data stays on your device and is not transmitted to our servers unless you explicitly take an action that does so.
RetroHub AI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will take steps to delete it.
Retro Hub AI Inc. is based in British Columbia, Canada, and our infrastructure is operated in a private facility. Personal information processed by us is subject to Canadian privacy law (PIPEDA). Third-party AI model providers and OAuth providers may process data in various jurisdictions. By using RetroHub AI you consent to your data being processed in the countries where our service providers operate.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes we will notify you via email or a prominent notice on the platform. Your continued use of RetroHub AI after changes are posted constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Retro Hub AI Inc.
Vancouver, BC, Canada
Business Number: 719420036RC0001
Email: [email protected]
Website: retrohubai.com