Privacy Policy

Effective date: January 30, 2026
Last updated: January 30, 2026

This Privacy Policy explains how JTK Apps Ltd ("we", "us", "our") collects, uses, shares, and protects information when you use workflowautomationtoolkit.com and the Workflow Automation Toolkit HubSpot app (the "Service").

1) Who we are (Controller)

Controller: JTK Apps Ltd
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Contact: support@jtkapps.com

2) What we collect

We collect information in three main categories:

A) Website and support communications

• Information you provide when contacting support (e.g., email address, message content).
• Basic usage data when you browse our site (e.g., IP address, device/browser info, pages viewed), typically via logs and/or analytics cookies (if used).

B) HubSpot connection data (OAuth + account identifiers)

When you install/connect the app, HubSpot provides us data needed to operate the integration, such as:

• HubSpot account/portal identifiers
• Authorization tokens (access/refresh tokens) and related metadata
• App scopes/permissions granted

(We use this to authenticate and perform the workflow actions you configure.)

C) Workflow and action processing data ("Customer Data")

Depending on the actions you use, we may process:

• Action inputs you configure in HubSpot (which may include CRM property values)
• Action outputs (e.g., parsed JSON values, transformed text)
• For webhook actions: request configuration (URL, method, headers, body) and response status/data needed to return outputs to HubSpot

Important: If you configure webhooks or notifications to third-party services, your data may be transmitted to those third parties under your direction.

3) How we use information

We use information to:

• Provide and operate the Service (run workflow actions, return outputs)
• Authenticate your HubSpot connection and maintain app functionality (OAuth)
• Maintain security, prevent abuse, and troubleshoot issues (logs/monitoring)
• Provide customer support and respond to requests
• Improve the Service (e.g., reliability, performance, documentation)

4) Legal bases (UK GDPR / GDPR where applicable)

Where applicable, we process personal data under these legal bases:

• Contract: to provide the Service you request (e.g., running workflow actions).
• Legitimate interests: to secure, maintain, and improve the Service, prevent fraud/abuse, and provide support.
• Consent: for optional cookies/analytics where required by law.
• Legal obligation: to comply with applicable laws.

5) How we share information

We may share information with:

• Service providers (processors) that help us run the Service (e.g., hosting, logging/monitoring, email/support tooling). They may process data only on our instructions.
• Third parties you choose: when you configure actions that send data to external endpoints (e.g., webhook URLs, chat notification endpoints). In these cases, you are directing us to send data to those third parties.
• Authorities: if required by law or to protect rights, safety, and security.

We do not sell your personal information.

6) Data retention

We retain personal data only as long as necessary for the purposes described above, including:

• As long as your app installation is active (for OAuth connection data)
• As needed to provide support and maintain security logs
• As required by law

You can request deletion as described below.

7) Security

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is completely secure.

8) International transfers

If data is transferred outside the UK/EEA, we use appropriate safeguards (such as standard contractual clauses) where required.

9) Your rights

Depending on your location and applicable law, you may have rights to:

• Access, correct, or delete your personal data
• Object to or restrict processing
• Data portability
• Withdraw consent (where processing is based on consent)
• Lodge a complaint with a supervisory authority

To exercise rights, email support@jtkapps.com.

10) Cookies and analytics

We may use cookies or similar technologies for essential site functionality and (optionally) analytics. Where required, we will provide a cookie banner/controls to manage preferences.

11) Children

The Service is not intended for children under 16, and we do not knowingly collect data from children.

12) Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and may provide additional notice for material changes.

13) Contact

Questions or requests: support@jtkapps.com