Privacy Policy
Last Updated: March 13, 2026
1. Introduction
AI Hub ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit our website (hubtoai.com) and use our products and services (collectively, the "Services"), including Prompt Builder.
This Privacy Policy is designed to comply with:
- The Kingdom of Saudi Arabia Personal Data Protection Law (PDPL)
- The UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (for UAE-based clients)
- The EU/UK General Data Protection Regulation (GDPR) (as Paddle, our payment processor, is UK-based)
- Other applicable data protection laws in the GCC region, including those of Qatar, Oman, and Kuwait
By using our Services, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.
2. Data Controller
For the purposes of applicable data protection laws, AI Hub is the data controller for the personal data we collect directly from you through our website and Services.
- Contact: info@hubtoai.com
- Location: Al Khobar, Saudi Arabia
For data collected during the checkout and payment process, Paddle.com (our Merchant of Record) acts as an independent data controller. Please refer to Paddle's Privacy Policy at https://www.paddle.com/legal/privacy for details on how they process your data.
3. Information We Collect
3.1 Information You Provide Directly
- Account information: Name, email address
- Contact form submissions: Name, email, company name, message content
- Demo requests: Name, email, product/service of interest, message
- Support inquiries: Any information you include in correspondence with us
3.2 Information Received from Paddle
When you make a purchase through Paddle, we receive the following information:
- Email address
- Country of purchase
- Product purchased, price, and transaction ID
- Subscription status
Important: We do NOT receive or store your payment card details, bank account information, or other financial data. All payment information is collected and processed exclusively by Paddle.
3.3 Information Collected Automatically
- Usage data: Pages visited, features used, time spent on pages
- Device information: Browser type, operating system, screen resolution
- Log data: IP address, access times, referring URLs
- Cookies: See Section 11 for our Cookie Policy
4. Legal Basis for Processing
We process your personal data based on the following legal grounds, as applicable under Saudi PDPL, GDPR, and UAE data protection law:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain our Services | Performance of contract |
| Process and manage your subscription | Performance of contract |
| Send transactional emails (confirmations, updates) | Performance of contract |
| Respond to your inquiries and support requests | Performance of contract |
| Improve and develop our Services | Legitimate interest |
| Analyze website usage and trends | Legitimate interest |
| Detect and prevent fraud or abuse | Legitimate interest |
| Send marketing communications (only with your opt-in consent) | Consent |
| Comply with legal obligations (tax, regulatory) | Legal obligation |
We do NOT use your personal data or content to train AI or machine learning models.
5. How We Share Your Information
We do not sell your personal data. We may share your information with the following categories of recipients:
- Paddle (Merchant of Record) — for payment processing, invoicing, tax compliance, and fraud prevention. See Paddle's Privacy Policy: https://www.paddle.com/legal/privacy
- Hosting providers — to host and serve our website
- Analytics services — to understand how our Services are used (e.g., Google Analytics)
- Email service providers — to send transactional and support communications
- Legal authorities — when required by law, regulation, or legal process in Saudi Arabia, the UAE, or other applicable jurisdictions
All third-party service providers are bound by contractual obligations to protect your data and process it only for the purposes we specify.
6. Data Storage and Security
Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:
- Encrypted data transmission (SSL/TLS)
- Secure server infrastructure
- Access controls and authentication
- Regular security assessments
While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
In the event of a personal data breach, we will notify the relevant authorities in accordance with applicable law, including within 72 hours where required by Saudi PDPL or GDPR.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of your account + 30 days after deletion |
| Transaction records | 7 years (for tax and accounting compliance) |
| Contact form submissions | 12 months |
| Analytics data | 26 months |
| Cookies | See Section 11 |
When data is no longer needed, we securely delete or anonymize it.
8. International Data Transfers
As we serve customers across the GCC region and internationally, your data may be transferred to and processed in countries outside your country of residence.
For Saudi Arabia residents: In accordance with the Saudi PDPL, we ensure that any transfer of personal data outside the Kingdom of Saudi Arabia is carried out with appropriate safeguards, including an assessment of the risks involved and ensuring the receiving country provides an adequate level of data protection, or that Standard Contractual Clauses or your explicit consent are in place.
For UAE residents: In accordance with UAE Federal Decree-Law No. 45 of 2021, we conduct documented assessments for cross-border data transfers and implement appropriate safeguards for our UAE-based clients.
For EU/UK residents: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other lawful transfer mechanisms.
Paddle, as our payment processor, maintains its own data transfer safeguards. Please refer to Paddle's Privacy Policy for details.
9. Your Data Protection Rights
Depending on your location, you may have the following rights under applicable data protection laws (including Saudi PDPL, GDPR, and UAE data protection law):
- Right of Access — Request a copy of the personal data we hold about you
- Right to Rectification — Request correction of inaccurate or incomplete data
- Right to Erasure — Request deletion of your personal data
- Right to Restrict Processing — Request that we limit how we use your data
- Right to Data Portability — Receive your data in a structured, machine-readable format
- Right to Object — Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
How to exercise your rights:
- Email us at support@hubtoai.com
- We will respond to your request within 30 days, as required by both GDPR and Saudi PDPL
Supervisory authorities:
- EU/UK residents: You have the right to lodge a complaint with your local data protection supervisory authority (e.g., the UK ICO)
- Saudi Arabia residents: You may file a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA)
- UAE residents: You may contact the UAE Data Office
10. Children's Privacy
Our Services are not directed to individuals under the age of 18 in the GCC region or under 16 in the EU/UK. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at support@hubtoai.com.
11. Cookies
Our website uses cookies and similar technologies to enhance your experience.
Types of cookies we use:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Website functionality, session management | Session |
| Analytics cookies | Usage statistics and performance monitoring | Up to 26 months |
You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our Services after the changes take effect constitutes your acceptance of the revised Privacy Policy.
13. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
- Privacy & data protection inquiries: support@hubtoai.com
- General inquiries: info@hubtoai.com
- Website: hubtoai.com/contact.php
- Location: Al Khobar, Saudi Arabia