Privacy policy.

Who we are

This privacy policy is for HubesHub Inc., the company behind Hubes Hub — the parts shop in Rochester, Michigan that sells used and refurbished OEM electronic parts. Our return address is 848 Aspen Ct., Rochester MI 48307.

When this policy says “we,” “us,” or “our,” it means HubesHub Inc. When it says “you,” it means you — whether you’re ordering a part, browsing the site, or just messaging us a question.

What we collect

Information you give us

• Name, email address, shipping and billing address, phone number — when you place an order or message us.
• Vehicle information — year, make, model, and trim — when you use the fitment checker on a product page or collection. This is just used to filter parts; it isn’t tied to your name unless you provide it separately (e.g. by ordering or messaging).
• Payment information — handled by Shopify Payments. We don’t see or store full card numbers; Shopify processes the transaction and gives us back the order details we need to ship it.
• Anything you send us in a support email — order numbers, photos, descriptions of what’s going on. If you send us a VIN to help troubleshoot fitment, that gets retained as part of standard customer-service correspondence.

Information collected automatically

• Standard browser and device information (browser type, operating system, IP address, referring page) collected through Shopify, Google Analytics, and Dynatrace. This helps us understand how the site is being used and catch problems when something breaks.
• Cookies — see §5 for details.

Account vs. guest checkout

You can check out as a guest (we collect what we need to take and ship the order, nothing more) or create an account (which saves your shipping addresses and order history for next time). Account creation is optional.

How we use information

We use the information above to:

• Take and fulfill your orders — process payment, ship the part, send order confirmation and tracking emails.
• Help you when something goes wrong — answer fitment questions, handle returns, troubleshoot parts that aren’t working as expected.
• Run and improve the storefront — analytics tells us what’s working and what isn’t; monitoring tells us when something’s broken.
• Prevent fraud — Shopify and our payment processor screen for suspicious activity. We act on what they flag.
• Comply with legal obligations — tax reporting, sales records, the boring-but-necessary stuff.

We don’t currently send marketing or promotional email. Order confirmations, shipping updates, and replies to your messages are transactional and aren’t optional in the same way marketing email is — if you’ve ordered something, we need to be able to email you about it.

If we add marketing email in the future, you’ll only receive it if you opt in, and you can unsubscribe at any time.

How we share information

We don’t sell your personal information for advertising. Not now, not as a planned change. If that ever changes, this policy gets updated and you get a chance to opt out before any sharing happens.

We do share information with service providers — companies we use to actually run the storefront. The list below covers the third-party processors currently configured for Hubes Hub.

Shopify apps with customer data access

Two installed Shopify apps process customer data on Hubes Hub’s behalf:

• M2E Multichannel Connect — Cross-platform listing and order sync between Shopify and eBay. Accesses customer name, email, and shipping address for orders that originate on or sync to eBay.
• Stoq — Back-in-stock notification system. Accesses customer email address only, for sending stock-alert notifications when a watched product is restocked.

Shopify-native features (checkout, payments, customer accounts, basic store functionality) are governed by Shopify’s terms and privacy policy and aren’t separately listed here.

Infrastructure processors

Hubes Hub uses the following infrastructure processors to operate the store:

• Microsoft Azure — Hosts Hubes Hub’s backend systems and intelligence platform. Order metadata flows through Azure-hosted services.
• Supabase — Database for operational metadata. Stores buyer email address, US state, and country code from each order (no name, phone number, or street address). Also stores product fitment data and order line-item information that contains no customer-identifiable fields.
• Dynatrace — Application performance monitoring for the operational pipeline. Receives pipeline operational metrics, error categories, and aggregate data quality scores. No customer-record-level data is transmitted to Dynatrace.
• Google (Analytics 4 and Merchant Center) — Web analytics and product catalog feed. Standard GA4 and Merchant Center conversion data without Enhanced Conversions for Web; customer email and phone number are not transmitted to Google for conversion matching.
• Microsoft (Bing and Copilot) — Product catalog feed for Microsoft search and Copilot AI search surfaces. Standard product metadata only; no customer-record-level data.
• Shipping carriers (USPS, FedEx, UPS, DHL Express) — Required for shipping label generation, package tracking, and delivery. Carrier APIs receive name, shipping address, and package metadata for each shipment. DHL Express handles international zones; USPS/FedEx/UPS handle domestic.

Payment processing

Payments on the Shopify storefront are processed by Shopify Payments, which supports Shop Pay, Apple Pay, and Google Pay. Card data is handled by Shopify Payments under their privacy terms. Eligible Apple Pay and Google Pay transactions involve tokenization through Apple Inc. and Google LLC respectively.

PayPal transactions are processed directly by PayPal, governed by their own privacy terms. We receive a transaction confirmation; PayPal handles the payment data.

We also share information when legally required (a subpoena, court order, fraud investigation), or in connection with a business transfer (if HubesHub Inc. is ever acquired, sold, or restructured, the new entity inherits the data under the same terms).

That’s the full list. We don’t share with advertisers, data brokers, or third parties for their own marketing.

This list reflects the third-party processors currently configured for Hubes Hub. We update this section when processors change. If you have questions about specific data flows, contact us at hubes@hubeshub.com.

Relationship with Shopify

The storefront is hosted by Shopify, which collects and processes personal information about your access to and use of the site in order to provide and improve the platform. Information you submit may be transmitted to Shopify and to third parties Shopify uses, which may be located in countries other than where you reside.

To help protect, grow, and improve our business, we use certain Shopify-enhanced features that may incorporate data from interactions across our store, other merchants on Shopify, and Shopify itself. In these circumstances, Shopify is responsible for the processing of your personal information for those features — including responding to requests to exercise your rights over that data.

To learn more about how Shopify uses your personal information and any rights you may have, see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.

Cookies and tracking

A cookie is a small file your browser stores so a website can remember things between page loads. We use them, like most sites, to keep your cart working, remember your preferences, and understand how the site is being used.

Cookies we use

• Shopify session cookies — keep your cart, your login (if you have an account), and basic site functionality working. Required for the storefront to operate.
• Google Analytics — helps us see which pages get traffic, where customers come from, and where the site has rough edges. Doesn’t identify you personally.
• Dynatrace — performance and error monitoring. Helps us catch broken pages and slow loads.

How to opt out

Most browsers let you block or delete cookies in settings. If you block essential cookies, parts of the storefront (cart, checkout) may stop working. Google Analytics also offers a browser opt-out add-on that disables analytics tracking across sites.

For visitors in jurisdictions that require consent banners (such as the EU and California), the storefront shows a cookie consent banner the first time you visit; your preferences are remembered after that.

Your choices and rights

You have the right to:

• Access — ask us what personal information we have about you.
• Correct — ask us to fix anything that’s wrong.
• Delete — ask us to delete your information, subject to records we’re legally required to keep (tax records, fulfilled-order records).
• Opt out of marketing — every message has an unsubscribe link if marketing email becomes a thing in the future.
• Withdraw consent — for anything we process based on your consent.
• Opt out of sale or sharing for targeted advertising — you can ask us not to use your information for ad-targeting purposes. We don’t sell your data for advertising today, but the opt-out is here as a permanent right. Visit Your Privacy Choices to set this preference.

To exercise any of these, message Hubes — hubes@hubeshub.com, or use the contact form. Tell us what you want and we’ll handle it. Most requests we can resolve within a few business days; for complex ones, we’ll let you know what timeline to expect.

Global Privacy Control signal

If you visit the storefront with the Global Privacy Control opt-out signal enabled in your browser, we automatically treat that as an opt-out request for the device and browser you’re using. We don’t recognize other “Do Not Track” signals beyond GPC.

Authorized agents

You can designate someone to make a privacy request on your behalf. Before we act on the request, we’ll need proof you authorized them and may need to verify your identity directly.

If you’re in the EU or UK (GDPR / UK GDPR rights)

You have the rights above plus:

• Data portability — ask us to send your information to another service in a structured format.
• Object to processing — ask us to stop processing your personal information for certain purposes.
• Restrict processing — ask us to limit how we process your personal information in certain circumstances.
• Lodge a complaint with your local data protection authority (your country’s DPA, or the UK’s Information Commissioner’s Office if you’re in the UK).

For data Shopify processes on its own behalf (under the Relationship with Shopify section above), exercise your rights through the Shopify Privacy Portal.

If you’re in California (CCPA rights)

You have the rights above plus the right to know what categories of personal information we’ve collected and shared in the past 12 months, and the right to opt out of any “sale” or “sharing” (as those terms are defined under California law) of personal information. We don’t sell personal information. We’ll also not discriminate against you for exercising any of these rights.

If you’re in the EU or California, nothing in this section limits the statutory rights you have under EU or California law — those rights govern, and we comply with them.

Data retention

We keep personal information as long as we need it for the purposes above and as long as we’re legally required to.

• Order records — kept for the period required by tax law and for handling returns, warranty issues, and customer-service follow-up. Generally several years, longer if there’s an open issue.
• Account information — kept while your account is active; deleted on request unless we need to retain something for legal reasons.
• Support correspondence — kept as long as is reasonable for ongoing customer service. Old threads get archived.
• Marketing email subscribers — if marketing email becomes a thing in the future, we’ll keep your subscription on file until you unsubscribe.

If you ask us to delete your data and there are records we’re legally required to keep, we’ll tell you which records and why.

Children’s privacy

Hubes Hub isn’t intended for, marketed to, or sold to anyone under 13. We don’t knowingly collect personal information from children under 13. If you believe a child has given us their information, message Hubes and we’ll delete it.

International data transfers

Hubes Hub operates from the United States. If you’re ordering from outside the US, including the EU, your information is processed and stored in the US.

EU and UK data protection law treats the US as a jurisdiction with different privacy protections than the EU/UK. If you’re outside the US — including the EU or UK — your information will be processed and stored under US law and the protections in this policy. If we transfer personal information out of the EEA or UK, we rely on the European Commission’s Standard Contractual Clauses (or equivalent UK SCCs issued by the relevant competent authority) unless the transfer is to a country that has been determined to provide an adequate level of protection.

Changes to this policy

We update this policy when our practices change or when the law requires it. The effective date and last-updated date at the top of this page reflect the most recent version.

For minor edits (clearer wording, fixed typos), we update the date and post the new version. For material changes (new categories of data, new sharing practices, new third parties), we’ll post the change at least 30 days before it takes effect, and — if you have an account or have given us your email — we’ll email you about it.

How to contact us

Questions about this policy, your data, or anything else privacy-related — message Hubes:

• Email: hubes@hubeshub.com
• Mail: HubesHub Inc., 848 Aspen Ct., Rochester MI 48307
• Or use the contact form.

Governing law

This policy is governed by the laws of the State of Michigan, Oakland County.