Privacy Policy
Last updated: May 26, 2026
This policy describes how Hub ("we", operated by SynthaSkill LLC) collects, uses, and protects information when you use the Service.
1. What we collect
- Account info: name, email, hashed password, profile photo if provided.
- Employee records: job title, employment dates, department, contact details, and any HR data entered by company administrators.
- FAA airmen certificate data: certificate number, ratings, medical class, expiry dates, and currency status as entered by authorized administrators or retrieved from the public FAA Airmen registry for display purposes.
- Training records: course completions, instructor sign-offs, recurrency dates.
- Usage telemetry: page loads, errors (via Sentry), feature usage. No third-party advertising trackers.
- Payment info: handled by Stripe; we receive a Stripe customer/subscription ID, never your card number.
2. Why we collect it
- To provide the Service you signed up for.
- To support Part 145 compliance and workforce certificate tracking for aviation employers.
- To bill you for paid plans.
- To diagnose errors and improve the Service.
- To respond to your support requests.
3. Employee data responsibility
Company administrators who enter employee data into Hub act as data controllers for that employee data under applicable privacy law. SynthaSkill LLC acts as a data processor on their behalf. Employers are responsible for obtaining any required consent from employees before entering their personal or certificate data into the Service.
4. Where data lives
Production data is hosted in the European Union (Hetzner FSN1-DC11, Helsinki, Finland) on encrypted disks. Backups are encrypted with age (X25519) and replicated to a Hetzner Storage Box in the same region. We never sell or rent your data.
5. Sharing
We share data only with:
- Stripe (payment processing — PCI-compliant)
- Sentry (error tracking — error metadata only)
- Better Auth (session management — open source, self-hosted)
- Resend (transactional email — opt-in only)
- Law enforcement when compelled by valid legal process.
We never sell data to advertisers or data brokers.
6. Your rights (GDPR / CCPA)
- Access: Export your data from Settings → Export.
- Correction: Edit any record directly in the app.
- Deletion: Settings → Delete account triggers a 30-day grace period, then hard purge. Some records may be retained where required by law.
- Portability: PDF + JSON exports.
- Object / Restrict: Email [email protected].
7. Cookies
We use only essential cookies for authentication (Better Auth session) and an opt-in analytics cookie if you accept it on the banner. See our Cookie Policy for the full list.
8. Children
Hub is not directed at users under 18. We do not knowingly collect data from minors.
9. Security
Passwords are hashed via Better Auth's default algorithm (scrypt at time of writing). Sessions use HttpOnly + Secure + SameSite=Lax cookies. We enable TLS 1.3 on all endpoints with HSTS.
10. Changes
Material changes will be announced via in-app notification and email at least 30 days before they take effect.
11. Contact
Data Protection Officer: [email protected].