1. Scope & Data Controller
This Privacy Policy applies to the LogHue web application, related websites, and any services we provide in connection with LogHue (collectively, the "Service").
For the purposes of the General Data Protection Regulation ("GDPR"), the data controller is:
Scybud
Email: scybudtech@gmail.com
If you access LogHue as part of an organization (e.g. your employer or team), that organization may also act as a separate data controller for the workspace data it manages. In such cases, their internal policies may apply in addition to this Privacy Policy.
2. Data We Collect
We collect different categories of data to operate the Service, maintain security, and improve functionality.
2.1 Account & Identification Data
- Name or display name
- Email address
- Authentication identifiers (e.g. user ID, hashed credentials, tokens)
This information is required to create and manage your account, authenticate you, and associate you with one or more workspaces.
2.2 Workspace & User-Generated Content
- Workspace metadata (workspace name, settings, roles, membership)
- Tasks, notes, logs, comments, attachments, and other content you or your team create
- Activity records related to workspace operations (e.g. who created or updated an item)
Workspace administrators control workspace content and determine how it is shared within their workspace.
2.3 Usage & Analytics Data
- Feature usage (e.g. which views are accessed, interaction patterns)
- Performance metrics and error logs
- Aggregated statistics about how the Service is used
Analytics may be collected only where enabled and, where required, based on your consent. We use this data to understand how the Service is used and to improve stability, performance, and user experience.
2.4 OCR Image Processing Data
- Images uploaded for text extraction (OCR)
- Temporary image data sent to the Google Cloud Vision API
- Extracted text results from images
Images submitted for OCR are transmitted to Google Cloud Vision, a third-party AI service, for processing. Images are automatically deleted from our systems within 24 hours of processing, unless retention is required for abuse or fraud investigation, in which case they may be kept for up to 30 days before deletion.
Please do not upload images containing sensitive documents (e.g. identity documents, medical records, financial statements, or other content revealing special categories of personal data under Art. 9 GDPR) unless it is strictly necessary for your use of the feature. If you believe you have uploaded such an image in error, contact us using the details in the Contact section and we will delete it on request.
2.5 Guest Usage & Device Data
- IP address (hashed or pseudonymised)
- Device and browser information
- Temporary session identifiers stored locally in your browser (localStorage)
This data is used to enforce rate limits, prevent abuse, and maintain service stability for users without accounts. Locally stored session identifiers are treated as strictly necessary storage as described in the Cookies & Local Storage section below.
3. Purposes of Processing
We process personal data for the following purposes:
3.1 Providing the Service
- Creating and managing user accounts and workspaces
- Authenticating users and managing sessions
- Storing and displaying workspace content (tasks, notes, logs, etc.)
- Enabling collaboration features between workspace members
3.2 Operating, Maintaining & Improving the Service
- Monitoring performance and availability
- Fixing bugs and improving reliability
- Developing new features and refining existing ones
- Understanding usage patterns (where analytics is enabled)
3.3 Security & Abuse Prevention
- Detecting and preventing unauthorized access or misuse
- Protecting accounts and workspaces from malicious activity
- Maintaining audit trails where necessary for security and compliance
3.4 Communication
- Sending essential service-related emails (e.g. account, security, or workspace notifications)
- Responding to support requests and inquiries
- Informing you about significant changes to the Service or this Privacy Policy
4. Legal Basis for Processing (GDPR)
Where the GDPR applies, we rely on the following legal bases for processing personal data:
- Performance of a contract (Art. 6(1)(b) GDPR): when processing is necessary to provide the Service you have requested, including account creation, workspace access, and core functionality.
- Legitimate interests (Art. 6(1)(f) GDPR): for security, service improvement, fraud prevention, and internal analytics that do not override your fundamental rights and freedoms.
- Consent (Art. 6(1)(a) GDPR): where required for optional features such as certain analytics or cookies that are not strictly necessary. You can withdraw your consent at any time.
- Legal obligations (Art. 6(1)(c) GDPR): where we are required to retain or disclose data to comply with applicable laws.
5. Recipients & Third-Party Services
We do not sell your personal data. We may share data with the following categories of recipients, strictly for the purposes described above:
- Infrastructure & hosting providers: to store and process data securely (e.g. databases, storage).
- Authentication & identity services: to manage login, sessions, and account security.
- Analytics providers: to understand usage and improve the Service, where enabled.
- Professional advisors: such as legal or accounting professionals, where necessary.
- Authorities: where required by law or to protect our rights, users, or the public.
Currently, LogHue uses Supabase for authentication, database, and storage. We also use the following third-party service providers:
- Google Cloud Vision API (Google Ireland Limited / Google LLC) — for OCR text extraction from uploaded images, as described in Section 2.4.
- Stripe — for payment processing, where applicable. Stripe processes payment information independently; we do not store full payment card details.
Additional service providers may be integrated over time. Where relevant, they are bound by data-processing agreements and appropriate safeguards, consistent with this Privacy Policy.
6. International Data Transfers
Depending on the location of our infrastructure and service providers, your data may be processed in countries outside your country of residence, including outside the European Economic Area (EEA). In particular, data sent to the Google Cloud Vision API for OCR processing may be processed on Google infrastructure located outside the EEA, including in the United States.
Where data is transferred outside the EEA, we take appropriate measures to ensure an adequate level of protection, such as:
- Using providers in jurisdictions with an adequacy decision, or
- Implementing Standard Contractual Clauses (SCCs) or equivalent safeguards, as provided by our processors (including Google and Stripe) under their respective data-processing terms.
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:
- Providing and maintaining the Service
- Complying with legal obligations
- Resolving disputes and enforcing agreements
- Guest usage data: retained 7–30 days, then deleted or anonymised
- OCR images: deleted within 24 hours of processing, or up to 30 days if retained for abuse or fraud investigation (see Section 2.4)
- Rate-limiting logs: short-term retention only
Workspace content is generally retained for as long as the workspace exists or until it is deleted by authorized users or administrators. After account or workspace deletion, backups may be retained for up to 30 days before being permanently deleted or anonymized.
8. Security
We implement technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
These measures may include:
- Encrypted connections (HTTPS/TLS)
- Access controls and authentication mechanisms
- Role-based permissions within workspaces
- Monitoring and logging of security-relevant events
No system can be guaranteed to be 100% secure, but we continuously work to maintain and improve the security of the Service.
9. Your Rights
Under the GDPR and other applicable laws, you may have the following rights regarding your personal data:
- Right of access: to obtain confirmation whether we process your data and receive a copy.
- Right to rectification: to correct inaccurate or incomplete data.
- Right to erasure: to request deletion of your data, subject to legal obligations.
- Right to restriction: to request limited processing in certain circumstances.
- Right to data portability: to receive your data in a structured, commonly used format.
- Right to object: to processing based on legitimate interests, in certain cases.
- Right to withdraw consent: where processing is based on consent.
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
To exercise your rights, contact us using the details in the Contact section. We may need to verify your identity before responding to your request.
10. Cookies & Local Storage
LogHue uses cookies, browser localStorage, and similar storage technologies to provide and improve the Service. Under the German Telecommunications-Telemedia Data Protection Act (TTDSG), the same consent rules that apply to cookies also apply to accessing or writing information in your browser's local storage. These technologies include:
- Strictly necessary cookies and local storage: required for login, session management, guest rate-limiting, and core functionality (including the localStorage session identifiers described in Section 2.5). These do not require consent under applicable law, as they are essential to operating the Service.
- Preference cookies: to remember your settings and interface choices.
- Analytics cookies: to understand usage and improve the Service (only where enabled and, where required, based on your consent).
Where required, we request your consent via a cookie banner before setting non-essential cookies or writing non-essential data to local storage. You can manage your preferences via our consent interface or through your browser settings. Disabling certain cookies or clearing local storage may affect the functionality of the Service, including features that rely on guest sessions.
11. Children's Privacy
The Service is not intended for children under the age required by applicable law in their country (generally 16 in the EU), and we do not knowingly collect personal data from children under this age. If you believe that a child has provided us with personal data, please contact us so we can take appropriate action.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Service, legal requirements, or other operational needs. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you within the Service.
We encourage you to review this Privacy Policy periodically to stay informed about how we process personal data.
13. Contact
If you have questions about this Privacy Policy, our data-processing practices, or wish to exercise your rights, you can contact us at:
Scybud (LogHue)
Email: scybudtech@gmail.com
Contact form: LogHue Support
You may also find additional legal information, such as our Terms of Service, via the legal links in the site footer.