Privacy
in plain English.

Two streams of data, and that's the whole list.

What you give us: name, email, anything you write in the contact form or send by email. If a project starts, then the usual business records — invoices, project files, anything you share for the work.

What your browser sends automatically: IP address (truncated after 30 days), browser type, pages visited, the URL that referred you. Used for security and aggregate analytics — not linked back to a named person unless we're investigating an incident.

That's it. We don't fingerprint and we don't load advertising cookies. Third-party tracking pixels stay off our site by policy.

To answer your message — and, if it turns into work, to run the project.

To keep the site online and secure: rate-limiting, blocking abuse, debugging.

To meet legal obligations. German tax law requires us to keep invoice records for ten years, regardless of what you'd prefer.

To improve the site by looking at which pages get read and where visitors drop off. Aggregate only, not tied to identified people.

The team at Connective Hub. We don't subcontract data access to outside operators.

A short list of essential service providers — email host, cloud-storage provider, accountant. Each operates under a data-processing agreement and is based in the EU.

Law enforcement or courts, only when we receive a legally binding order.

Nobody else. We don't sell data, and we don't share it with advertising networks. Full stop.

Contact-form messages: 24 months. Then deleted, unless the conversation became a project.

Project records: duration of the engagement plus statutory retention (ten years for invoices, six for general business records under German law).

Server access logs: 30 days.

Analytics: aggregated and anonymised after 14 months.

Under GDPR — and equivalent laws in other jurisdictions — you can ask us to:

• Confirm what data we have on you.
• Correct it if it's wrong.
• Delete it. (With limits — we can't delete invoice records before the statutory retention ends.)
• Restrict how we process it.
• Export it in a portable format.
• Object to processing based on our legitimate interests.

You can withdraw consent at any time where we relied on it. You can also lodge a complaint with the supervisory authority — for us that's the LDI NRW (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen).

To exercise any of these, email privacy@connectivehub.com. We respond within 30 days, usually within a few business days.

Strictly necessary cookies only by default — the ones that remember your cookie-preferences choice and keep authenticated sessions alive. Analytics cookies stay off until you opt in via the banner.

Full list and per-cookie detail on the Cookie Policy page.

HTTPS everywhere. Access to your data is limited to staff who need it. Backups are encrypted and run daily. Hosted on managed infrastructure inside the EU.

No system is bulletproof. If we learn of a breach affecting your personal data, we'll notify you and the relevant supervisory authority within 72 hours, as GDPR requires.

Our infrastructure and team are in the EU. If we transfer data outside it (for example, you write to us from another country and we reply to you there), we rely on Standard Contractual Clauses approved by the European Commission.

Our services aren't directed at people under 16, and we don't knowingly collect data from them. If we learn we have, we'll delete it. Contact us if you believe a child's data has reached us.

If we change anything material, we'll update the "Updated" date at the top and post the new version here. Major changes get a banner on the homepage for two weeks before they take effect.

Cosmetic edits (typos, clearer wording) happen without notice.

Data-protection questions: privacy@connectivehub.com

For the registered company, address, and managing director — see the Imprint.