Go Back Up

Privacy Policy

Last Updated: March 28, 2025

Mensbo.com ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and store your personal information when you use our website and associated applications ("apps"). It applies to users in the European Union (EU) and is designed to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. Because we operate from and target users in the EU, we adhere to strict privacy standards under GDPR.

Information We Collect

We collect only the data that is necessary to provide and improve our services. This includes:

  • Information from Our Apps: When you use our apps (for example, connecting our HubSpot extension), we collect your HubSpot portal ID (a unique identifier for your HubSpot account), authentication tokens, and your email address. These are needed to link your HubSpot account with our backend service and to authenticate requests.

  • Cookies and Usage Data: Our website uses only essential cookies (provided by HubSpot) to ensure core functionality. These cookies may collect basic technical information such as your IP address, browser type, and page load times, which helps with security and maintaining your session. We do not use any analytics or advertising cookies. Apart from cookies, our servers may automatically log technical data (like your IP address and the time of access) for security, performance monitoring, and debugging purposes.

We do not collect any sensitive personal data (such as race, religion, health, etc.), nor do we collect any information beyond what is stated above. We also do not knowingly collect data from children under 16, as our services are intended for business and general adult audiences.

How We Use Your Information

We use the collected information strictly for the purposes for which it was provided. Specifically, we use your data to:

  • Provide and Operate Our Services: We use your portal ID, tokens, and email to establish and maintain the integration ("bridge") between HubSpot's UI extension cards and our backend systems. This allows our app and HubSpot to communicate and function together as intended, ensuring you can use the features of our service within HubSpot.

  • Maintain Functionality and Security: Technical data (like cookie information and server logs) is used to keep our website and apps secure and running smoothly. For example, we may use this data to troubleshoot issues, monitor for malicious activity or fraud, and protect against unauthorized access.

  • Communicate with You: If you contact us or if we need to send you important information about the service, we will use your email address to communicate. We will only send service-related communications (for example, critical updates, security alerts, or support responses). We will not use your email to send marketing newsletters or promotions unless you have explicitly opted in to such communications separately.

  • Comply with Legal Obligations: In certain cases, we may process or disclose your information if required to do so by law or valid legal process. For instance, we might need to retain or disclose data to comply with a court order, tax law, or to address legal claims. We may also process your data as necessary to establish, exercise, or defend our legal rights.

Legal Basis: We process your personal data on lawful bases as required by the GDPR. Primarily, the processing is necessary to perform the service you requested (GDPR Article 6(1)(b), "performance of a contract") — for example, using your data to provide the integration functionality. In other cases, we rely on our legitimate interests (GDPR Article 6(1)(f)), such as maintaining the security and stability of our platform. Where we ever rely on consent (GDPR Article 6(1)(a)) for any additional data collection or use, we will specifically ask for it — but as of now, we do not process your data based on consent, except for the implicit consent of using essential cookies (which are allowed without explicit opt-in under applicable law). We do not use your data for any purposes incompatible with those described above.

Data Sharing and Storage

We do not sell or rent your personal information to anyone. We only share or store your data with a limited set of trusted third-party providers, solely to operate and support our services. All such providers are located on servers within the EU, ensuring your data stays within the European Economic Area. These providers (and their roles) include:

  • Heroku: We host our applications on Heroku’s cloud platform (with EU data centers). Personal data (such as your portal ID, tokens, and email) may be processed and temporarily stored on Heroku servers as part of running our app and handling requests.

  • MongoDB Atlas: We use MongoDB Atlas (in the EU region) as our database to securely store the data collected (portal IDs, tokens, and email addresses). Your data in our database is protected and stored in encrypted form, and is accessible only by our application with proper authorization.

  • GitHub: Our code and deployment processes are managed through GitHub. We do not intentionally store your personal data in our code repository; however, GitHub (using EU-based services when possible) may incidentally process data during development and deployment (for example, through configuration files or automated backups that include non-sensitive information). We ensure any personal data exposure in this context is minimized and protected. GitHub is used for development purposes only, not for regular storage of user data.

  • HubSpot: Our integration connects with HubSpot’s platform. This means that some data is exchanged with HubSpot to enable the service (for instance, verifying your portal ID and exchanging data through the HubSpot UI extension). HubSpot will also process your data (such as any information passed via the integration) according to their own terms and privacy policy. We only send data to or retrieve data from HubSpot as necessary for the integration to function, and we do so using secure methods.

All these service providers act as our data processors (or in HubSpot’s case, a partner platform) under GDPR, and we have agreements in place with each of them to ensure your data is protected. They are obligated to handle your information securely and only for the purposes we specify. We do not allow these providers to use your data for their own marketing or other purposes. Aside from the above, we will not share your personal information with any other third parties unless we have your explicit consent or are legally required to do so (for example, responding to government authorities or law enforcement requests, in which case we'll only disclose what is necessary and inform you whenever possible).

Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. In practice, this means we keep your portal ID, tokens, and email for as long as you are using our service and the integration remains active. If you discontinue use of our app or revoke the integration with HubSpot, we will delete your associated personal data from our systems within a reasonable timeframe. Some data, such as server logs or backup archives, may be kept for a short period after you stop using the service. We retain such data only for legitimate purposes (e.g. to resolve disputes, enforce agreements, or comply with legal obligations) and we handle it securely. Once the retention period expires, or the data is no longer needed, we will either delete it or anonymize it so that it can no longer be linked to you.

Cookies

Cookies are small text files placed on your device when you visit websites. We use only essential cookies on Mensbo.com, and no others.

  • Essential HubSpot Cookies: Our website is integrated with HubSpot for certain functionalities (such as embedded forms or login sessions for the integration). HubSpot may set a small number of essential cookies on your browser to enable these features. For example, these cookies might remember your session or preferences to ensure that content and forms on the site work properly. These cookies are strictly necessary for the website to function, so under EU law they do not require your prior consent. We want to be transparent, however, that they exist and are being used.

  • No Analytics or Advertising Cookies: We do not use any cookies for analytics, advertising, or user-tracking beyond the basic functional cookies noted above. This means we are not collecting information about your browsing behavior for marketing or statistical analysis through cookies. You will not find third-party tracking cookies (like Google Analytics, Facebook pixels, etc.) on our site.

  • Cookie Management: Because we only use essential cookies, our site’s cookie presence is minimal. When you first visit, you may still see a notification or banner informing you about our use of cookies (to comply with transparency requirements), but there is no need to opt-in or opt-out for additional cookie categories, since we don't use them. If you wish, you can control or delete cookies through your browser settings at any time. Please note, however, that blocking or removing our essential cookies via your browser may impact the functionality of the website and the HubSpot integration (for example, you might not be able to stay logged in or a form might not remember your submission).

For more details about HubSpot’s cookies and what they do, you can refer to HubSpot’s own cookie policy on their website. We limit our use of cookies strictly to what is necessary to deliver our service to you securely and efficiently.

Your Rights

As an individual in the European Union, you have certain rights regarding your personal data under the GDPR. We are committed to upholding these rights. You have the right to:

  • Access Your Data: You can request a copy of the personal information we hold about you, and we will provide it to you in a clear, readily usable format. This is commonly known as a "data subject access request."

  • Rectification: If any of your information is incorrect or incomplete, you have the right to ask us to correct or update it. We encourage you to keep your information up-to-date and will make corrections promptly upon your request.

  • Erasure: You can request that we delete your personal data in certain circumstances. For example, if the data is no longer necessary for the purposes it was collected for, or if you withdraw consent (in cases where consent was the basis for collection), or if you believe we are processing your data unlawfully, you have the right to be forgotten. We will honor valid requests for erasure and remove your data, provided we do not have a compelling legal reason to keep it (such as an ongoing legal obligation).

  • Restrict Processing: You have the right to ask us to limit the processing of your data in certain situations. This could apply if you contest the accuracy of the data, if our processing is unlawful but you prefer restriction over deletion, or if you need us to retain data beyond our typical retention period for the establishment, exercise, or defense of legal claims. If processing is restricted, we will store your data but not use it further until the restriction is lifted.

  • Object to Processing: You may object to our processing of your personal data when we base it on legitimate interests. In such cases, we will stop processing your data upon your objection unless we can demonstrate compelling legitimate grounds for the processing that override your interests, or if we need to continue processing for legal reasons. For example, you have an absolute right to object to any direct marketing (though we currently do not use your data for marketing).

  • Data Portability: For data that you have provided to us and that we process by automated means based on your consent or on a contract with you, you have the right to request that we provide that data to you or directly to another service provider. We will supply your data in a structured, commonly used, machine-readable format (e.g. CSV or JSON) so that you can reuse it elsewhere.

  • Withdraw Consent: In the rare cases where we rely on your consent to process your data (for instance, if in the future we introduce a feature that requires your consent), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out prior to your withdrawal. If you withdraw consent for a service that requires it, we will no longer be able to provide that service to you.

  • Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with a Data Protection Authority (DPA) in the EU. You may contact the supervisory authority in the country where you live, where you work, or where the alleged infringement occurred. For example, if Mensbo.com is based in Denmark, the relevant authority would be the Danish Data Protection Authority (Datatilsynet). We would, however, appreciate the chance to address your concerns directly before you approach a DPA, so please feel free to contact us with any issue and we will do our best to resolve it promptly.

To exercise any of these rights, please contact us using the information in the Contact section below. We will respond to your requests as soon as possible and at latest within the timeframe required by law (generally within one month). Please note that we may need to verify your identity before fulfilling certain requests, to ensure that we protect your privacy and do not disclose your data to an unauthorized person.

Data Security

We take the security of your personal data very seriously. We have implemented a variety of technical and organizational measures to protect your information from unauthorized access, misuse, alteration, or destruction. These measures include:

  • Encryption: All communication between your browser (or the HubSpot app interface) and our services is encrypted using HTTPS (TLS encryption). This means any data you transmit to us (or we transmit to HubSpot) is protected in transit. Additionally, data stored in our database (e.g., on MongoDB Atlas) is encrypted at rest. This helps ensure that even if someone were to gain unauthorized access to the storage, the data would not be easily readable.

  • Access Controls: Access to personal data is restricted to authorized personnel who need it to operate or support our service. Our team members (or contractors) who handle your data are subject to strict confidentiality obligations. We employ authentication measures, such as strong passwords and keys, and follow the principle of least privilege (giving each person or system the minimum access necessary).

  • Secure Infrastructure: We use reputable cloud service providers who maintain high security standards. Heroku and MongoDB Atlas, for example, have robust physical and network security in their EU data centers, including firewalls, intrusion detection systems, and regular security audits. Our servers and databases are located in secure facilities protected by measures like access control, surveillance, and redundancy (to prevent data loss).

  • Monitoring and Maintenance: We continuously monitor our systems for vulnerabilities or suspicious activities. Software and dependencies are kept up-to-date with security patches to reduce risks. We also perform routine maintenance and security testing on our application. If we discover any potential security issue, we address it as a top priority.

  • Incident Response: We have a process in place to handle any data security incidents. In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law (under GDPR, we will do this without undue delay, and within 72 hours of becoming aware of a reportable breach). We will also take all necessary steps to mitigate the breach and prevent future occurrences.

While we strive to protect your information with these measures, it's important to note that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continually improve our safeguards to keep your data as safe as possible.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by means such as a prominent notice on our website or through the email address you have provided. The "Last Updated" date at the top will always indicate when the latest changes were made. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or about how we handle your personal data, please do not hesitate to contact us. We are here to help and will respond promptly.

Contact Email: martin@mensbo.com
Postal Address: Mensbo.com – Attn: Data Protection Officer (or Privacy Team), Holstebro, Denmark

(For mailing purposes, please address correspondence to our Data Protection contact at the address above. Using email for contact is recommended for a faster response.)

Thank you for reading our Privacy Policy. By using Mensbo.com and our associated apps, you acknowledge that you have read and understood this policy. We value your trust and are committed to safeguarding your privacy every step of the way. Feel free to reach out to us if you have any questions or need further clarification regarding your privacy rights.