HubTwo
Sign in
NL EN

Privacy

HubTwo Portal privacy policy

Last updated: 15 mei 2026

Who we are

HubTwo Portal is a service of HubTwo Solutions (Dutch Chamber of Commerce no. 97025070, based in the Netherlands). We process personal data of our customers and partners as described in this policy.

Questions or a request about your data? Email info@hubtwo.nl.

Sessions and trusted devices

To sign you in securely and avoid sending a new code every visit, we store information about your session and, at your option, the device you sign in with.

What we store

  • A hashed cookie token (we never store the cookie value itself)
  • A readable device label derived from your user-agent (e.g. 'Chrome 124 on macOS')
  • The IP address from which you last signed in
  • Timestamp of last activity and the session expiry date

Legal basis

Legitimate interest (art. 6(1)(f) GDPR). We need this data to secure your sign-in against account takeover and to detect suspicious activity. Without it you would have to fully authenticate every session, which would seriously harm the usability of the portal.

Retention period

Trusted devices expire automatically — 90 days for customers, 30 days for admin roles and 7 days for super-admin. Expired records are removed by a daily cleanup task. One-time sign-in codes expire after 10 minutes and are fully purged within 7 days.

Access and erasure

You can review and revoke your own trusted devices at any time via /account/devices . There you can see the label, last-seen IP and session expiry per device. With one click you can sign out all other devices.

Sign-in details and authentication

We store your email address as the key for signing in. Customers don't have passwords — you sign in with a one-time code by email (OTP). Failed sign-in attempts are kept for 90 days for fraud detection, then automatically erased.

Cookies

We only use functional cookies (session, trusted device, language preference). No tracking or advertising cookies. That is why we do not need to show a cookie banner.

Your rights

Under GDPR (art. 15-22) you have the right to access, correct, erase, restrict and port your data. Send a request to info@hubtwo.nl . We respond within 30 days. Not satisfied? You can file a complaint with the Dutch Data Protection Authority.

Bevestigen