Privacy Policy

Last updated:

1. Who we are

Daedalus is operated by The Way How ("we", "us", "our"). We provide an AI-powered platform that configures HubSpot portals, facilitates CRM data migrations, and offers a companion Chrome extension that streamlines HubSpot Private App setup and Daedalus Navigator.

2. Information we collect

Account information

When you create an account we collect your name, email address, and a hashed password. We never store your password in plain text. If you are invited to a portal or organization, we also store your membership role (owner, admin, or member).

HubSpot connection data

When you connect a portal we store your HubSpot Private App token, encrypted at rest using industry-standard encryption. We use this token solely to read from and write to your HubSpot account on your behalf. We also store your HubSpot portal ID, which is retrieved automatically when verifying your token.

Portal context data

To generate AI-powered configuration plans, we analyze and store contextual information about your business and portal. This data is used to tailor recommendations to your specific needs.

Plans, jobs, and configuration data

We store AI-generated portal configuration plans (including pipelines, properties, automations, templates, sequences, and scoring models), job execution logs, and approval records. This includes any email templates, CMS/HubL templates, and workflow configurations created for your portal.

CRM migration data

If you use our CRM migration feature, we temporarily store source system schemas, field mappings, and record batches from your connected source CRM (such as Salesforce, Pipedrive, Zoho CRM, or other supported systems). Source system connections may be established via OAuth or API key, depending on the provider. Migration data is used solely for the purpose of transferring records to your HubSpot portal.

Chat and conversation data

When you use Daedalus Navigator (via the web app or Chrome extension side panel), we store your conversation history — including your questions and AI-generated responses — to provide context across sessions and improve the quality of assistance.

Organization and team data

If you create or join an organization, we store organization names, membership records, roles, and portal access grants. We also store portal invite tokens (email address and expiry date) used to onboard team members.

Billing and payment data

We track credit balances, credit transactions, subscription details, and setup payment records to operate the billing system. All payment card processing is handled by Stripe — we do not store your payment card number, CVC, or expiration date. We do store a Stripe customer identifier to link your Daedalus account with your payment profile.

Reporting and dashboard data

If you generate AI-powered reporting dashboards, we store dashboard configurations and data snapshots used to render your reports.

Automatically collected data

We collect standard server logs (IP address, browser type, pages visited) to maintain and secure the service. We do not use third-party tracking or advertising scripts.

3. Chrome extension

The Daedalus Chrome Extension operates entirely within your browser for its Private App setup functionality. Specifically:

  • The Private App automation does not send data to our servers or any third party.
  • No browsing history, cookies, or page content is read outside of app.hubspot.com.
  • Browser local storage is used only to persist automation progress across page navigations and is cleared when the process completes.
  • No analytics, telemetry, or remote code is included in the extension.
  • The extension's side panel feature (Daedalus Navigator) loads an embedded view of the Daedalus web app. Data entered through the side panel is subject to the same policies as the web application described in this document.

4. Cookies and local storage

We use essential cookies solely for authentication and session management. We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies. Your browser may also store minimal local data for UI preferences. You can configure your browser to reject cookies, but this may prevent you from signing in to the Service.

5. How we use your information

  • To provide, maintain, and improve the Daedalus platform and its features.
  • To authenticate your account and authorize access to your HubSpot portal.
  • To generate AI-powered configuration plans, migration mappings, reports, and chat responses tailored to your portal.
  • To execute approved jobs against your HubSpot portal via the HubSpot API.
  • To facilitate CRM data migrations from supported source systems.
  • To process billing, manage subscriptions, and maintain transaction history.
  • To send transactional emails (such as portal invites and account notifications).
  • To enforce our Terms of Service and protect against misuse.
  • To diagnose technical issues and maintain system reliability.

6. Data sharing and third-party services

We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:

  • HubSpot API — We send requests to HubSpot's API on your behalf using your Private App token to configure your portal, execute jobs, and retrieve portal data for troubleshooting.
  • AI providers (Anthropic, OpenAI) — Portal configuration plans, migration mappings, chat responses, and reports are generated using third-party AI models. We send portal structure and context data but never your API tokens, passwords, or payment information.
  • Stripe — Subscription billing, setup fees, and credit purchases are processed by Stripe. Stripe receives only the information necessary to process your payment. See Stripe's Privacy Policy.
  • Integration services — If you use CRM migration, we use secure third-party integration services to connect to your source CRM system via OAuth or API key. These services facilitate the data transfer but do not retain your CRM data.
  • Email delivery — We use a third-party email service to deliver transactional emails such as portal invitations. Only the recipient's email address and the message content are shared.
  • Legal requirements — We may disclose information if required by law, subpoena, or court order, or to protect our rights, property, and safety.

7. Data security

We take the security of your data seriously. Measures we employ include:

  • HubSpot Private App tokens are encrypted at rest and never exposed in logs or client-side code.
  • Passwords are hashed using industry-standard one-way hashing before storage.
  • All communication between your browser and our servers is encrypted via TLS.
  • Source CRM credentials (OAuth tokens, API keys) used for migrations are handled through secure managed authentication and are not stored in our database.
  • Administrative access is restricted to authorized personnel only.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it. Specific retention practices include:

  • CRM migration data (source schemas, field mappings, and record batches) is retained only for the duration of the migration process and a reasonable period thereafter for troubleshooting.
  • Job logs and anonymized usage data may be retained for analytics and system improvement purposes.
  • Chat conversation history is retained as long as your portal is active.
  • Billing records are retained as required by applicable tax and accounting laws.

9. International data transfers

Your data may be processed in countries other than your own, including the United States, where our AI providers (Anthropic, OpenAI) and payment processor (Stripe) operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction. We take steps to ensure that your data receives an adequate level of protection wherever it is processed.

10. Your rights

Depending on your jurisdiction, you may have certain rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request that we correct inaccurate or incomplete personal data.
  • Deletion — Request that we delete your personal data, subject to legal retention requirements.
  • Export — Request a portable copy of your data in a commonly used format.
  • Restriction — Request that we restrict the processing of your personal data under certain circumstances.
  • Objection — Object to the processing of your personal data for certain purposes.

To exercise any of these rights, contact us at the address below. We will respond to your request within 30 days.

11. California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at the address below.

12. Children's privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

If you have questions about this privacy policy, your data, or wish to exercise any of your rights, contact us at privacy@thewayhow.com.

Get Your Free Portal Audit