This Privacy Policy explains how Getpayin (“we”, “us”, “our”) collects, uses, and protects information when you use Hub Travel (the “App”), our travel commerce platform available at hub-travel.net and related subdomains. Hub Travel is operated by Getpayin.
By using the App you agree to the practices described below. If you do not agree, please do not use the App.
1. Who we are
2. Information we collect
Information you provide
- Phone number — when you request a one-time password (OTP) via WhatsApp to participate in our public Feature Requests roadmap.
- Name (optional) — when you submit or vote on a feature request. Shown next to your contributions on the public roadmap.
- Feature request content — the titles, descriptions, and votes you submit.
- Account credentials (operators only) — email address and password (passwords are stored only as a one-way hash).
Information collected automatically
- Verification cookie — an encrypted session cookie (
whatsapp_verified) used to remember that you verified your phone, with a 12-hour lifetime. - Standard server logs — IP address, browser user-agent, and timestamps, kept for security, abuse prevention, and basic operational diagnostics.
3. WhatsApp Business API data handling
Hub Travel uses the WhatsApp Business Cloud API, provided by Meta Platforms, Inc., to deliver one-time passwords (OTPs) so guests can verify themselves on our public Feature Requests page.
What is sent to Meta:
- Your phone number, in international (E.164) format.
- A 6-digit one-time password embedded in a pre-approved WhatsApp Business template (template name:
hub_travel).
What we store on our servers:
- The OTP code is held in encrypted in-memory storage for 5 minutes and is destroyed immediately upon successful verification or expiry — whichever comes first.
- Your phone number, and your optional name, are stored in our database so we can recognize you across visits and attribute your feature requests and votes.
- An encrypted, http-only verification cookie is set in your browser for 12 hours so you don’t have to re-verify on every action.
Meta’s role:
Meta processes WhatsApp messages under its own terms. See WhatsApp’s Privacy Policy for details. We do not receive your WhatsApp profile picture, status, contacts, message history, or any other WhatsApp account data — only delivery and read receipts for the OTP we sent you.
No marketing via WhatsApp:
We use WhatsApp exclusively for transactional OTP delivery. We do not send promotional, marketing, or unsolicited messages through WhatsApp, and we do not share your phone number with third parties for marketing purposes.
4. How we use your information
- To verify your identity so you can post and vote on Feature Requests.
- To operate, maintain, and improve the Hub Travel platform.
- To respond to your inquiries and provide customer support.
- To detect, prevent, and address fraud, abuse, and security incidents.
- To comply with applicable legal obligations.
5. Legal basis for processing
- Consent — when you request an OTP through WhatsApp.
- Legitimate interest — for security, fraud prevention, and to keep the public roadmap free of abuse.
- Contractual necessity — for operators using Hub Travel under our terms of service.
6. How we share information
We do not sell your personal data. We share limited data only with:
- Meta Platforms, Inc. — phone number and OTP, solely to deliver your WhatsApp verification message.
- Hosting and infrastructure providers — that store and process data on our behalf under appropriate contractual safeguards.
- Authorities — when required to comply with law, legal process, or to protect the rights, property, or safety of Getpayin, our users, or others.
7. Data retention
- OTP codes: deleted after 5 minutes or upon successful verification — whichever comes first.
- Verification cookie: 12 hours.
- Phone number and optional name: retained for as long as you remain an active participant in the public roadmap, or until you ask us to delete them.
- Server logs: retained on a rolling basis (approximately 30 days) for security and operational purposes.
- Operator account data: retained for the duration of the operator’s subscription and for a reasonable period thereafter to comply with legal and accounting obligations.
8. Your rights
Subject to your local laws (including GDPR if you are in the EU/EEA, and the UK GDPR if you are in the UK), you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data.
- Object to or restrict certain processing.
- Withdraw consent at any time (this will not affect processing performed before withdrawal).
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email [email protected] from the email address linked to your account, or include the phone number you used to verify on WhatsApp.
9. Children’s privacy
Hub Travel is not directed to children under 13 (or 16, where local law sets a higher minimum). We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us at [email protected] and we will take prompt steps to delete it.
10. International data transfers
Meta and our infrastructure providers may process data in jurisdictions outside your country of residence. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) to protect personal data transferred internationally.
11. Security
We use industry-standard measures to protect your data, including HTTPS for all traffic, encrypted storage of OTPs and verification cookies, hashed passwords, scoped access controls, and continuous monitoring. No system is perfectly secure, but we work to maintain reasonable safeguards proportionate to the sensitivity of the data we handle.
12. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we’ll update the “Last updated” date at the top of this page. For material changes, we’ll provide more prominent notice (for example, a notice on the homepage or, where appropriate, an email).
13. Contact us
Questions, requests, or concerns about this Privacy Policy or our data practices? Email us at [email protected].