Privacy Policy
Effective Date: October 13, 2025
Nob Hill Labs ("we," "us," or "our") operates ChunkBack (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully.
1. Information We Collect
We collect several types of information from and about users of our Service:
Account Information
When you register for an account through Google OAuth, we collect:
• Your email address
• Your name
• Your Google account identifier
• OAuth tokens for authentication
Usage Information
We automatically collect information about your use of the Service:
• API usage data (number of requests, timestamps)
• API key creation and usage
• Organization information
• Request patterns and frequency
Cookies and Tracking Technologies
We use the following types of cookies and tracking:
• Session Cookies: Essential cookies to maintain your logged-in state and secure your account
• Analytics Cookies (PostHog): We use PostHog for product analytics to understand how users interact with our Service and improve user experience
2. How We Use Your Information
We use the information we collect to:
• Provide, maintain, and improve the Service
• Create and manage your account
• Process your API requests
• Monitor usage and enforce usage limits based on your subscription tier
• Communicate with you about the Service, including updates and support
• Analyze usage patterns to improve our Service
• Detect, prevent, and address technical issues or security vulnerabilities
• Comply with legal obligations
3. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
• Service Providers: We use PostHog for analytics. PostHog processes data in accordance with their privacy policy
• Authentication Services: We use Google OAuth for authentication, which is subject to Google's privacy policy
• Legal Requirements: We may disclose your information if required by law or in response to valid legal requests
• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred
4. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you the Service. We will retain your information until you request deletion of your account. Upon request, we will delete or anonymize your personal information, except where we are required to retain it by law.
To request deletion of your data, please contact us at [email protected].
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
• Encrypted connections (HTTPS)
• Secure session management with httpOnly cookies
• API key encryption and secure storage
• Regular security assessments
However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
6. Your Privacy Rights
Depending on your location, you may have certain rights regarding your data:
• Access: You can request a copy of the personal information we hold about you
• Correction: You can update or correct your account information at any time
• Deletion: You can request deletion of your personal information
• Data Portability: You can request a copy of your data in a machine-readable format
• Opt-Out: You can opt out of analytics tracking (note that this may limit Service functionality)
To exercise these rights, contact us at [email protected].
7. Children's Privacy
Our Service is intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately. If you believe we have collected information from a child under 13, please contact us at [email protected].
8. Third-Party Services
Our Service integrates with third-party services:
• Google OAuth: For authentication (Google Privacy Policy)
• PostHog: For analytics (PostHog Privacy Policy)
These services have their own privacy policies, and we encourage you to review them.
9. International Data Transfers
Your information may be transferred to and processed in the United States or other countries where we or our service providers operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.
10. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
• Right to know what personal information we collect and how it is used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your privacy rights
To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: