Skip to content

King Henry Privacy Policy

Last Updated: 9 March 2026
Version: 1.0

1. Introduction

King Henry ("we," "our," or "us") is a HubSpot-focused consultancy that provides implementation services, technical support, custom integrations, and marketplace applications. We are committed to protecting your privacy and handling your data with transparency and care.

This Privacy Policy describes how we collect, use, store, and protect information when you:

  • Use our professional services (consultancy, implementation, support, integrations)
  • Install or use our HubSpot Marketplace applications
  • Visit our website at kinghenry.au
  • Communicate with us through any channel

This policy applies to all King Henry services, products, and applications. By using our services or apps, you agree to the collection and use of information in accordance with this policy.

Operating Entity:
King Henry Group Pty Ltd
Camberwell, 3124 VIC, Australia
Email: support@kinghenry.au
ABN: 78682830511

2. Information We Collect

2.1 Information You Provide Directly

When You Engage Our Services:

  • Contact information (name, email address, phone number, company name, job title)
  • Business information (company size, industry, location)
  • Project requirements and objectives
  • Account credentials necessary for service delivery (with your explicit consent)
  • Payment and billing information
  • Communications through email, phone, support tickets, or meetings

When You Install Our HubSpot Apps:

  • HubSpot account information
  • Contact details for app administration
  • Configuration preferences and settings
  • Support requests and feedback

When You Visit Our Website:

  • Contact form submissions
  • Newsletter subscriptions
  • Resource download requests
  • Job applications

2.2 Information Collected Through HubSpot Marketplace Apps

When you install or use one of our HubSpot Marketplace applications, we may collect, receive, transmit, or otherwise process data from your HubSpot portal and from users of the app, but only to the extent necessary to provide the relevant app functionality.

Depending on the app, this may include:

  • Account and installation information such as HubSpot portal ID, user ID, app installation status, and OAuth authorisation details
  • App configuration data provided by the user
  • Workflow or automation payloads sent by HubSpot to the app
  • HubSpot record data, property values, or other content included in requests initiated through the app
  • Request and response data exchanged between HubSpot, our systems, and third-party services configured by the user
  • Technical and diagnostic data such as logs, timestamps, error messages, and performance information
  • Authentication data necessary to operate the app, such as OAuth tokens and, where applicable, credentials or authorisation details transmitted as part of an app’s configured functionality

The categories of data processed will vary depending on the specific app, the features enabled, the permissions granted, and the way the customer configures and uses the app.

2.3 Information Collected Automatically

Website Analytics:

  • IP addresses
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring URLs
  • Geographic location (country/region level)

App Usage Data:

  • Feature usage statistics
  • Performance metrics
  • Error logs and diagnostic information
  • Session duration and frequency
  • API call patterns

Technical Information:

  • Log files containing system activity
  • Error reports and crash data
  • Integration performance metrics

3. How We Use Your Information

3.1 Service Delivery

Professional Services:

  • Providing consultancy, implementation, and technical support
  • Configuring and customising HubSpot for your needs
  • Building custom integrations and workflows
  • Training your team on HubSpot and our solutions
  • Troubleshooting technical issues
  • Project management and coordination

Marketplace Apps:

  • Operating and maintaining app functionality
  • Processing data according to the specific functionality of the app
  • Receiving requests, events, or execution payloads from HubSpot when app features are triggered within the platform
  • Processing configuration inputs defined by the user within the app or within HubSpot features such as workflows
  • Transmitting data between HubSpot, our application infrastructure, and third-party services selected or configured by the user
  • Returning responses or output data to HubSpot so that workflows, automations, or integrations can continue execution
  • Supporting authentication, authorisation, logging, debugging, monitoring, updates, maintenance, and improvements required to run the app

3.2 Business Operations

  • Processing payments and managing billing
  • Communicating about services, projects, and support
  • Managing contracts and agreements
  • Maintaining customer records
  • Responding to inquiries and support requests
  • Conducting internal research and development

3.3 Service Improvement

  • Analysing usage patterns to improve features
  • Identifying and fixing bugs
  • Optimising performance and reliability
  • Conducting user experience research
  • Developing new features and products
  • Testing and quality assurance

3.4 Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Enforcing our Terms of Service
  • Protecting our rights and property
  • Preventing fraud and abuse
  • Conducting security investigations

3.5 Marketing Communications (With Your Consent)

  • Sending service updates and announcements
  • Sharing educational content and resources
  • Providing product recommendations
  • Inviting participation in case studies or testimonials
  • Newsletter distribution

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers and Partners

We work with trusted third-party service providers who assist us in delivering our services. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information.

HubSpot: As our apps operate within the HubSpot ecosystem, your data flows through HubSpot's infrastructure. HubSpot's own privacy policy governs their handling of your data.

Automation and Integration Platforms:

  • n8n workflow automation (for building and executing integrations)
  • Third-party APIs or services you authorise us or our apps to connect to

Infrastructure Providers:

  • Cloud hosting services (AWS, Google Cloud, Azure, Hostinger, DigitalOcean, or similar providers)
  • Database and storage providers
  • Content delivery networks

Payment Processors:

  • Stripe, PayPal, or other payment gateways for processing transactions

Analytics and Monitoring:

  • Website analytics tools (Google Analytics)
  • App performance monitoring services
  • Error tracking and logging services

Communication Tools:

  • Email service providers
  • Customer support platforms
  • Video conferencing services

Some King Henry apps allow customers to configure requests to external APIs or third-party services that are not operated or controlled by King Henry. Any data transmitted to those services is sent according to the configuration defined by the customer. Those third-party services are responsible for their own handling and processing of the data under their own terms and privacy policies.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders or legal process
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Protection of the rights, property, or safety of others
  • Investigation of fraud, security issues, or illegal activity

4.3 Business Transfers

If King Henry is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your information.

4.4 With Your Consent

We may share your information in other situations with your explicit consent, such as:

  • Featuring your company in case studies or testimonials
  • Connecting to third-party services you specifically authorise
  • Participating in joint marketing initiatives

5. Data Storage and Security

5.1 Where We Store Data

Geographic Location: Our primary infrastructure is located in Australia and/or utilising cloud providers with data centres in Australia and the Asia-Pacific region. Some services may utilise infrastructure in the United States or Europe.

Data Residency: For clients specifically requiring Australian data residency, we can accommodate this through our service agreements. Please contact us to discuss your data residency requirements.

5.2 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

  • Encryption in transit using TLS/SSL (HTTPS)
  • Encryption at rest for sensitive data that we store
  • Secure API authentication using OAuth 2.0 or other appropriate authentication methods
  • Regular security patches and updates
  • Intrusion detection and prevention systems
  • Vulnerability scanning and penetration testing

Access Controls:

  • Multi-factor authentication for our team
  • Role-based access control (principle of least privilege)
  • Regular access reviews and audits
  • Secure password policies
  • Session management and timeouts

Organisational Safeguards:

  • Employee background checks, where appropriate
  • Confidentiality agreements with all staff and contractors, where appropriate
  • Security awareness training
  • Incident response procedures
  • Regular security audits and assessments

Application Security:

  • Secure development practices
  • Code reviews and security testing
  • Dependency vulnerability scanning
  • No hardcoded credentials or secrets
  • Secure credential transmission and temporary processing where required for app functionality
  • Secure storage of OAuth tokens and other persistent authentication data where required to operate an app

Credential Handling: Some apps may process credentials, API keys, bearer tokens, usernames, passwords, or other authentication data supplied by the user as part of a configured integration or request. Where applicable, these credentials are transmitted securely and processed only to the extent necessary to provide the app’s functionality. Unless otherwise stated for a specific service or agreed in writing, we do not persistently store credentials that are only required for transient request execution.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach that may affect your information in accordance with applicable laws.

5.3 Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Active Services:

  • Professional services client data: Duration of engagement plus 7 years for business records
  • Active app subscription data: Duration of subscription plus 90 days
  • Support ticket data: 3 years from ticket closure
  • Communication records: 7 years for business correspondence

After Service Termination:

  • We retain billing records for 7 years to comply with tax obligations
  • We may retain anonymised or aggregated data indefinitely for analytics
  • We may delete or anonymise personal data within 90 days of termination unless retention is required by law or legitimate business interests

Backups:

  • Backup data is retained for up to 90 days and then may be permanently deleted
  • Backup systems follow the same security standards as production systems

App Processing Data: Some applications may process workflow execution payloads, request bodies, response data, or other transaction data transiently during request execution. In those cases, that data may not be stored after the request completes, except for minimal operational logging required for monitoring, security, troubleshooting, and debugging.

Your Right to Deletion: You can request deletion of your data at any time (see Section 6 for details), subject to any legal or contractual obligations we have to retain certain information.

6. Your Rights and Choices

6.1 Under Australian Privacy Principles (APPs)

If you are in Australia, you have the following rights under the Privacy Act 1988:

Right to Access: You can request access to the personal information we hold about you. We will provide this within 30 days, subject to identity verification.

Right to Correction: You can request that we correct inaccurate, incomplete, or out-of-date information. We will respond within 30 days.

Right to Complain: If you believe we have breached the Australian Privacy Principles, you can lodge a complaint with us. If you're not satisfied with our response, you can complain to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

6.2 Under GDPR (For EU Users)

If you are in the European Union, you have the following rights under the General Data Protection Regulation:

Right to Access: You can request a copy of your personal data in a structured, commonly used format.

Right to Rectification: You can request correction of inaccurate personal data.

Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances, such as when it's no longer necessary for the purposes for which it was collected.

Right to Restrict Processing: You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability: You can request to receive your personal data in a portable format and have it transmitted to another controller.

Right to Object: You can object to our processing of your personal data for direct marketing or legitimate interests.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affects you. We do not currently use automated decision-making processes.

Right to Withdraw Consent: Where we rely on your consent to process data, you can withdraw that consent at any time.

We will respond to GDPR requests within one month. You also have the right to lodge a complaint with your local data protection authority.

6.3 Under CCPA (For California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to Know: You can request information about the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties we share it with.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale: We do not sell personal information. If our practices change, we will update this policy and provide an opt-out mechanism.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We will respond to CCPA requests within 45 days.

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: support@kinghenry.au
  • Subject line: "Privacy Rights Request"

Please include in your request:

  • Your full name and contact information
  • The specific right you wish to exercise
  • Sufficient detail to allow us to locate your information
  • Proof of identity (we may request additional verification)

We will respond to verified requests within the timeframes specified by applicable law. Some requests may take longer if they are complex or if we receive multiple requests.

6.5 Cookie Preferences

You can manage cookie preferences through your browser settings. Note that disabling cookies may affect the functionality of our website.

6.6 Marketing Opt-Out

You can unsubscribe from marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Emailing us at support@kinghenry.au
  • Updating your preferences in your account settings (if applicable)

This will not affect transactional emails related to services you're actively using.

7. Cookies and Tracking Technologies

7.1 What We Use

Essential Cookies: Required for website functionality, authentication, and security. These cannot be disabled without affecting site operation.

Analytics Cookies: Help us understand how visitors use our website through Google Analytics. This includes:

  • Pages visited and navigation patterns
  • Time spent on pages
  • Traffic sources
  • Device and browser information
  • Geographic location (country/region)

Performance Cookies: Allow us to monitor website performance, identify errors, and improve user experience.

Preference Cookies: Remember your settings and preferences for future visits.

7.2 Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages:

  • Google Analytics (analytics)
  • HubSpot tracking (if you're a HubSpot user)
  • Video embedding services (YouTube, Vimeo, Neeto Record)

These third parties have their own privacy policies governing their use of cookies.

7.3 Managing Cookies

Browser Controls: Most browsers allow you to:

  • View and delete cookies
  • Block cookies from specific sites
  • Block all third-party cookies
  • Clear cookies when closing the browser

Do Not Track:Some browsers have a "Do Not Track" feature. Our website does not currently respond to Do Not Track signals, but we minimize tracking to essential functions and analytics.

Opt-Out Tools:

  • Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
  • Your browser's privacy settings

7.4 Other Tracking Technologies

We may use web beacons, pixels, and similar technologies in emails and on our website to:

  • Track email opens and clicks
  • Measure campaign effectiveness
  • Understand user engagement

8. Third-Party Links and Services

Our website and apps may contain links to third-party websites, services, or integrations not operated by us. Examples include:

  • HubSpot marketplace and documentation
  • Third-party integration endpoints
  • Educational resources and blog references
  • Partner websites

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

When you authorise our apps to connect with third-party services, send data to external endpoints, or otherwise interact with third-party platforms, those third parties are responsible for their own handling of your data under their own privacy policies and terms.

9. Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information from our systems.

10. International Data Transfers

10.1 Cross-Border Transfers

King Henry primarily operates in Australia and New Zealand, but our services are accessible globally through the HubSpot Marketplace. This means your data may be transferred to, stored in, and processed in:

  • Australia (our primary location)
  • Countries where our cloud service providers operate (potentially including Asia, United States and the European Union)
  • Countries where third-party integrations you authorise are located

10.2 Safeguards

When we transfer data internationally, we implement appropriate safeguards:

  • Standard Contractual Clauses approved by the European Commission (for EU data), where applicable
  • Other lawful transfer mechanisms recognised under applicable privacy law, where applicable
  • Ensuring service providers have adequate data protection measures
  • Encryption of data in transit and at rest, where applicable

10.3 Your Consent

By using our services or apps, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws than your jurisdiction, to the extent permitted by applicable law.

11. Data Processing for HubSpot Marketplace Apps

11.1 Our Role

When you use our HubSpot Marketplace apps, we typically act as a "data processor" while you (the HubSpot account holder) remain the "data controller" of your HubSpot data. This means:

  • You determine what data is stored in HubSpot
  • You control access to your HubSpot account
  • You determine the purposes for which data is processed
  • We process data solely according to your instructions through app configuration and use of the app

Use of HubSpot Data: King Henry accesses and processes HubSpot data solely to provide the functionality of the integration or app. We do not sell, rent, or use HubSpot customer data for advertising, profiling, or any purpose unrelated to the operation, support, security, or improvement of the app or service.

11.2 Sub-Processors

We may engage sub-processors to help deliver our services. Current sub-processors may include:

  • HubSpot (platform provider)
  • Cloud infrastructure providers (Hostinger, DigitalOcean, AWS, Google Cloud, Azure, or similar providers)
  • n8n or similar workflow automation platforms
  • Monitoring, logging, analytics, support, communication, and security service providers
  • Third-party APIs or services you specifically authorise or configure through an app

We may maintain a list of sub-processors and may notify customers of material changes where required by law or contract.

11.3 Data Processing Agreement

For enterprise clients or those requiring specific data protection terms, we can enter into a Data Processing Agreement (DPA) that outlines:

  • Scope and nature of processing
  • Duration of processing
  • Types of personal data
  • Categories of data subjects
  • Our obligations as a processor
  • Your rights and obligations as a controller

Contact us to request a DPA.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • We will post the updated policy on our website with a new "Last Updated" date
  • For material changes, we will provide prominent notice through:
    • Email notification to registered users
    • In-app notifications
    • Notice on our website homepage
  • We will maintain previous versions of this policy for reference

Your Continued Use: Your continued use of our services after changes take effect constitutes acceptance of the updated policy. If you disagree with changes, you should discontinue use of our services and contact us about account closure or data deletion.

Material Changes:Changes we consider material include:

  • New data collection practices
  • Changes to data sharing practices
  • Changes to your rights
  • Changes to how we use your data
  • Significant changes to security practices

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@kinghenry.au
Phone: 0489 075 532
Website: https://kinghenry.au

For Privacy Complaints: We take privacy concerns seriously. If you have a complaint:

  1. Email us at support@kinghenry.au with details of your concern
  2. We will acknowledge your complaint within 5 business days
  3. We will investigate and respond within 30 days
  4. If you're not satisfied with our response, you can contact:
    • Office of the Australian Information Commissioner: www.oaic.gov.au
    • Your local data protection authority (for EU residents)

14. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data under the following legal bases:

Contract Performance: Processing necessary to provide services you've requested or to enter into a contract with you.

Legitimate Interests: Processing necessary for our legitimate business interests, such as:

  • Improving our services
  • Security and fraud prevention
  • Internal administration
  • Marketing communications (you can opt out at any time)

Consent: When we rely on your consent (e.g., for marketing communications), you can withdraw consent at any time.

Legal Obligation: When we must process data to comply with legal requirements.

15. California Shine the Light Law

California residents who have an established business relationship with us can request information about the personal information we've shared with third parties for their direct marketing purposes during the previous calendar year. This information includes the categories of information shared and the names and addresses of the third parties.

To request this information, contact us at support@kinghenry.au with "California Shine the Light Request" in the subject line.

Note: We do not currently share personal information with third parties for their direct marketing purposes.

16. Your California Privacy Rights - Metrics

In accordance with CCPA requirements, we provide the following metrics for the previous calendar year:

  • Number of requests to know: 0
  • Number of requests to delete: 0
  • Number of requests to opt-out: 0
  • Median response time: N/A

Acknowledgment

This Privacy Policy is effective as of the date listed at the top and supersedes all previous versions. We encourage you to review this policy periodically to stay informed about how we protect your information.

By using King Henry's services, website, or applications, you acknowledge that you have read and understood this Privacy Policy.