Privacy Policy

Last updated: April 2026

1. Who We Are

Spacehubs Africa's intelligence platform at data.spacehubs.africa, is a directory and analytics platform for the African space ecosystem. The platform is operated through Spacehubs Africa's Estonian legal entity.

As the entity that determines the purposes and means of processing personal data, that operating entity is the data controller under the General Data Protection Regulation (GDPR).

For privacy-related enquiries, contact us at privacy@spacehubs.africa.

Spacehubs Africa OÜ (16002610), Lõõtsa tn 5-11, 11415 Tallinn, Estonia.

2. What Data We Collect

  • Account data: email address, full name, country, organisation, role, areas of interest, use cases, and profile picture (optional).
  • Authentication data: hashed password, email verification status, account creation timestamp, and terms acceptance timestamp.
  • Subscription and payment data: subscription plan, billing interval, subscription status, payment references, and transaction history. We do not store full card numbers.
  • Usage data (with consent): pages visited, landing pages, referral and campaign metadata, feature interactions, filter and navigation behaviour, session-level engagement metrics, approximate location, device/browser metadata, and limited session replay on selected pages collected through PostHog only after you accept analytics cookies. We do not send raw contact message content, payment payloads, or similar sensitive free-text into analytics events.
  • Contact form data: name, email, subject, message, and whether you opted in to newsletter or product updates.
  • Technical data: IP address used for rate limiting and security, browser type, and session identifiers.

3. Why We Process Your Data (Legal Bases)

Purpose Legal Basis (GDPR Art. 6)
Providing and managing your accountArt. 6(1)(b) - performance of contract
Processing payments and subscriptionsArt. 6(1)(b) - performance of contract; Art. 6(1)(c) - legal obligation
Sending transactional emailsArt. 6(1)(b) - performance of contract
Analytics and usage trackingArt. 6(1)(a) - consent
Responding to contact form enquiriesArt. 6(1)(f) - legitimate interest
Sending newsletter or product updates when you opt inArt. 6(1)(a) - consent
Security, fraud prevention, and rate limitingArt. 6(1)(f) - legitimate interest
Error monitoring and platform reliabilityArt. 6(1)(f) - legitimate interest
Retaining anonymised transaction recordsArt. 6(1)(c) - legal obligation

4. Data Retention

  • Account data: retained until you delete your account.
  • Transaction records: anonymised and retained for 7 years where accounting law requires retention.
  • Contact messages: retained for up to 2 years, then deleted by scheduled cleanup jobs.
  • Newsletter opt-in from the contact form: retained with the related contact message so we can evidence the opt-in unless you withdraw it sooner.
  • Analytics data: retained according to our PostHog project settings and internal review schedule.
  • Security tokens: expired or used verification and deletion tokens are removed by scheduled cleanup jobs.
  • Session data: removed on logout or when sessions expire and are cleared from storage.

5. Backups and Deletion Timing

When data is deleted from our live systems, it may remain in secure backup copies until the relevant backup retention window expires. Our internal backup policy is: weekly backups retained for 5 weeks and monthly backups for 6 months. These automated backup copies are stored separately for disaster recovery and are not used to restore deleted accounts or expired contact messages during ordinary operations.

We document this operationally in BACKUPS_AND_DELETION.md.

6. Who We Share Your Data With

We use the following sub-processors to operate the platform:

  • Stripe - payment processing
  • Neon - PostgreSQL database hosting
  • Render - application hosting
  • AWS S3 - media storage
  • Resend - transactional email delivery
  • Sentry - error monitoring
  • PostHog - behavioural analytics
  • Google reCAPTCHA Enterprise - bot protection

We do not sell your personal data.

7. International Data Transfers

Some of our service providers are located outside the EEA, including in the United States. Where required, we rely on recognised transfer mechanisms such as the EU-US Data Privacy Framework or Standard Contractual Clauses.

8. Your Rights Under GDPR

You have the right to access, correct, delete, restrict, object to, and port your personal data, subject to applicable legal limits.

  • You can edit profile data from your account settings.
  • You can delete your account from your profile page.
  • You can download your account data in machine-readable form from your profile page.
  • You can withdraw analytics or newsletter consent at any time by clearing your saved cookie choice for this site or by contacting us.

For privacy requests, email privacy@spacehubs.africa.

9. Cookies

We use essential cookies for sessions and analytics cookies or browser storage for PostHog. See our Cookie Policy for details.

10. Security

We use technical and organisational measures including HTTPS, hashed passwords, rate limiting, reCAPTCHA, webhook signature verification, and error monitoring. No internet transmission or storage system is completely secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where appropriate, we will notify users of material changes by email or in-product notice.