Privacy Policy
Last updated: 25 May 2026
This Privacy Policy explains how Publishinghub LLC ("Breakthrough Publishing", "we", "us", "our") collects, uses, stores and protects your personal data when you use breakthroughpub.com, our coaching programs, our done-for-you publishing services, and our publishing tools (together, the "Services"). It also describes your rights under the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are
The data controller responsible for your personal data is Publishinghub LLC, a company registered in the United States. You can contact us about privacy or data protection at:
- Email: support@breakthroughpub.com
- Postal address: available on request via the email above.
Because we offer services to individuals in the United Kingdom and the European Economic Area, UK and EU data protection law applies to our processing of your personal data even though we are established in the United States.
2. What personal data we collect
Depending on how you use the Services, we may collect:
- Account data: your name, email address, password (stored only as a salted cryptographic hash — never in plain text), and how you signed up (email or Google).
- Subscription & billing data: your subscription tier and status, credit balances, and payment identifiers from our payment providers. We do not store your full card number — card details are handled directly by Stripe.
- Order & project data: for done-for-you services, the brief you submit (which may include book topics, pen names, manuscript content and formatting instructions) and order details.
- Tool content: the inputs you provide to our publishing tools (e.g. book titles, descriptions, keywords, outlines and cover prompts), which may be processed by third-party AI providers to generate output for you (see Section 6).
- Support & feedback data: messages you send us, feedback submissions (which may include screenshots), and the page you were on.
- Technical data: IP address, browser/device information, and limited logs of your activity for security, debugging and error reporting.
- Booking data: if you book a call, the name, email and scheduling details you provide via our booking provider (Calendly).
3. Why we use it and our lawful bases
| Purpose | Lawful basis (UK/EU GDPR) |
|---|---|
| Creating and managing your account; delivering the Services and tools you request | Performance of a contract |
| Processing payments and managing subscriptions | Performance of a contract / legal obligation |
| Sending transactional emails (verification, receipts, service updates) | Performance of a contract |
| Security, fraud prevention, debugging and error monitoring | Legitimate interests |
| Responding to support requests and feedback | Legitimate interests |
| Marketing emails (where applicable) | Consent (you may withdraw at any time) |
4. How long we keep it
We keep your account and order data for as long as your account is active and as needed to provide the Services. After account closure we retain limited records where required for legal, accounting or fraud-prevention purposes (typically up to 6 years for billing records), then delete or anonymise the rest. Technical and error logs are kept for a shorter period. You can ask us to delete your data sooner (see Section 8).
5. Cookies and similar technologies
We use a small number of cookies and similar technologies:
- Strictly necessary: a secure session cookie that keeps you logged in. This is required for the site to function and is exempt from consent under PECR.
- Third-party functional: when you check out (Stripe) or book a call (Calendly), those providers may set their own cookies. Google Sign-In and Google Fonts may receive your IP address.
We do not use advertising or third-party analytics tracking cookies. You can control cookies through your browser settings.
6. AI processing of your content
Some of our tools use third-party artificial-intelligence providers to generate content for you. When you use these tools, the inputs you provide (such as book titles, descriptions, outlines, keywords and cover prompts) are sent to the relevant AI provider to produce your output. We do not sell this content, and we ask providers not to use it to train their models where that option is available. The AI providers we use are listed in Section 7.
7. Who we share your data with (sub-processors)
We share personal data with trusted service providers who process it on our behalf, only as needed to deliver the Services:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Hosting & database (where your data is stored) | Germany (EU) |
| Stripe | Payment processing | USA |
| Whop | Membership & subscription management | USA |
| Resend | Transactional email delivery | USA |
| Google (Sign-In & Gemini AI) | Authentication; AI content generation | USA |
| OpenAI | AI content / image generation | USA |
| Ideogram | AI cover image generation | USA |
| Cloudflare | DNS, content delivery, request routing & file storage | USA / global |
| Calendly | Call booking | USA |
We require these providers to protect your data and to process it only on our instructions. We do not sell your personal data to anyone.
8. International transfers
Your core account data is stored within the European Union (Germany). Some of the providers above are located in the United States, so using the Services involves transferring some personal data internationally. Where we make such transfers, we rely on appropriate safeguards such as the providers' Standard Contractual Clauses and the EU-US / UK-US Data Privacy Framework where available.
9. Your rights
Under UK and EU data protection law you have the right to:
- Access the personal data we hold about you;
- Have inaccurate data corrected;
- Have your data erased ("right to be forgotten");
- Restrict or object to our processing;
- Receive your data in a portable format;
- Withdraw consent at any time (where we rely on consent).
To exercise any of these rights, email support@breakthroughpub.com. We will respond within one month. You will not have to pay a fee unless your request is clearly unfounded or excessive.
10. Complaints
If you are in the UK and are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may complain to your local data protection authority. We would, however, appreciate the chance to address your concerns first.
11. Data security
We protect your data with measures including encrypted connections (HTTPS), hashed passwords, access controls, a firewalled server, and regular backups. No system is completely secure, but we work to protect your information and to notify you and the relevant authority if a breach affecting your rights occurs.
12. Children
The Services are intended for adults and are not directed at children under 16. We do not knowingly collect data from children.
13. Changes to this policy
We may update this policy from time to time. The "last updated" date above shows the latest version. Material changes will be notified through the Services or by email.
14. Contact
Questions about this policy or your data? Email support@breakthroughpub.com.