Last updated: Sep 25, 2025

This Privacy Policy explains how NJP Consulting, Inc., d/b/a Sectorly (“Sectorly,” “we,” “us,” or “our”) collects, uses, and shares information about you when you visit gosectorly.com (the “Website”), use the Sectorly application and related services (the “App”), or otherwise interact with us. It also describes your privacy rights and how the law protects you.

If you use Sectorly in connection with a HubSpot account, the customer who owns that HubSpot account (your employer or client) is typically the controller of data you store in HubSpot; Sectorly acts as that customer’s processor/service provider for the App. For Website visitors and direct sign-ups, Sectorly is the controller.

If you do not agree with this Policy, do not access the Website or use the App.

---

1) Scope & roles

• Website (gosectorly.com): We are the controller for personal data we collect via our site (e.g., forms, cookies, analytics).

• Sectorly App (HubSpot integration and related services):

  • Your HubSpot account data: We act as a processor/service provider to our customer (the HubSpot portal owner). We access only the HubSpot objects/scopes you authorize through OAuth and process them per your configuration.

  • Billing & account administration (Stripe, support): We act as controller for your account and billing information.

---

2) Information we collect

A. Information you provide to us

• Account & contact data: name, work email, company, role, phone (optional).

• Support & communications: messages, tickets, meeting notes, and any files you send.

• Billing data: plan, subscription status; we rely on Stripe to process payment details. We do not store full card numbers.

B. Information we process on your behalf (App)

• HubSpot OAuth tokens & metadata: tokens necessary to connect your HubSpot portal (hub ID, scopes, token expiry).

• HubSpot objects & fields you authorize: e.g., objects and custom properties required for the integration (such as solicitation number, posted date, active flag). We do not access objects or properties outside the scopes you approve.

• Imported public-source business data: e.g., SAM.gov notices and related public attributes that you choose to sync into HubSpot.

C. Information collected automatically

• Usage & device data: IP address, browser type, operating system, referral URLs, pages viewed, links clicked, request/response timing, error logs.

• Cookies and similar tech (Website & App): to operate the site, remember preferences, analyze usage, and improve services. See “Cookies” below.

---

3) How we use information

We use information to:

1. Provide and improve the App & Website (operate, secure, troubleshoot, and enhance features).

2. Connect to HubSpot (authenticate via OAuth, read/write only approved objects/fields, run syncs on demand or on schedule).

3. Process subscriptions & payments (via Stripe), provide invoices, and manage trials.

4. Communicate with you (product updates, transactional emails, support).

5. Security & fraud prevention (detect abuse, protect accounts, audit access).

6. Comply with law and enforce agreements.

7. Analytics to understand usage and improve performance. (We do not build behavioral profiles for third-party advertising.)

Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, our processing bases include: contract performance (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)) such as product security and improvement, consent where required (cookies/marketing), and legal obligation (Art. 6(1)(c)).

---

4) Sharing of information

We share information only as described:

• Service providers/subprocessors (hosting, analytics, error monitoring, logging, email, customer support, payments) under contract, limited to their functions. Key providers include:

  • Cloud hosting (e.g., AWS)

  • Payment processing: Stripe (billing, subscription management)

  • CRM platform: HubSpot (only via scopes you approve)

• Customer/Controller: If you use the App within a HubSpot portal owned by your employer or client, relevant data may be visible to that customer’s admins and users per their HubSpot permissions.

• Compliance & safety: If required by law or to protect rights, safety, and security.

• Business transfers: In a merger, acquisition, or asset sale, information may be transferred subject to this Policy.

We do not sell personal information and we do not share it for cross-context behavioral advertising as defined by California law.

---

5) Cookies & similar technologies

We use strictly necessary cookies for login/session and security, and (where permitted) analytics cookies to understand usage. 

---

6) Data retention

• Account & billing data: retained for the duration of your account and as needed for tax, audit, or legal compliance.

• OAuth tokens & HubSpot sync data: retained while your connection remains active and for a short period after disconnect for troubleshooting/audit (typically up to 90 days, unless a longer period is required by law or expressly agreed).

• Logs & analytics: typically retained 30–180 days depending on purpose and system.
  We may anonymize or aggregate data for longer-term analytics.

---

7) Security

We use reasonable and appropriate technical and organizational measures, including TLS encryption in transit, encryption at rest provided by our cloud providers, access controls based on least privilege, audit logging, and vulnerability and backup practices. However, no system can be guaranteed 100% secure.

---

8) International data transfers

We may process and store information in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers (e.g., Standard Contractual Clauses for EEA/UK transfers). Details are available upon request.

---

9) Your rights

EEA/UK (GDPR/UK GDPR)

You may have the right to access, rectify, erase, restrict processing, object to processing, and data portability. Where we process based on consent, you can withdraw consent at any time. If we act as a processor for your organization, please direct requests to your organization; we will assist them as required.

California (CPRA)

California residents have the right to know, access, correct, delete, and opt out of sale/share (we do not sell/share), and to limit use of sensitive personal information (we do not use SPI for purposes requiring a “Limit” option). We honor rights requests and non-discrimination provisions.

Exercising your rights

Email us at privacy@gosectorly.com. For App data controlled by your organization, contact your HubSpot portal administrator. We may request verification of your identity and request details.

You have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK; a Data Protection Authority in the EEA).

---

10) Children’s privacy

Our Website and App are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will delete it.

---

11) HubSpot integration specifics

• OAuth & scopes: We only access HubSpot objects and properties you approve during the OAuth process (e.g., Deals and specified custom properties). You can revoke access at any time in HubSpot.

• Sync behavior: The App imports public SAM.gov notice data and writes selected attributes to HubSpot Deals per your filters and settings.

• Customer control: Your organization (HubSpot portal owner) decides what data to import, how long to retain it in HubSpot, and who can access it.

• Disconnect & deletion: When you disconnect the App or request deletion, we will revoke tokens and delete or anonymize associated data we store as processor/controller within a reasonable timeframe, subject to legal retention requirements.

---

12) Stripe & payments

We use Stripe to process payments. Stripe collects and processes your payment instrument data in accordance with its own Privacy Policy. We receive limited billing details (e.g., name, email, last4, subscription status) to administer your subscription. We do not store full card details on our servers.

---

13) AI & automated processing 

We may use automated systems to detect abuse (e.g., anomalous API usage) and to generate operational insights (e.g., log summarization). We do not use automated decision-making that produces legal or similarly significant effects without human review.

---

14) Data Protection Addendum (DPA) & subprocessor list

For customers requiring a DPA under GDPR/UK GDPR or equivalent, email privacy@gosectorly.com to request a DPA. We maintain a current list of subprocessors (including hosting, support, analytics, and payments) available upon request.

---

15) Changes to this Policy

We may update this Policy from time to time. The “Last updated” date indicates the current version. Material changes will be communicated by notice on the Website/App or via email.

---

16) Contact us

• Sectorly (legal entity: NJP Consulting, Inc.)

• Address: PO Box 664, Oldwick, NJ 08858

• Email: privacy@gosectorly.com

• Support: support@gosectorly.com

17) Definitions (summary)

• Personal data / personal information: Information that identifies or can reasonably be linked to an individual.

• Controller: Entity that determines the purposes and means of processing personal data.

• Processor/Service provider: Entity that processes personal data on behalf of a controller.

• Sell/Share: As defined by California law; we do not sell or share personal information for cross-context behavioral advertising.