Our default posture
StuHub is designed around a zero-retention, zero-profile principle. Every file you process stays in your browser; we never receive it, never store it, and never process it on our infrastructure. That removes the largest category of GDPR risk by design — there is no data processing of personal content to authorize, audit, or delete.
What personal data we do process
- Anonymous analytics events via Google Analytics 4, only after you consent via the cookie banner (Consent Mode v2 is configured as denied-by-default). Events carry tool slugs and success/error markers, never file contents.
- Aggregate rating counts for the tool star ratings. Each vote is rate-limited by a daily-rotated IP hash that is never retained past 24 hours.
- Server log metadata (IP, user agent, timestamp) for security monitoring, retained for 30 days on a standard access log; never combined with event data.
Your rights under GDPR
Because we do not hold accounts or identifiable user records, there is no user profile to access, export, or delete. If you have a specific concern — for example, wanting aggregate analytics for a specific country excluded — email privacy@thestuhub.com and we will respond within 30 days.
Where our services run
Our web hosting is within the EU. Analytics is served via Google's EU-region endpoints where supported. See the full technical data flow in our Privacy Policy.