Legal

Privacy Policy

Last updated: April 6, 2026

This Privacy Policy explains how Hyve Applied Intelligence LLC ("HyveAI," "we," "us") collects, uses, shares, and protects personal information when you visit hyveappliedintelligence.com, use our client portal at app.hyveappliedintelligence.com, interact with a HyveAI-powered chat widget, or otherwise use the HyveAI platform (collectively, the "Service").

Two roles. For data about our customers and visitors to our marketing site, HyveAI acts as a data controller. For data that our customers submit into the Service about their own end users (documents, chat transcripts, feedback), HyveAI acts as a data processor on the customer's behalf — that relationship is governed by our Data Processing Addendum.

1. Information We Collect

1.1 Information you provide

  • Account information: name, email address, password hash, organization name, role, phone, timezone.
  • Billing information: handled by our payment processor (Stripe) — we store a customer ID and subscription metadata; we do not store full card numbers on our servers.
  • Content you upload: documents, URLs, and metadata ingested into your knowledge base.
  • Support communications: messages you send us via email or in-product forms.

1.2 Information collected automatically

  • Usage data: pages visited, actions taken, session duration, approximate location derived from IP.
  • Device data: browser type and version, operating system, screen size, referring URL.
  • Log data: IP address, timestamps, request metadata, error traces (scrubbed of sensitive fields such as auth headers).
  • Cookies & local storage: authentication tokens, session state, and preferences. See Cookies below.

1.3 End-user chat data

When a visitor uses a HyveAI chat widget embedded on a customer site, HyveAI processes the question, generated response, similarity scores, and basic session metadata on behalf of the customer that operates that widget. We do not directly collect names, email addresses, or identifiers from widget users unless the customer explicitly enables a lead-capture form, in which case the submitted details are routed to the operating customer.

2. How We Use Information

  • To provide, operate, secure, and improve the Service.
  • To authenticate accounts, apply rate limits, and prevent abuse.
  • To process payments and manage subscriptions via our payment processor.
  • To generate aggregated, de-identified product analytics (e.g. average response time per channel).
  • To communicate about Service availability, billing, security, and policy updates.
  • To send product updates and marketing, only where you have opted in or where permitted by law. You can unsubscribe at any time.
  • To comply with legal obligations and enforce our agreements.

We do not sell personal information, and we do not use Customer Data to train general-purpose foundation models for third parties.

3. Legal Bases (EEA/UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process personal data on the following legal bases:

  • Performance of a contract — to deliver the Service you requested.
  • Legitimate interests — to operate, secure, and improve the Service, provided those interests are not overridden by your rights.
  • Consent — for optional cookies and marketing.
  • Legal obligation — to comply with tax, accounting, and other laws.

4. Subprocessors & Third-Party Services

We engage trusted third parties to host and operate the Service. Each is bound by contractual confidentiality and security obligations.

Subprocessor Purpose Region
OpenAI LLM inference, embeddings (text-embedding-3-large, gpt-4o-mini) United States
Pinecone Vector store for retrieval-augmented generation United States
Stripe Payment processing and subscription billing United States
HuggingFace Optional small-language-model training and hosting United States
Sentry Error and performance monitoring United States
Hosting provider (ronin infrastructure) Compute, storage, reverse proxy, backups Europe
SMTP provider Transactional and alert email delivery United States / Europe
Slack (optional) Operational alerts and customer integrations United States
Twilio (optional, SMS channel) SMS delivery for customers using the SMS channel United States

An up-to-date subprocessor list is available in our Data Processing Addendum. We will provide notice of new subprocessors as required by applicable law or contract.

5. International Transfers

HyveAI operates infrastructure in Europe and processes data through US-based subprocessors. Where personal data is transferred outside your region, we rely on appropriate safeguards such as the Standard Contractual Clauses published by the European Commission.

6. Data Retention

  • Account data: retained while the account is active and for a reasonable period afterwards for legitimate business purposes (legal obligations, dispute resolution, security).
  • Customer Data (documents, chat logs): retained according to the customer's configuration and deleted within 30 days of account termination, except as required by law.
  • Logs and security telemetry: retained for up to 30 days by default (Prometheus/Loki).
  • Backups: encrypted database backups retained on a 7-day / 4-week / 3-month rolling schedule before being overwritten.

7. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including TLS in transit, hashed credentials and API keys (SHA-256), role-based access control, rate limiting, error monitoring with sensitive-header scrubbing, and encrypted backups. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent where processing is based on consent. To exercise any of these rights, contact loren@hyveappliedintelligence.com. We will respond within the timeframes required by applicable law.

If you are an end user of a HyveAI customer's chat widget and wish to exercise your rights in relation to that chat history, please contact the operator of the site where you used the widget — they are the data controller for that interaction.

9. Cookies

We use strictly necessary cookies and local storage to keep you signed in, to maintain session state, and to remember your preferences. We do not use third-party advertising cookies. Where required, we will ask for your consent before setting any non-essential cookies.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and/or in-product notice. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Hyve Applied Intelligence LLC
Email: loren@hyveappliedintelligence.com
Website: hyveappliedintelligence.com