HIVE is built on explicit consent, data minimization, and transparency. We never sell consumer data and enforce strict compliance with global privacy regulations.
Consumers must actively opt in before receiving any proximity notifications. No implicit consent, no pre-checked boxes.
AES-256 encryption at rest and TLS 1.3 in transit. All data is encrypted end-to-end between devices and servers.
Full compliance with the General Data Protection Regulation including data portability, right to access, and breach notification.
Canadian privacy law compliance with proper consent management, commercial electronic message rules, and data handling.
Users can request full data deletion at any time. All personal data is permanently removed within 30 days of request.
24-hour breach notification protocol with automated detection, impact assessment, and regulatory reporting.
Data is stored in region-specific data centers. Enterprise customers can choose their data residency region.
Comprehensive audit logging for all administrative actions, data access, and system changes with exportable reports.
Full transparency on data collection, storage, retention, and sharing practices.
| Category | Collected | Stored As | Retention | Shared |
|---|---|---|---|---|
| Consumer Location | Proximity zone events (enter/exit) | Anonymized zone interactions | 90 days aggregate | Never individually |
| Push Engagement | Notification open/dismiss events | Aggregated engagement metrics | 12 months aggregate | Business dashboard only |
| Device Info | OS type, app version | Anonymized device categories | Session only | Never |
| Preferences | Interest categories, opt-in status | Encrypted user profile | Until account deletion | Never |
| Business Data | Campaign content, zone configs | Encrypted business storage | Account lifetime + 30 days | With authorized team members |
Request a complete export of all data we hold about you in a machine-readable format.
If any data is incorrect, you have the right to have it corrected immediately.
Request full and permanent deletion of all personal data within 30 days.
Opt out of all proximity notifications at any time through the app or by contacting support.
HIVE maintains SOC 2 Type II compliance, conducts annual third-party penetration testing, and implements OWASP Top 10 security practices across all systems.