Privacy Policy
Last updated: July 6, 2026
1. Scope & Roles
This Privacy Policy explains how Hiveflow, Inc. ("Hiveflow", "we") handles personal information in connection with the HiveFlow platform.
- Account & website data: for information we collect about our account holders and website visitors, Hiveflow acts as the data controller.
- Customer content: for data our customers submit into their workflows ("Customer Content"), the customer is the controller and Hiveflow acts as a data processor, processing it solely under the customer's instructions and the applicable Data Processing Agreement (DPA).
2. Information We Collect
- Account information (name, email address, and, where provided, phone number)
- Authentication data (hashed passwords, OAuth identifiers)
- Usage data, logs and analytics
- Device and browser information
- Cookies and similar technologies (see our Cookie Policy)
- Customer Content processed on the customer's behalf within workflows, per the DPA
3. How We Use Your Information
- To provide, operate and secure our AI workflow orchestration platform
- To communicate with you about your account and our services
- To improve our services, subject to the limitation below
- To detect, prevent and respond to security incidents and fraud
- To comply with legal obligations
We do not use Customer Content to train foundation or machine-learning models. Customer Content is processed only to deliver the service as configured by the customer.
4. Information Sharing & Subprocessors
We do not sell your personal information. We share information only:
- With subprocessors that help operate the platform (infrastructure, storage and AI model providers), under contractual confidentiality and security obligations. The current list is available at our Trust Center.
- To comply with legal obligations or lawful requests
- To protect the rights, safety and security of Hiveflow, our customers and the public
- In connection with a merger, acquisition or asset sale, subject to this policy
5. Data Security
We apply technical and organizational measures appropriate to the risk, including:
- Encryption in transit (TLS 1.2+) and encryption of sensitive data at rest (AES-256-GCM)
- Multi-tenant isolation across the data, API and real-time layers
- Role-based access control, MFA and server-side session revocation
- Isolated code execution (micro-VMs) and centralized logging with security alerting
We will notify affected customers of a personal-data breach without undue delay and, where applicable, within 72 hours of becoming aware. Further detail is available in our Trust Center.
6. Data Retention & Deletion
We retain personal information for as long as your account is active or as needed to provide the service, then delete or anonymize it. On termination, Customer Content is deleted within 30 days, subject to legal retention requirements and the DPA. Enterprise customers may configure specific retention periods.
7. International Transfers
Hiveflow is based in the United States and may process information in the U.S. and other countries where our subprocessors operate. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses or documented consent). Data residency options are available for enterprise customers.
8. Your Rights
Depending on your location, you may have the following rights. To exercise them, contact privacy@hiveflow.ai. Where Hiveflow acts as processor, we will refer requests to the relevant customer (controller).
- GDPR (EEA/UK): access, rectification, erasure, restriction, portability and objection.
- CCPA/CPRA (California): to know, delete, correct, and opt out of "sale"/"sharing" — note we do not sell personal information — without discrimination.
- LFPDPPP (Mexico): ARCO rights — Acceso, Rectificación, Cancelación y Oposición — and revocation of consent.
- Opt out of marketing communications at any time.
9. Children's Privacy
HiveFlow is not directed to children and is intended for use by individuals of legal age. We do not knowingly collect personal information from children.
10. Changes & Contact
We may update this policy from time to time; material changes will be posted here with a revised date. Questions or requests: privacy@hiveflow.ai. For a Data Processing Agreement, contact security@hiveflow.ai.
Usuarios en México (LFPDPPP): consulta nuestro Aviso de Privacidad y los Términos y Condiciones.