Privacy Policy

Hive customer privacy notice

This privacy notice tells you what to expect us to do with your personal information.

• Contact details
• What information we collect, use, and why
• Lawful bases and data protection rights
• Where we get personal information from
• How long we keep information
• Who we share information with
• Sharing information outside the UK
• How to complain
• Addendum – HiveEO
  

Contact details

Email

[email protected]

What information we collect, use, and why

We collect or use the following information for student education and welfare:

• Names and contact details for students/children
• Payment details and financial information including transactions
• Account access information
• Progress reports
• Information relating to compliments and complaints

We collect or use the following information for disciplinary investigations or to prevent, detect, investigate or prosecute crimes:

• Names and contact details for students/children
• Records and reports
• Call recordings

We collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Addresses
• Payment details
• Account login or user information
• Purchase or service history
• Call recordings
• Financial transaction information
• Correspondence

We collect or use the following information for information updates or marketing purposes:

• Names and contact details
• Addresses
• Website and app user journey information
• IP addresses
• Records of consent, where appropriate

We collect or use the following information to comply with legal requirements:

• Any other personal information required to comply with legal obligations

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
• Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
• Your right to erasure – You have the right to ask us to delete your personal information.
• Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information.
• Your right to object to processing – You have the right to object to the processing of your personal data.
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
• Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information for student education and welfare are:

• Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for disciplinary investigations or to prevent, detect, investigate or prosecute crimes are:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
• we’re collecting or using the information because it benefits the person, our organisation or someone else, without causing an undue risk of harm to anyone

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Our lawful bases for collecting or using personal information to comply with legal requirements are:

• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.

Where we get personal information from

• Directly from you
• Parents or carers

How long we keep information

Information we collect is stored on our secure servers for as long as you have an account with us.
If you wish for your information to be deleted, please contact us.

Who we share information with

Others we share personal information with

• Legal bodies or authorities

Sharing information outside the UK

Where necessary, we will transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Google

Category of recipient: Storage Provider

Country the personal information is sent to: USA

Organisation name: WPMU DEV

Category of recipient: Storage Provider

Country the personal information is sent to: USA

Organisation name: Cloudflare

Category of recipient: Storage Provider

Country the personal information is sent to: USA

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies and screen options cookies last for approximately a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

ADDENDUM — HIVEEO PLUGIN

HiveEO Data Notice

This section applies specifically to users of the HiveEO WordPress plugin, available at haiv3.com/hiveeo and via WordPress.org.

---

What data HiveEO collects and where it is stored

HiveEO stores all user data on your own WordPress installation, in your own database. This includes:

• Business name, description, URL, type, founding year, founder name, location, and industry tags
• Social profile URLs (LinkedIn, YouTube, Twitter/X, Facebook, Crunchbase, Wikidata)
• Products and services you add, including names, descriptions, FAQs, pricing, and schema types
• Your AEO checklist completion progress
• Comment generation history (last 200 entries), stored locally
• Thread tracker entries
• Visibility probe results and brand monitoring logs
• API keys you enter (Gemini, OpenAI, Perplexity) — stored in WordPress user meta on your server only
• AI crawler visit logs — stored in a dedicated table on your WordPress database; IP addresses are stored as a 12-character hash only (not the raw IP address)
• Action Guide lesson completion progress

None of the above is transmitted to haiv3.com or any third party, except as described in the relay section below.

---

What data is sent to haiv3.com

When you click any AI generation button in HiveEO (Generate comment, Generate thread, Run visibility probe), your WordPress server sends the following to the haiv3.com relay endpoint (haiv3.com/wp-json/hiveeo/v1/engine-relay):

• Your site URL
• Your business name, description, and relevant product details
• The action being performed (e.g. “generate comment” or “probe visibility”)

This data is used solely to retrieve the appropriate AI prompt template. Your API keys are never sent to haiv3.com. The actual AI request is made directly from your WordPress server to the AI provider (Google, OpenAI, or Perplexity) using your own key.

haiv3.com does not store the content of these relay requests beyond server logs that are retained for a maximum of 30 days for security and abuse prevention purposes.

---

Third-party services used by HiveEO

HiveEO connects to the following external services when you use specific features. In each case, the connection is made from your WordPress server, not from haiv3.com.

Google Gemini API (generativelanguage.googleapis.com) Used for comment generation, thread creation, and visibility probing when you provide a Gemini API key. Data sent includes your prompt (derived from your business context). See Google’s Privacy Policy and Terms of Service.

OpenAI API (api.openai.com) Used optionally for ChatGPT visibility probing when you provide an OpenAI API key. See OpenAI’s Privacy Policy and Terms of Service.

Perplexity API (api.perplexity.ai) Used optionally for Perplexity visibility probing when you provide a Perplexity API key. See Perplexity’s Privacy Policy and Terms of Service.

Reddit API (reddit.com) Used in the Comments tab to fetch live threads from relevant subreddits. Only triggered when you click “Refresh live threads.” No personal data is sent. See Reddit’s Privacy Policy and Terms of Service.

Hacker News API (hacker-news.firebaseio.com) Used in the Threads tab to fetch live trending stories. Only triggered when you click “Refresh.” No personal data is sent. See Y Combinator’s Terms of Service and Privacy Policy.

---

Your API keys

API keys you enter in HiveEO (Gemini, OpenAI, Perplexity) are stored exclusively in WordPress user meta on your own server. They are never transmitted to haiv3.com. You are responsible for the security of your own WordPress installation and the API keys stored within it.

---

Deleting your HiveEO data

To delete all data stored by HiveEO on your WordPress site, deactivate and delete the plugin via WP Admin → Plugins. Plugin deactivation removes the AI crawler log database table. User meta data (settings, products, checklist, comment log) can be removed by deleting your WordPress user account, or by contacting your site administrator.

For data held by haiv3.com (relay request logs), contact us at [email protected] and we will action your request within one month.

Last updated: 31/5/2026