Hivly ("we," "our," or "us") operates the Hivly platform at hivly.app. This policy explains what data we collect, why we collect it, and how we protect it.
What We Collect
Account information: your name, email address, and password (stored as a secure hash — we never store your password in plain text).
Business information: business name, industry, description, website, location, brand colors, logos, tagline, tone of voice, target audience, and other brand details you provide in your business settings.
Content you create: topics, uploaded photos, AI-generated images, post captions, and scheduling data.
Platform connections: when you connect a social media account (Facebook, Instagram, LinkedIn, or X), we store encrypted OAuth tokens that allow us to publish posts on your behalf. We never store your social media passwords.
Usage data: basic analytics such as when you log in, how many posts you generate, and which features you use. We do not track your browsing activity outside of Hivly.
Why We Collect It
To provide the service: generating social media posts, managing your content calendar, and publishing to your connected platforms.
To improve the product: understanding which features are used helps us build a better tool.
To communicate with you: account notifications, service updates, and support responses.
How We Protect It
All OAuth tokens (social media connections) are encrypted at rest using AES-256-GCM encryption.
All data is transmitted over HTTPS.
Passwords are hashed using industry-standard algorithms and never stored in plain text.
Access to production databases is restricted to authorized personnel only.
Third-Party Services
We use the following third-party services to operate Hivly. We share only the minimum data required with each:
- Anthropic — AI text and image generation. Receives business context and topics to generate post designs and captions.
- fal.ai — Image rendering. Receives design descriptions to render final post images.
- Cloudinary — Image hosting and delivery. Stores uploaded photos, logos, and generated images.
- MongoDB Atlas — Database hosting. Stores all application data.
- Vercel / Render — Application hosting.
- Facebook, Instagram, LinkedIn, and X APIs — Publishing posts on your behalf when you connect your accounts and schedule content.
We do not sell, rent, or share your personal data with advertisers or data brokers. Ever.
Cookies
We use essential cookies only: session cookies to keep you logged in and remember your preferences. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
Your Rights
You can view all your data within the Hivly app at any time.
You can delete any individual business and all its associated data from Business Settings → General → Delete Business.
You can delete your entire account and all associated data from Account Settings → Delete Account.
Both deletion actions are self-service and take effect immediately. No email required.
Data Retention
We retain your data as long as your account is active. When you delete a business, all data associated with that business is permanently deleted immediately. When you delete your account, all data across all your businesses is permanently deleted immediately.
Backups that may contain deleted data are automatically purged within 30 days.
Children
Hivly is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children.
Changes to This Policy
We may update this policy from time to time. If we make significant changes, we will notify you via email or an in-app notification. Continued use of Hivly after changes constitutes acceptance of the updated policy.
Contact
For privacy questions or concerns, contact us at privacy@hivly.app.