Privacy Policy
Last updated: July 5, 2026
This policy explains what Hivly collects, why, and what happens to it. Short version: we collect what’s needed to run your content workers, we don’t sell anything, and you can ask for your data or its deletion at any time.
1. What we collect
Account data: your email address and team membership. Your website’s content: when you connect a site, we crawl its public pages and sitemap to understand your business — this is the raw material your workers use. Working data: article drafts, research with sources, your edits and approvals (which your workers learn from), performance metrics, and activity logs. Connection credentials: tokens you provide for publishing destinations and knowledge sources are stored in an encrypted vault system, never in our application database, and are never exposed to generated content. Technical data: authentication cookies (we use no advertising or tracking cookies) and error logs.
2. How we use it
Solely to provide the Service: producing and publishing your content, improving your workers’ output based on your feedback, sending you transactional email (approvals, published notices, sign-in links) from hello@hivly.com, and keeping the platform secure. We do not sell your data or use it for advertising. We do not use your content to train general-purpose AI models.
3. Who processes it (subprocessors)
Hivly runs on established infrastructure providers that process data on our behalf: Anthropic (AI processing), Supabase (database, authentication, storage), Vercel (hosting), Cloudflare (DNS, security challenges), Google (image generation), OpenAI (text embeddings), Ahrefs (search data), Firecrawl (website crawling), and Postmark (email delivery). Each receives only what its function requires.
4. Retention and deletion
We keep your data while your account is active. On account deletion, your company’s data — sites, articles, research, learnings, credentials — is removed from our systems; content already published to yourwebsite remains yours and stays wherever you published it. Backups roll off on the infrastructure provider’s schedule. Request deletion or a copy of your data at hello@hivly.com — we respond within 30 days.
5. Security
Data is encrypted in transit and at rest, database access is isolated per company with row-level security, third-party credentials live in write-only encrypted vaults, and admin access is restricted and audited. No system is perfectly secure; if a breach affects your data we will notify you without undue delay.
6. Your rights
Depending on where you live (e.g. GDPR, CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to processing. Email hello@hivly.com and we’ll honor them.
7. Changes
We’ll announce material changes to this policy in the app or by email before they take effect.