What we collect. What we don’t.

What data we collect

We collect only what you explicitly hand to the extension. There is no background data collection.

• Wallet address (optional). If you paste a Base 8453 address into the wallet sheet, we store the literal string in chrome.storage.local on your device. We never see it. We never receive private keys — the extension does not ask for them and has no field to enter them.
• Receipt data (only what you scan). When you run a Hive agent that processes receipts, the receipt content you paste or upload is transmitted to hivemorph.onrender.com for the duration of that one call so the agent can do its job. We do not retain a copy beyond the duration of that single signed response.
• Gmail OAuth token (only what you authorize). Some Hive agents (for example, a Gmail receipt scanner) request Google OAuth permission with the narrowest possible scope. The token, when granted, is held in chrome.storage.local on your device and used only for the calls you authorize in that session. No copy is kept on any Hive server.
• Designer conversation. If you use the Designer tab to draft an agent, the conversation thread and resulting spec are stored in chrome.storage.local so you can resume across popup opens. You can clear it at any time with the Reset button.

We do not collect: your name, email address, IP address (beyond what your browser sends to api hosts on its own), device fingerprint, browsing history, or any analytics event stream.

How we use it

The data you hand to the extension is used for exactly three things, in this exact order, and nothing else:

• Process the receipt or task you submitted, through the Hive agent you selected.
• Generate cryptographic signatures. Every agent run produces a dual-signed receipt (Ed25519 + ML‑DSA‑65) tied to the body of your request.
• Anchor the receipt on Base 8453 so the signature is independently verifiable on-chain, by you, forever, without us.

That is the entire list. We do not train models on your data. We do not enrich third-party profiles. We do not run ad attribution. We do not run product analytics.

Where data lives

The Hive Native Client is a client-side application. There is no Hive-operated user database.

• On your device: wallet address, conversation threads, and any OAuth tokens you have authorized are written to chrome.storage.local. Chrome scopes this storage to the extension — no website, including thehiveryiq.com, can read it.
• On the Hive API host: agent calls go to hivemorph.onrender.com. The host processes each request, returns the signed response, and stores only the cryptographic receipt itself (which is by design public-verifiable). Your raw input is not retained beyond the call.
• On the Base blockchain: receipt anchors are written to Base 8453. These anchors are designed to be public — that is the entire point of an audit-grade receipt. Only the receipt hash and its dual signatures appear on-chain; your raw input does not.

If you uninstall the extension, the chrome.storage.local data is removed by Chrome. Anchored receipts on Base 8453 remain public, by cryptographic necessity.

Third parties

The extension talks to exactly three external services. None of them are paid by us to track you.

• Google (OAuth for Gmail-scoped agents only). When you choose to run a Hive agent that reads Gmail, Google handles the OAuth consent screen and issues a scoped token. Google’s privacy policy applies to that token issuance. We never receive your Google account credentials.
• Base (on-chain anchoring). Hive writes receipt anchors to the Base 8453 chain via standard public RPC. There is no off-chain submission to a private indexer; we use the same public Base network anyone can query.
• hivemorph.onrender.com (Hive agent API). All agent runs, the designer chat, mint requests, and receipt verification calls go to this host. It is operated by Hive Civilization. No analytics or ad SDK runs on this host.

We do not load Google Analytics, Plausible, Mixpanel, Segment, Heap, Amplitude, Fathom, PostHog, Hotjar, FullStory, Microsoft Clarity, or any other event-tracking SDK in the extension. We do not load Meta Pixel, Google Ads, TikTok Pixel, or any ad tracker.

Your rights

• Delete anytime. Remove the extension from chrome://extensions/ and Chrome wipes the local storage. There is no Hive-side “account” to close because none was ever created.
• Export anytime. Open any receipt in the Receipts tab and use Copy JSON. The full receipt body and both signatures are yours to keep.
• Revoke at any time. If you connected Gmail via OAuth for a specific agent, revoke the scope at myaccount.google.com/permissions. The extension will lose access immediately.
• We can’t access your data even if we wanted to. The extension stores data in browser-scoped chrome.storage.local. Hive has no remote read access to that store. There is no admin panel that lets a Hive employee browse user records, because no such records exist.
• GDPR / CCPA / CPRA. Because we do not maintain a user database, most of the deletion and access rights granted under these statutes have nothing on the Hive side to act on. You retain all rights of those statutes regardless of jurisdiction; we will respond to any verified request at the contact below.