Privacy Policy

Section 1

Who We Are

The data controller is Hive Civilization, a Wyoming corporation, operating as Hive Civilization at thehiveryiq.com.

Privacy contact: [email protected]

EU Representative: [EU Article 27 representative — to be designated. Contact [email protected] in the interim.]

Section 2

What We Collect

We collect data in two categories.

a. Operational Data

Signed receipts: Cryptographic hashes only. No plaintext inference payloads are stored by default.

Routing metadata: Jurisdiction identifier, timestamp, agent decentralized identifier (DID).

Inspection requests: Transmitted and stored encrypted. Plaintext is never written to disk.

b. Account Data

Identity: Name and email address.

Billing: Payment method and transaction records, processed by our payment sub-processor.

Security: IP address and session tokens, retained for fraud prevention.

Section 3

What We Do Not Collect

Inference payloads — inputs and outputs are hashed, not stored in plaintext.

Personal data inside agent transactions. Your customers' data never reaches Hive in plaintext.

Behavioral tracking, browsing history, or cross-site identifiers.

Advertising data or third-party marketing profiles.

Section 4

Legal Bases (GDPR Article 6)

Processing activity	Legal basis
Issuing and routing signed receipts	Contract performance (Art. 6(1)(b))
Fraud prevention, system integrity	Legitimate interest (Art. 6(1)(f))
EU AI Act Article 12 logging	Legal obligation (Art. 6(1)(c))
Optional telemetry (where applicable)	Consent (Art. 6(1)(a))

Section 5

Data Retention

Signed receipts: Retained for 7 years per EU AI Act Article 12 default logging requirements.

Account data: Retained for 24 months following last account activity, then deleted unless a legal hold applies.

Inspection logs: Retained for 90 days unless subject to a legal hold or regulatory requirement.

Retention periods may be extended where required by applicable law, court order, or legitimate legal hold. We delete data promptly once the applicable retention period expires and no hold applies.

Section 6

Sub-processors

Hive Civilization engages the following categories of sub-processors. The current complete list is maintained at thehiveryiq.com/legal#subprocessors.

Sub-processor	Purpose	Location
Render	Application hosting	US East
Cloudflare	CDN, DDoS mitigation	Global
Base	Settlement chain	Decentralized
[SMTP provider TBD]	Transactional email	[TBD]

We require all sub-processors to maintain appropriate technical and organizational measures consistent with this policy.

Section 7

International Transfers

Where personal data is transferred from the European Economic Area to countries not recognized as providing an adequate level of protection, Hive Civilization relies on Standard Contractual Clauses (SCCs) approved by the European Commission.

An EU-safe routing path is available for operators requiring data residency within the EEA. Contact [email protected] to discuss sovereign routing configuration.

Section 8

Your Rights

Under GDPR (EEA residents)

Right of access — obtain a copy of your personal data.

Right to rectification — correct inaccurate data.

Right to erasure — request deletion where no legal basis for continued processing exists.

Right to data portability — receive your data in a machine-readable format.

Right to restriction of processing.

Right to object to processing based on legitimate interest.

Under CCPA (California residents)

Right to know what personal information is collected and how it is used.

Right to delete personal information.

Right to opt out of sale of personal information. (Hive does not sell personal information.)

Right to non-discrimination for exercising your rights.

To exercise any right, contact [email protected]. We will respond within the timeframes required by applicable law (30 days for GDPR; 45 days for CCPA with possible extension).

Section 9

Cookies

This site uses essential cookies only — those strictly necessary to operate the service (session authentication, CSRF protection). No third-party analytics cookies are set by default. No advertising or cross-site tracking cookies are used.

Because we set no non-essential cookies, we do not operate a cookie consent banner. If this changes, this policy will be updated with at least 30 days notice.

Section 10

Children

Hive Civilization services are not directed at individuals under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact [email protected] and we will delete it promptly.

Section 11

Changes to This Policy

For material changes to this policy, Hive Civilization will provide at least 30 days notice before the change takes effect, via email to registered account holders and by posting the updated policy at this URL with a revised effective date. Continued use of the service after the effective date constitutes acceptance of the revised policy.

Non-material changes (clarifications, corrections, updated sub-processor lists) may be made at any time without advance notice.

Section 12

Contact

Privacy inquiries: [email protected]

Data Protection Officer: [DPO designation in progress. Direct DPO inquiries to [email protected].]

EU Article 27 Representative: [To be designated. Contact [email protected].]

Supervisory authority: You have the right to lodge a complaint with the supervisory authority in your EEA member state of residence.