Privacy Policy

1. Introduction

Hivework ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered meeting intelligence platform and related services (the "Service").

We understand that as a B2B platform handling meeting recordings, transcriptions, and organizational knowledge, we have a special responsibility to protect sensitive business information. This policy describes our practices in detail.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use our Service.

Roles: For Customer Data processed within the Service, your Organization acts as the data controller and Hivework acts as the data processor (or service provider) acting on your documented instructions. For account administration, billing, website operations, and product analytics, Hivework acts as an independent controller.

If required by law, we will execute a Data Processing Agreement (DPA) with your Organization. To request our standard DPA, contact [email protected].

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, job title, company name, and phone number
• Profile Information: Professional background, department, role, and language preferences
• Payment Information: Billing address and payment method details (processed by our payment processor)
• Communication Data: Support requests, feedback, and correspondence with our team
• Organization Information: Company details, team structure, and workspace configurations

2.2 Meeting and Collaboration Data

• Meeting Recordings: Audio and/or video recordings of meetings (with consent)
• Transcriptions: Text transcriptions of recorded meetings
• Meeting Metadata: Date, time, duration, participants, and meeting titles
• AI-Generated Content: Summaries, action items, decisions, and insights extracted from meetings
• Calendar Data: Meeting schedules and calendar events (when calendar is connected)
• Documents and Files: Files uploaded to the Service for reference or sharing
• Action Items and Tasks: Work items tracked within the platform

Recording and consent: You are responsible for informing participants and obtaining all legally required consents to record, transcribe, and analyze meetings using the Service, and for complying with applicable call recording and privacy laws.

Sensitive data: We do not require and discourage uploading special categories of personal data (for example, health information, biometric identifiers) unless we have expressly agreed in writing to support such use.

2.3 Automatically Collected Information

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Features used, pages viewed, click paths, time spent on features
• Log Data: System logs, error reports, and performance metrics
• Cookies and Similar Technologies: Session cookies, preference cookies, and analytics cookies

2.4 Information from Third-Party Services

• OAuth Information: Basic profile information when you sign in with Google or other providers
• Calendar Services: Calendar events and availability (Google Calendar, Outlook)
• Communication Platforms: Meeting information from integrated platforms (Zoom, Teams, Google Meet)

3. How We Use Your Information

3.1 To Provide and Improve Our Service

• Process and transcribe meeting recordings
• Generate AI-powered summaries and extract action items
• Provide search and retrieval of meeting content
• Manage your account and workspace
• Process payments and billing
• Improve our AI models and service features
• Provide customer support and respond to inquiries

3.2 For Communication

• Send service-related notifications and updates
• Provide technical notices and security alerts
• Send marketing communications (with your consent)
• Request feedback and conduct surveys

3.3 For Legal and Security Purposes

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and illegal activities
• Enforce our Terms and Conditions
• Protect our rights, property, and safety, and that of our users

3.4 AI Processing and Model Training

We use artificial intelligence to process Customer Data and generate Outputs (such as summaries and action items). Unless you expressly opt in, we do not use Customer Data to train our foundation models, and we contractually or configurably restrict third-party AI providers from training on Customer Data where such controls are available.

We may process de-identified or aggregated diagnostic information to maintain, secure, and improve the Service. Outputs may be similar to outputs provided to others; you are responsible for reviewing Outputs and determining their suitability for your purpose.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

4.1 Within Your Organization

Meeting data and content are shared with authorized members of your organization's workspace according to the permissions you set.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service:

• Cloud hosting providers (AWS, Google Cloud)
• Payment processors (Stripe, PayPal)
• Analytics services (with anonymized data)
• Customer support tools
• Email delivery services

4.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.5 Subprocessors

We engage subprocessors to help deliver the Service, including cloud hosting, database, storage, email delivery, calendar integrations, meeting transcription, and AI inference providers. Current categories include: cloud object storage (e.g., AWS S3/compatible), database (MongoDB), cache/queue infrastructure, email delivery, calendar integrations (e.g., Google), transcription (e.g., Recall.ai), and large language model providers (e.g., OpenAI). We require subprocessors to implement appropriate security and to process Customer Data only for the purposes of providing the Service to you.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption in transit (TLS 1.2+)
• Encryption at rest for stored data
• Regular security audits and vulnerability assessments
• One-time passcode (OTP) authentication and optional additional security controls where available
• Secure API access controls
• Regular backups and disaster recovery procedures

5.2 Organizational Measures

• Access controls and role-based permissions
• Employee training on data protection
• Confidentiality agreements with staff and contractors
• Regular review of security policies and procedures

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any data breaches that may affect you.

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

You can request deletion of your data at any time, subject to legal requirements and legitimate business needs.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and request a copy of your data in a portable format.

7.2 Correction and Update

You can update your account information at any time through your account settings or by contacting us.

7.3 Deletion

You can request deletion of your personal information, subject to certain exceptions such as legal obligations.

7.4 Consent Withdrawal

Where we process data based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

7.5 Marketing Communications

You can opt-out of marketing communications at any time by clicking the unsubscribe link in our emails or updating your preferences.

7.6 Cookie Preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

7.7 Submitting Requests

To exercise your rights, contact [email protected]. We may need to verify your identity (for example, by confirming control of your account or email). Authorized agents may submit requests on your behalf where permitted by law. We will respond within the timeframes required by applicable law.

7.8 Philippines Data Privacy Rights (DPA 2012)

If you are located in the Philippines, you have rights under the Data Privacy Act of 2012, including the rights to be informed, to object, to access, to correct, to erase or block, to damages, and to data portability.

You may also lodge a complaint with the National Privacy Commission (NPC): https://privacy.gov.ph/.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards such as:

• Standard contractual clauses approved by relevant authorities
• Ensuring recipients are in countries with adequate data protection laws
• Obtaining your explicit consent where required

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

We do not “sell” or “share” personal information (including for cross-context behavioral advertising) as those terms are defined under the California Consumer Privacy Act as amended by the CPRA.

To exercise these rights, please contact us at [email protected].

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

11.1 Legal Basis for Processing

We process your personal data based on:

• Contract: To provide our Service as described in our Terms
• Consent: For marketing communications and optional features
• Legitimate Interests: To improve our Service and ensure security
• Legal Obligations: To comply with applicable laws

11.2 Your Rights

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with supervisory authorities

To exercise these rights or for questions about our GDPR compliance, contact our Data Protection Officer at [email protected].

Where legally required, we will appoint an EU/UK representative to be a point of contact for supervisory authorities and data subjects.

12. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice through email or the Service.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For general support inquiries: [email protected]

15. Data Processing Agreement

For enterprise customers requiring a Data Processing Agreement (DPA) or additional security documentation, please contact our legal team at [email protected]. We provide standard DPAs that comply with GDPR and other regulatory requirements.

16. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember preferences, and analyze usage. Types of cookies include strictly necessary, preference, and analytics cookies. You can control cookies through your browser settings; disabling certain cookies may impact functionality.

Where required by law, we will obtain your consent before setting non-essential cookies.