Privacy Policy
Last updated: [9 July 2026]. This document describes how Hivenue processes personal data for the marketing site and the Hivenue platform.
1. Controller
Hivenue Srl, Via Placeholder 1, 20100 Milano (MI), Italy, VAT IT00000000000 ("Hivenue", "we"). Contact: [privacy@hivenue.com]. For data your workspace processes about your own customers, you are the controller and Hivenue acts as processor under the Data Processing Agreement.
2. Data we process
- Account data: name, email address, authentication identifiers.
- Store data via your Shopify Admin custom app: orders, products and customer records needed by the modules you enable.
- Helpdesk email content: when you connect a mailbox (Gmail, Outlook or IMAP), message subject, body, headers and attachments, with an initial backfill window of 90 days followed by continuous sync.
- Advertising data via your own Meta app: campaign structure, spend and performance metrics.
- Payment dispute data from the processors you connect (Shopify Payments, Stripe, PayPal, Klarna).
- First-party analytics events collected by the pixel installed on your store.
- Workspace content: tasks, notes, knowledge entries and configuration.
3. Purposes and legal bases
We process data to provide the contracted service (art. 6.1.b GDPR), to comply with legal obligations (art. 6.1.c), and for our legitimate interest in securing and improving the service (art. 6.1.f). We do not sell personal data and we do not use customer content to train AI models.
4. Storage and security
Data is stored on EU infrastructure (Frankfurt) for database, file storage and authentication. Integration credentials and OAuth tokens are encrypted at rest with AES-256-GCM envelope encryption. Access is segregated per workspace at the database level, and sensitive operations are written to an immutable audit log.
5. Sub-processors
| Provider | Region and safeguard | Purpose |
|---|---|---|
| Supabase | EU (Frankfurt) | Database, storage, authentication |
| Vercel | EU edge, SCCs | Application hosting |
| Google LLC | US, SCCs | Gmail connectivity for the helpdesk |
| Microsoft | EU/US, SCCs | Outlook connectivity for the helpdesk |
| Shopify | CA/US, SCCs | Store data via your Admin API app |
Transfers outside the EEA rely on the European Commission's Standard Contractual Clauses.
6. AI features
AI features operate on your workspace data at request time; outputs belong to your workspace. Copilot requests run on your own Anthropic API key and travel directly from your workspace to Anthropic. No customer content is used for model training.
7. Retention
Data is retained while your workspace is active. Disconnecting an integration revokes and deletes its tokens. After subscription cancellation, workspace data is retained for [60] days and then purged. Specific retention periods per data category are listed in the DPA annex.
8. Your rights
You can exercise the rights under articles 15 to 22 GDPR (access, rectification, erasure, restriction, portability, objection) by writing to [privacy@hivenue.com]. You can lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali).
9. Changes
We will post material changes on this page and, for significant changes affecting platform customers, notify workspace owners by email.