Hivenue
Working draft. These terms are pending legal review and use placeholder company details.

Privacy Policy

Last updated: [9 July 2026]. This document describes how Hivenue processes personal data for the marketing site and the Hivenue platform.

1. Controller

Hivenue Srl, Via Placeholder 1, 20100 Milano (MI), Italy, VAT IT00000000000 ("Hivenue", "we"). Contact: [privacy@hivenue.com]. For data your workspace processes about your own customers, you are the controller and Hivenue acts as processor under the Data Processing Agreement.

2. Data we process

  • Account data: name, email address, authentication identifiers.
  • Store data via your Shopify Admin custom app: orders, products and customer records needed by the modules you enable.
  • Helpdesk email content: when you connect a mailbox (Gmail, Outlook or IMAP), message subject, body, headers and attachments, with an initial backfill window of 90 days followed by continuous sync.
  • Advertising data via your own Meta app: campaign structure, spend and performance metrics.
  • Payment dispute data from the processors you connect (Shopify Payments, Stripe, PayPal, Klarna).
  • First-party analytics events collected by the pixel installed on your store.
  • Workspace content: tasks, notes, knowledge entries and configuration.

3. Purposes and legal bases

We process data to provide the contracted service (art. 6.1.b GDPR), to comply with legal obligations (art. 6.1.c), and for our legitimate interest in securing and improving the service (art. 6.1.f). We do not sell personal data and we do not use customer content to train AI models.

4. Storage and security

Data is stored on EU infrastructure (Frankfurt) for database, file storage and authentication. Integration credentials and OAuth tokens are encrypted at rest with AES-256-GCM envelope encryption. Access is segregated per workspace at the database level, and sensitive operations are written to an immutable audit log.

5. Sub-processors

ProviderRegion and safeguardPurpose
SupabaseEU (Frankfurt)Database, storage, authentication
VercelEU edge, SCCsApplication hosting
Google LLCUS, SCCsGmail connectivity for the helpdesk
MicrosoftEU/US, SCCsOutlook connectivity for the helpdesk
ShopifyCA/US, SCCsStore data via your Admin API app

Transfers outside the EEA rely on the European Commission's Standard Contractual Clauses.

6. AI features

AI features operate on your workspace data at request time; outputs belong to your workspace. Copilot requests run on your own Anthropic API key and travel directly from your workspace to Anthropic. No customer content is used for model training.

7. Retention

Data is retained while your workspace is active. Disconnecting an integration revokes and deletes its tokens. After subscription cancellation, workspace data is retained for [60] days and then purged. Specific retention periods per data category are listed in the DPA annex.

8. Your rights

You can exercise the rights under articles 15 to 22 GDPR (access, rectification, erasure, restriction, portability, objection) by writing to [privacy@hivenue.com]. You can lodge a complaint with the Italian supervisory authority (Garante per la protezione dei dati personali).

9. Changes

We will post material changes on this page and, for significant changes affecting platform customers, notify workspace owners by email.