Privacy Policy
This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).
Last updated: March 23, 2025
Authentication & Account Data
- Email address (used to create and access your account)
- Google account data (via OAuth: email, Google ID)
- JWT cookie for secure session management
Legal basis: Processing is necessary for the performance of a contract (account creation and access).
Analytics Data (via PostHog, EU-based)
- Anonymous usage data (page views, button clicks, bounce rate)
- Identified events (e.g. login, registration, payment) with email and user ID only after consent
- No analytics data is collected without your explicit consent via cookie settings.
Legal basis: Consent (you may withdraw at any time).
Payment Data (via Stripe)
- Email address (used to process payments)
- Billing information (collected and processed directly by Stripe)
- Stripe is PCI-DSS compliant and handles all payment data securely
Legal basis: Processing is necessary to fulfill a contract and comply with legal obligations.
Cookies
- Essential cookies: JWT cookie for authentication (required)
- Analytics cookies: Set by PostHog only after you consent via our cookie banner
Legal basis: Consent (non-essential cookies), Legitimate interest (essential cookies for core functionality)
Data Storage & Transfers
- Authentication data: stored securely on our servers
- Analytics data: processed and stored in the EU by PostHog
- Payment data: processed by Stripe, which may involve international transfers under appropriate safeguards
Data Retention
- Account data: while your account is active
- Analytics data: up to 12 months, unless withdrawn
- Payment data: per Stripe’s legal retention obligations
Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to access your data
- Right to rectify inaccurate or incomplete data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a Data Protection Authority (DPA)
Contact Information
To exercise any of your rights or ask a question about your data, please contact:
Data controller: HIVETECH SOFTWARE S.R.L.
Email us at: Contact page
🔗 Third-Party Services
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date.