Privacy Policy

This Privacy Policy describes how Hivra (“Hivra,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you access or use our websites, applications, and related services (collectively, the “Services”).

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Services.

This policy is provided for transparency. It is not legal advice. You should consult qualified counsel to ensure your documentation meets your regulatory obligations.

The data controller responsible for personal information processed in connection with the Services is Hivra, operating in connection with the domain hivra.online (and related domains we may use from time to time).

Email: support@hivra.online

We may collect the following categories of information:

• Account & identity data: name, email address, password or authentication tokens (if you create an account), and profile details you choose to provide.
• Billing data: subscription status, plan tier (Free, Creator, Enterprise), payment-related identifiers, and transaction records. Payments may be processed by PayPal or another payment provider we enable; we typically receive limited billing metadata rather than full payment instrument details.
• Content & media: videos, images, captions, thumbnails, drafts, schedules, and other materials you upload or generate while using the Services.
• Connected platform data: tokens, account identifiers, and permissions you authorize when connecting social platforms (for example Facebook Page, Instagram, TikTok, YouTube, X, Threads). We may also process metadata returned by those platforms needed to publish content and show status (for example post IDs, publish results, and error messages).
• Usage & diagnostics: log data, device/browser type, approximate location derived from IP address, timestamps, feature usage events, crash reports, and performance metrics.
• Communications: messages you send to us (for example support emails), including attachments, and records of our responses.
• Cookies & similar technologies: see Section 7.

We collect information from:

• You, when you register, connect accounts, upload content, or contact us;
• Your devices and browsers automatically (for example IP address and cookies);
• Third-party platforms you connect, subject to your authorization and the platform’s rules;
• Service providers that help us operate the Services (for example hosting, email delivery, analytics).

We use personal information to:

• Provide, operate, maintain, and improve the Services;
• Authenticate users, secure accounts, detect fraud and abuse, and enforce our Terms of Service;
• Process subscriptions, invoices, and plan changes (including Free, Creator, and Enterprise tiers);
• Publish and schedule content to third-party platforms you connect, as instructed by you;
• Provide customer support and respond to inquiries sent to support@hivra.online;
• Provide product features such as autosave, AI-assisted drafting suggestions, analytics, notifications, and in-product messaging;
• Comply with law, respond to lawful requests, and protect rights, safety, and security; and
• Send service-related communications (for example security notices, receipts, and policy updates). Where required, we will obtain consent for marketing communications.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases, as applicable:

• Contract: processing necessary to provide the Services you request;
• Legitimate interests: securing the Services, improving features, and supporting users, balanced against your rights;
• Consent: where required for certain cookies, marketing, or optional features;
• Legal obligation: where processing is required by law.

We and our partners may use cookies, local storage, pixels, and similar technologies for essential functions (for example login sessions and security), preferences, analytics, and (where permitted) marketing measurement.

You can control cookies through your browser settings. Blocking essential cookies may affect functionality.

We use service providers to host and operate the Services. Depending on how the Services are configured, this may include:

• Supabase (database, authentication-related infrastructure, and related backend services);
• Vercel (hosting and deployment for our web application);
• Resend (transactional and operational email delivery, and inbound email processing where enabled);
• PayPal (processing subscription payments where PayPal checkout is offered; subject to PayPal’s terms and privacy notice).

These providers may process personal information only as instructed by us and subject to appropriate safeguards. We may update our subprocessors from time to time; where required by law, we will provide notice.

When you connect third-party social platforms, your use of those platforms is also governed by their respective terms and privacy policies. Hivra does not control how those platforms process personal data beyond what is necessary to provide publishing features you request.

We may share personal information:

• With subprocessors that assist in operating the Services (see Section 8);
• With social platforms when you instruct us to publish content or retrieve publishing status;
• With professional advisors (lawyers, auditors) where necessary;
• To comply with law, enforce our terms, detect fraud, and protect users; and
• In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information as “sale” is defined under applicable U.S. state privacy laws, and we do not share personal information for cross-context behavioral advertising as a “sale” without offering required choices where legally mandated.

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods can vary based on the category of data (for example billing records, security logs, and content you store in your workspace).

You may request deletion of your account subject to Section 12 and applicable law. Some information may persist in backups for a limited period.

We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing. You may also have the right to withdraw consent where processing is consent-based.

EEA/UK/Switzerland: you may lodge a complaint with a supervisory authority.

United States (state laws): residents of certain states may have additional rights (for example opt-out of certain processing, appeal decisions). We will respond in accordance with applicable law.

To exercise rights, contact support@hivra.online. We may need to verify your request.

How to request data deletion

To request deletion of personal data we hold about you, you may email support@hivra.online with the subject line Data Deletion Request. Include the email address associated with your Hivra account and describe what you want deleted (for example your full account, or specific categories of data). We will respond within a reasonable period, and where applicable within the timeframe required by law (often within 30 days for many requests).

For data held by connected social platforms, you may also need to revoke Hivra’s access in each platform’s app or security settings, in addition to contacting us. Deleting your Hivra account or data in our systems does not remove content that was already published on those platforms—you must remove that content directly on each platform if you no longer want it there.

What we can typically delete

• Your account profile and authentication information;
• Content you uploaded to Hivra (for example videos, drafts, and media stored in your workspace), subject to retention below;
• Connection data for linked social accounts (tokens and related identifiers we store to enable publishing); and
• Usage and activity data tied to your account where technically feasible.

What we may retain

• Aggregated or de-identified information that does not identify you;
• Records we must keep for tax, accounting, or legal compliance (for example transaction records related to purchases); and
• Information needed to resolve disputes or enforce our agreements, for the period reasonably required.

Some data may remain in encrypted backups for a limited time before being overwritten. Deleting your Hivra account will end your access to the Services and remove most associated personal data from active systems as described above.

The Services are not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

We may process and store information in the United States and other countries where we or our subprocessors operate. If we transfer personal information from certain regions, we will implement appropriate safeguards as required by law (for example standard contractual clauses).

If you connect a Google account or use features that rely on Google API Services (including the YouTube API Services), Hivra’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements that apply when we request restricted scopes.

Specifically, we use Google user data received via Google APIs only to:

• Provide, improve, or secure user-facing features of Hivra that you choose to use (for example connecting a channel, uploading or publishing video, or showing status in the product);
• Operate the Services as described in this Privacy Policy and in our in-product disclosures; and
• Comply with applicable law and enforce our terms, including detecting abuse and protecting security.

We do not use Google user data received from Google APIs to:

• Sell, rent, or otherwise monetize it (beyond providing the Services);
• Serve advertisements (including personalized or retargeted ads) except as permitted for features that are clearly part of the Services and disclosed to you;
• Train generalized artificial intelligence or machine learning models from user content or Google user data, except as permitted under the Google API Services User Data Policy for the scopes we use; or
• Transfer Google user data to others except as necessary to provide or improve user-facing features of Hivra (for example subprocessors listed in Section 8 that host our infrastructure), or as required by law.

Human access to Google user data is limited to what is needed to provide support you request, maintain and secure the Services, comply with law, or as you expressly authorize.

Certain features may use automated or AI-assisted processing to generate suggestions (for example caption drafts or tag ideas). You remain responsible for reviewing and approving content before publishing. Where required, we will provide additional information about automated processing.

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. If changes are material, we will provide notice as required by law (for example email or in-product notice).

Questions about this Privacy Policy: support@hivra.online