HiveKey

Product

OverviewScopeGuardLogEnforcementPlatform & gatewayIntegrations

Solutions

Security teamsPlatform engineeringCompliance & GRCPII & data protectionAI & ML teamsBy industryUse cases

Developers

DocsHow it worksAPI referenceMCP governanceMCP directory

Resources

BlogLearnGlossaryCompareComplianceTrust center

Company

AboutTeamContact
Pricing Book a demo
Legal

Privacy Policy

Last updated: June 2026

Template / illustrative — not legal advice; final language pending counsel.

1. Introduction

HiveKey, Inc. ("HiveKey", "we", "us") provides a control plane for AI agents. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit hivekey.ai, create an account, or use our products and services (collectively, the "Services").

For most data processed on behalf of our business customers, HiveKey acts as a processor and the customer is the controller. That processing is governed by our Data Processing Addendum. This policy describes the data for which HiveKey is the controller — for example, account, billing, and website data.

2. Data we collect

Data you provide

  • Account data — name, work email, organization, role, and credentials.
  • Billing data — company details and payment information (processed by our payment provider).
  • Support data — messages, attachments, and context you send to our team.

Data we collect automatically

  • Usage data — pages viewed, features used, and product interactions.
  • Device & log data — IP address, browser, operating system, and timestamps.
  • Cookies — see Cookies & tracking below.

Customer content

When you operate agents through HiveKey, we process the action requests, policy decisions, and audit metadata routed through the control plane on your behalf. We handle this customer content under the DPA, not this policy.

3. How we use data

  • Provide, operate, secure, and improve the Services.
  • Authenticate users and enforce access controls.
  • Communicate about your account, security, and product changes.
  • Process payments and manage subscriptions.
  • Detect, investigate, and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations and enforce our agreements.

We do not sell personal data, and we do not use customer content to train foundation models.

5. Sharing & subprocessors

We share personal data only as needed to run the Services:

  • Subprocessors — vetted vendors that host infrastructure, send email, and provide analytics. See our current list of subprocessors.
  • Professional advisors — auditors, lawyers, and accountants under confidentiality.
  • Legal & safety — where required by law or to protect rights and safety.
  • Business transfers — in connection with a merger, acquisition, or asset sale.

6. Data retention

We retain personal data only as long as necessary for the purposes described here, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Account data is retained for the life of the account; audit and log data follow configurable retention windows. When data is no longer needed, we delete or anonymize it.

7. Security

We apply encryption in transit and at rest, least-privilege access, network segmentation, continuous monitoring, and routine testing. No method of transmission or storage is perfectly secure, but we maintain a documented security program and an active responsible disclosure program.

8. Your rights (GDPR / CCPA)

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing.
  • Request data portability.
  • Withdraw consent at any time.
  • Opt out of the "sale" or "sharing" of personal data (we do not sell data).
  • Be free from discrimination for exercising your rights.

To exercise these rights, email privacy@hivekey.ai. We will verify your request and respond within the timeframes required by law. You also have the right to lodge a complaint with your local supervisory authority.

9. Cookies & tracking

We use strictly necessary cookies to run the site and, with your consent, analytics cookies to understand usage. You can control cookies through your browser settings and our consent banner where applicable. Disabling some cookies may affect site functionality.

10. International transfers

We may transfer personal data to countries other than your own. Where we do, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK Addendum. Details for customer content are set out in the DPA.

11. Children's data

The Services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date and, where appropriate, notified to you.

13. Contact us

Questions about privacy? Email privacy@hivekey.ai. For data processing terms, see the DPA; for our vendor list, see Subprocessors.