Privacy Policy

Last Updated: 2025/11/11 - Effective Date: 2025/11/11

1. Introduction

Blugri software+services BV ("Blugri software+services BV", "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Visit our website at hivebuilder.io (the "Site")
  • Use our hivebuilder software-as-a-service platform (the "Service")
  • Interact with us through email, social media, or other channels

Please read this Privacy Policy carefully. By accessing or using our Site or Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, do not use our Site or Service.

This Privacy Policy applies to information we collect:

  • On this Site
  • Through the Service
  • In email, text, and other electronic messages between you and the Site or Service
  • When you interact with our advertising and applications on third-party websites and services

It does not apply to information collected by third parties, including through any application or content that may link to or be accessible from the Site or Service.

2. Information We Collect

We collect several types of information from and about users of our Site and Service, including:

2.1 Personal Information You Provide

When you register for, access, or use our Service, we may collect:

Account Information:

  • Full name
  • Email address
  • Company name
  • Job title
  • Phone number
  • Billing address
  • Payment information (processed by Stripe, Inc.)

Profile Information:

  • Username and password
  • Profile photo (optional)
  • Professional information
  • Preferences and settings

Communications:

  • Support requests and correspondence
  • Survey responses
  • Feedback and testimonials

Organisation Information:

  • Organisation name
  • Team member information

2.2 Information Collected Automatically

When you access or use our Site or Service, we automatically collect:

Device and Usage Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Pages visited and features used
  • Time and date of visits
  • Referring/exit pages
  • Clickstream data

Location Information:

  • General geographic location (country, state/province, city) based on IP address

2.3 Information from Third Parties

We may receive information about you from third parties, including:

Service Providers:

  • Stripe, Inc. or other for payment processing
  • Analytics providers such as Google Analytics for usage analytics
  • Email providers such as Sendgrid for email communications

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

  • Create and manage your account
  • Process transactions and send transaction notifications
  • Provide customer support and respond to inquiries
  • Perform technical operations (hosting, security, backups)
  • Troubleshoot and fix technical issues

3.2 To Improve and Develop the Service

  • Analyze usage patterns and trends
  • Test new features and functionality
  • Conduct research and development
  • Improve user experience and interface design

3.3 To Communicate With You

  • Send service-related announcements and updates
  • Respond to your comments, questions, and requests
  • Send marketing communications (with your consent)
  • Notify you about changes to our policies or terms
  • Conduct surveys and collect feedback

3.4 For Security and Fraud Prevention

  • Detect, investigate, and prevent fraudulent transactions
  • Protect against security threats and abuse
  • Monitor and analyze security incidents
  • Enforce our Terms of Service

3.5 For Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests (subpoenas, court orders)
  • Protect our rights, privacy, safety, or property
  • Resolve disputes and enforce agreements

3.6 With Your Consent

  • For any other purpose disclosed to you at the time we collect your information
  • With your explicit consent for specific uses

3.7 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, our legal basis for collecting and using your personal information depends on the specific context:

  • Contractual Necessity: Processing is necessary to perform our contract with you (e.g., providing the Service)
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention, improving the Service, marketing to existing customers)
  • Legal Obligation: Processing is necessary to comply with applicable laws
  • Consent: You have given explicit consent for specific processing activities

You have the right to withdraw consent at any time. See Section 6 (Your Privacy Rights).

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes without your explicit consent. We may share your information in the following circumstances:

4.1 Service Providers

We use trusted third-party service providers to operate our platform, process payments, and maintain the reliability and security of our services. These providers act as data processors and handle personal data only as necessary to perform their functions on our behalf.

  • Azure Cloud provides the infrastructure and hosting for our SaaS platform. In this role, Azure processes data such as account information, usage data, and device information in order to deliver secure and reliable cloud services.
  • Stripe, Inc. acts as our payment processor. Stripe processes billing details and transaction data to complete payments, prevent fraud, and comply with financial regulations.

Each provider is contractually bound to protect your personal data in accordance with the General Data Protection Regulation (GDPR) and may process data only for the specific purposes stated above.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Court orders or subpoenas
  • Legal process or government requests
  • Requests from law enforcement or regulatory authorities
  • Legal claims or disputes

We may also disclose information when we believe, in good faith, that disclosure is necessary to:

  • Protect our rights, property, or safety, or that of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated and De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share statistics about Service usage with business partners or the public.

4.6 Data Sales

We do not sell your personal information to third parties.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data are kept for the lifetime of your account and up to three (3) years thereafter for legitimate interests in record-keeping and legal defence.
  • Transaction data are retained for seven (7) years to comply with tax and accounting obligations.
  • Support correspondence is kept for two (2) years after closure of the request.
  • Marketing data are kept until you withdraw consent, after which we retain minimal proof of consent withdrawal for six (6) months.
  • Technical and usage logs are kept for twelve (12) months, unless required longer for security or fraud prevention.
  • Backups are stored securely on a rolling 90-day cycle.

Once the retention period expires, data are deleted or anonymized in accordance with our Data Retention Policy.

Deletion and Anonymization

When we no longer need your personal information, we will:

  • Securely delete it from our systems
  • Anonymize it so it can no longer identify you
  • Archive it in a secure, restricted environment (if required by law)

You can request deletion of your personal information at any time. See Section 6.4 (Right to Delete).

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

6.1 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

Right to Access:

  • Request a copy of the personal information we hold about you
  • Receive information about how we process your data

Right to Rectification:

  • Request correction of inaccurate or incomplete personal information

Right to Erasure ("Right to Be Forgotten"):

  • Request deletion of your personal information in certain circumstances

Right to Restrict Processing:

  • Request that we limit how we use your personal information

Right to Data Portability:

  • Request a copy of your personal information in a structured, machine-readable format
  • Request that we transfer your information to another service provider

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing (including profiling)

Right to Withdraw Consent:

  • Withdraw consent for processing activities at any time (does not affect lawfulness of prior processing)

Right to Lodge a Complaint:

  • File a complaint with your local data protection authority
  • To exercise these rights, contact us at privacy@hivebuilder.io.

For security reasons, we may request additional information to verify your identity before fulfilling a privacy request.

6.2 Other Jurisdictions

If you are located outside the EEA, UK, or Switzerland, you may have privacy rights under the laws of your jurisdiction. We will honor those rights to the extent required by applicable law.

7. International Data Transfers

Blugri software+services BV is based in the European Union. Our primary data storage and processing take place within the EU, and we rely on trusted service providers (such as Microsoft Azure) that may process data in other jurisdictions under adequate safeguards.

7.1 For EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, we transfer your personal information to countries outside the EEA/UK/Switzerland only when:

Adequate Protections Are in Place:

  • The destination country has been deemed to provide an adequate level of protection by the European Commission or UK government
  • We have implemented Standard Contractual Clauses (SCCs) approved by the European Commission
  • We rely on other approved transfer mechanisms (e.g., Binding Corporate Rules, certifications)

Your Rights: You may request a copy of the safeguards we have implemented for international transfers by contacting privacy@hivebuilder.io.

7.2 Privacy Shield (No Longer Valid)

Note: The EU-U.S. and Swiss-U.S. Privacy Shield frameworks were invalidated by the European Court of Justice in July 2020. We no longer rely on Privacy Shield for data transfers.

8. Cookies and Similar Technologies

We use only essential technologies such as session cookies and session storage to operate and secure our Service. These are necessary for core functions like authentication, maintaining user sessions, and ensuring platform stability.

We do not use analytics, advertising, or tracking cookies, and we do not store personal information in your browser beyond what is strictly necessary for the Service to function.

9. Data Security

We take appropriate administrative, technical, and physical measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures are designed to ensure a level of security appropriate to the risk associated with the processing of your data.

Access to personal information is limited to authorized personnel who require it to perform their duties, and all employees and service providers are bound by confidentiality obligations. We regularly review our security controls and update them in line with industry standards and legal requirements.

Limitations of Security

While we strive to protect your personal information, no method of transmission or electronic storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any unauthorized access or use of your account.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant supervisory authorities without undue delay, in accordance with applicable data-protection laws.

10. Children's Privacy

Our Service is intended for use by individuals who are at least 16 years old (or the age of digital consent in their country, if different). We do not knowingly collect personal information from anyone under that age.

If you are under the applicable age of consent, please do not register for an account, use the Service, or provide any personal information to us.

If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly.

Parents or guardians who believe that their child has provided us with personal information can contact us at privacy@hivebuilder.io, and we will assist in resolving the matter.

11. Third-Party Links and Services

Our Site and Service may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party sites or services.

We are not responsible for:

  • The privacy practices of third-party sites
  • The content of third-party sites
  • How third parties collect, use, or share your information

Before providing personal information to third parties, review their privacy policies. We encourage you to be aware when you leave our Site or Service and to read the privacy policies of every website you visit.

Third-Party Services We Integrate:

  • Azure AI Foundry (Microsoft Corporation) — We use Azure AI Foundry to provide artificial-intelligence and machine-learning capabilities that enhance features within our Service. When you interact with AI-powered functionality, limited data may be processed through this service for analysis or content generation, in accordance with our instructions and Microsoft's privacy and security standards.

When you connect third-party services to your account, those services may access certain information in accordance with their own privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • Material Changes: We will notify you via email (to the address associated with your account) and/or a prominent notice on our Site at least 30 days before the changes take effect
  • Non-Material Changes: We will update the "Last Updated" date at the top of this Privacy Policy

Your Continued Use: Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Privacy Policy, you must stop using the Service and close your account.

Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, contact us:

Blugri software+services BV

Email: privacy@hivebuilder.io

Response Time

We aim to acknowledge all privacy inquiries within five (5) business days.

We will respond to all privacy-related requests without undue delay and in any event within one (1) month of receiving your request, in accordance with applicable data-protection laws.

If your request is particularly complex or if we receive multiple requests, we may extend this period by up to two (2) additional months. In that case, we will notify you within the initial one-month period and explain the reason for the delay.