Hive CRM Privacy Policy

1. What Information We Collect and Process

We collect different types of information from or about you and your use of our Services, including through Google integrations, as described below. "Personal Data" means any information that relates to an identified or identifiable individual.

1.1 Information You Provide to Us

We collect Personal Data that you provide directly to us when interacting with Hive CRM. This includes information you provide when you create an account, fill out forms on our website, communicate with us, or use the Services. Examples include:

• Account Registration Information: When you sign up for Hive CRM, we ask for information such as your name, email address, company/organization name, job title, phone number, and password. We may also collect additional profile information you choose to provide (such as a profile photo or time zone).
• Contact and Support Information: If you request a demo, contact customer support, or otherwise communicate with us (e.g., via email or chat), you may provide your name, contact details, and the content of your communications. We collect this information to respond to your inquiries and improve our Services.
• Payment Information: If you subscribe to a paid plan or make purchases through Hive CRM, we (or our secure payment processor acting on our behalf) will collect billing details such as your billing address and payment method information. This information is used solely to process transactions you authorize. (Hive CRM uses trusted third-party payment processors, so we do not store full payment card numbers.)
• Other Information You Choose to Provide: You may provide information when using certain features of the Services, such as posting a testimonial or feedback, or filling out a survey. We will collect whatever information you choose to provide in these contexts (which could include Personal Data such as your opinions, job role, etc.) and use it for the purposes for which you submitted it.

1.2 Customer Data (Data You Input into Hive CRM)

Hive CRM is a customer relationship management platform, which means it allows you to input, manage, and process information about your contacts, leads, sales activities, and other business data. In this context, you (or your organization) act as the controller of any Personal Data you choose to input into our Services about third parties (for example, your customers or prospects), and Hive CRM acts as a processor (or "service provider") on your behalf. This data is referred to as "Customer Data." It can include, for example:

• Contact details and profile information about your customers, leads, or other individuals (such as name, email address, phone number, job title, employer, mailing address).
• Communications and interactions with your contacts stored in the CRM, such as notes about meetings, call logs, tasks, or email correspondence.
• Business relationship information, including deal details, account history, contract information, or any other data you upload or enter into Hive CRM about an individual or organization.

You are responsible for ensuring that you have any necessary permissions or legal basis to collect and process Customer Data using Hive CRM. We process Customer Data strictly in accordance with your instructions and as necessary to provide the Services. We do not use Customer Data for our own purposes unrelated to providing the Services. If an individual whose data is stored in Hive CRM (for example, one of your customers) has a privacy inquiry or request (such as access or deletion), we will direct that inquiry to you as the account owner, and assist you in fulfilling the request as needed.

1.3 Information Collected from Google Integrations

If you choose to integrate Hive CRM with your Google Workspace account (such as Gmail, Google Calendar, or Google Drive), we will, with your explicit permission, access certain information from those Google services to provide our integration features. Please see Section 9 below for detailed information on what data we access from Gmail, Google Calendar, and Google Drive and how we use and protect that data. In summary, any data we retrieve from Google services is used only to enable the functionality you expect (e.g. syncing your emails, calendar events, or files with Hive CRM) and is handled in compliance with Google's policies and our commitments (no sharing, no selling, and no use for AI model training).

1.4 Information We Collect Automatically

When you use our websites or applications, we collect certain information automatically about your device and usage of the Services. This data helps us analyze and improve our Services and ensure the Service works properly. It may include:

• Usage and Log Data: We record information about your interactions with Hive CRM, such as the date and time you logged in, the features or pages you accessed, search queries, tasks performed, and other actions within the application. For example, we may log when you create or update a contact or when an integration sync occurs.
• Device and Technical Information: We collect information about the computer or mobile device you use to access our Services. This may include your IP address (which can indicate general location like city or country), browser type, device type, operating system, device identifiers, and crash/diagnostic data if an error occurs.
• Cookies and Similar Technologies: When you visit our website or use the web app, we and our service providers use cookies and similar tracking technologies to remember your preferences and settings, authenticate your account, and analyze web traffic and usage patterns. For more details, see Section 6 below.

We may use third-party analytics tools (like Google Analytics) that employ cookies or scripts to collect information about how users interact with our website. This information helps us understand user behavior and improve our web experience. These third-party analytics providers collect and share usage data with us in aggregated form; they do not identify you personally in our reports.

1.5 Information from Other Sources

In general, we collect Personal Data directly from you. If we ever receive information about you from other sources, we will treat it in accordance with this Privacy Policy and any additional restrictions imposed by the source. For example, if you interact with our social media pages or if you register for Hive CRM via a partner or marketplace, we might receive your name or email from those third parties. We will use such information only for the purposes for which it was provided to us. We do not purchase contact lists or personal information from data brokers. Additionally, we do not collect sensitive personal data such as social security numbers, financial account passwords, or information about your health, genetic, or biometric identifiers through our Services.

2. How We Use Personal Data

We use the Personal Data we collect for the following purposes:

• Providing and Improving the Services: We process your information to set up and maintain your account, provide you with access to Hive CRM, and deliver the features and services you request (including our Gmail, Calendar, and Drive integrations). This includes using Personal Data to populate your CRM with the data you input or sync, to display personalized content (such as your emails or calendar events) back to you, and to otherwise operate the core functionality of the platform. We may also analyze usage patterns and feedback to improve existing features, troubleshoot issues, and develop new features or enhancements to the Services. (Any analysis of usage is done in aggregate or on a pseudonymous basis; we do not use the content of your emails, files, or CRM records to profile you for marketing or to train product algorithms outside the scope of providing the Service.)
• Communicating with You: We use contact information (like your email address or phone number) to send you account-related messages and notifications. These include confirmations, invoices, technical alerts, security notifications, and administrative messages. We may also send you product updates, newsletters, and promotional communications to the extent you have subscribed to or not opted out of such messages. You can manage your email preferences as described in Section 7.3 below. We will not send you marketing emails if you have opted out.
• Customer Support: If you contact us for help, we will use any Personal Data you provide (like your contact info and the content of your request) to troubleshoot and resolve your issue. We may also access your account or certain data (with your permission and as necessary) to provide support, such as investigating a bug you reported. Our support team will only access your data as needed to assist you, and such access is recorded and controlled.
• Security and Abuse Prevention: We may process Personal Data (including account information and technical data) to maintain the security of our Services, our users, and others. This includes monitoring for suspicious or fraudulent activity, detecting and preventing malicious behavior, enforcing our Terms of Service and Acceptable Use policies, and protecting the rights and safety of Hive CRM, our customers, and the public. For example, we may analyze login activity to detect unusual patterns that could indicate unauthorized access, or review content if we suspect it violates the law or our policies.
• Legal Compliance and Protection: Where required by law or necessary to protect legal rights, we use Personal Data to comply with obligations under applicable laws, regulations, or legal processes. This may include retaining and disclosing certain information as required by law enforcement requests or government authorities, responding to legal claims or audits, or enforcing our agreements (such as billing and contractual terms).
• Other Purposes with Your Consent: We will use your Personal Data for any other purpose that you specifically direct or consent to from time to time. If we want to process your data for a purpose that is materially different from those in this Privacy Policy, we will notify you and, if required, seek your consent.

3. How We Share Personal Data

We understand the importance of keeping your information private. Hive CRM does not share, sell, rent, or trade your Personal Data to unrelated third parties for their promotional use. We only share Personal Data in the following limited circumstances, and always pursuant to appropriate safeguards and only as necessary:

3.1 Service Providers (Processors)

We may share your information with trusted third-party service providers and partners who perform services on our behalf to support our operations and the provision of the Services. Examples include cloud hosting providers (for data storage and infrastructure), email service providers (to send transactional or support emails), customer support software, analytics services, and payment processors. These service providers are bound by contractual obligations to process Personal Data only under our instructions and to protect it. They are not permitted to use your data for their own purposes. For instance, if we use a cloud infrastructure provider to host our servers, your data will be stored on their servers, but they cannot access or use it except to the extent needed to maintain the service.

3.2 Business Transfers

If Hive CRM is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your Personal Data may be transferred as part of that transaction. We would ensure that any acquiring entity is bound to respect the terms of this Privacy Policy regarding your Personal Data. You would be notified via a prominent notice on our website or by email of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

3.3 Legal Compliance and Protection

We may disclose your Personal Data if we in good faith believe such disclosure is necessary to (a) comply with any applicable law, regulation, legal process, or governmental request (such as a court order or subpoena); (b) enforce our Terms of Service or other agreements, investigate potential violations, or protect against legal liability; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect our rights, property, and safety, or that of our users, you, or the public. We will only disclose the minimum amount of information that we believe is required to meet the above purposes and will, when feasible, inform you of such disclosure if legally permitted.

3.4 Aggregate or De-Identified Data

We may share information that has been aggregated or de-identified such that it can no longer be linked to an individual. For example, we might publish usage trends or system performance metrics that do not identify any individual user. Such data is not considered Personal Data and may be used freely for business purposes.

3.5 With Your Consent or at Your Direction

Apart from the cases above, we will share your Personal Data with third parties only if you direct us to do so or provide your explicit consent. For example, if you choose to integrate Hive CRM with a third-party application or export data to another service, we will share data with those parties at your direction.

4. How We Transfer Personal Data Internationally

Hive CRM is a global service. We may process and store Personal Data on servers located in the United States and possibly other countries. If you are accessing the Services from outside the United States, be aware that your Personal Data may be transferred to and stored in the U.S. or other jurisdictions which may have data protection laws that are different from those in your country. In all such international transfers, we ensure that appropriate safeguards are in place to protect your Personal Data in accordance with this Privacy Policy and applicable laws. These safeguards may include:

• Contractual Protection: If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or another region with data transfer restrictions, we rely on approved legal mechanisms to transfer your data, such as the European Commission's Standard Contractual Clauses (SCCs) or other lawful measures. These contracts impose data protection obligations on the recipients of your information to ensure it remains protected.
• Adequacy Decisions: In some cases, we may transfer data to countries that have been deemed to have an adequate level of data protection by the relevant regulatory authorities (for example, transfers to Canada or under the EU-U.S. Data Privacy Framework if and when applicable).
• User Consent: Where appropriate and permitted by law, we may rely on your explicit consent for cross-border data transfers. For example, if you initiate a connection from a country to our U.S.-based servers, you consent to the transfer of data needed to fulfill your request.

You have the right to know the safeguards we have in place for international transfers of your Personal Data. If you would like more information about these safeguards, you can contact us at info@hivecrm.ai.

5. How We Store and Secure Personal Data

5.1 Data Security

We take the security of your Personal Data very seriously. Hive CRM has implemented a combination of technical, administrative, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include, for example:

• Encryption: All data transmitted between your device and our servers is protected using industry-standard encryption (HTTPS/TLS). For particularly sensitive data, we may also encrypt it at rest in our databases or file storage.
• Access Controls: We restrict access to Personal Data to authorized personnel who need it to operate our Services. Our staff are trained on data privacy and security, and we maintain policies to ensure your data is handled properly. We use authentication and authorization controls to manage which employees can access systems containing personal data.
• Network & System Security: Our infrastructure is protected by firewalls and monitoring systems. We regularly update and patch our software and conduct vulnerability assessments. Data is regularly backed up to help prevent data loss, and backups are secured.
• Third-Party Standards: When we use third-party service providers (such as hosting or payment processing), we ensure they meet high security standards and have commitments to confidentiality and data protection. We review their security measures as needed.
• Incident Response: We have an incident response plan in place for handling any data security breach. In the unlikely event of a security incident affecting your Personal Data, we will notify you and relevant authorities as required by law and work to remediate the issue.

While we strive to protect your data, no system can be 100% secure. Therefore, you should also take care with how you protect your account credentials and devices. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel your account has been compromised), please immediately contact us.

5.2 Data Retention and Deletion

We retain Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law, whichever is longer. In practice, this means:

• Account Data: We keep the information you provide and the data associated with your account for as long as you maintain an active account with Hive CRM. This is necessary to provide you with the Services.
• Customer Data in the CRM: All data you store in Hive CRM (including contacts, emails, notes, files, etc.) remains in our systems until you delete it or request deletion. You control most data directly and can modify or remove it via your account.
• Upon Cancellation: If you choose to cancel your Hive CRM account (or if your subscription expires and is not renewed), we will delete all Personal Data and Customer Data associated with your account. In most cases, deletion occurs promptly after account cancellation. It may take a short period of time for complete removal from our active servers and backups, but we will proceed with the deletion process immediately. Once deleted, your data cannot be recovered. (Please note that we may retain billing records or other information for a certain period if necessary for legal, tax, or accounting purposes, but such data will not be used for any other purpose.)
• Inactive Accounts: If you have an account that has been inactive for an extended period, we may contact you to ask if you wish to maintain the account. If we decide to clean up inactive accounts, we will provide notice and an opportunity to retain your data or have it deleted. We will not delete data from an active account without notice.
• Compliance and Disputes: In certain cases, we may need to retain some information for longer if required by law (for example, retention of transaction records for financial regulations) or if needed for resolving disputes or enforcing our agreements. We will ensure any retained data is handled securely and only used for the intended purpose.

Once the retention period expires, or upon verified request, we will either delete your Personal Data or anonymize it (so that it can no longer be associated with you) in a manner designed to protect your information.

6. Cookies and Similar Technologies

Hive CRM uses cookies and similar tracking technologies on our websites and web-based Services to provide, customize, and improve your user experience. A cookie is a small text file placed on your device that helps us recognize you when you return. How We Use Cookies:

• Essential Cookies: These are necessary for our website and Services to function properly. For example, when you log into Hive CRM, we use cookies to keep you logged in as you navigate between pages. Essential cookies enable core functionality like user authentication and session management.
• Preference Cookies: We may use cookies to remember your preferences and settings, such as language selection or display settings, so you don't have to set them every time.
• Analytics Cookies: We utilize analytics providers (like Google Analytics) that set cookies to collect information about your site usage. This information helps us understand which pages are most popular, how users navigate our site, and where we can improve the experience. The data collected is generally aggregated and does not identify you personally.
• Functionality Cookies: Some cookies help us deliver certain features, such as chat support or A/B testing of new features. They may track usage of those features to ensure they work correctly.
• Advertising Cookies: Hive CRM currently does not use third-party advertising or targeting cookies on our website that would track you for advertising purposes. We do not serve third-party ads, so we generally do not use cookies for ad targeting. If this changes in the future, we will update this policy and provide appropriate opt-outs.

Your Choices:

Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. You also have options to delete cookies. Please be aware that blocking or deleting certain cookies could affect the functionality of our Services. For instance, if you reject authentication cookies, you may not be able to log in or use the Service.

We may also use similar technologies like web beacons (small graphic images or scripts) in our HTML emails or website to count users who have opened emails or visited pages, to help us measure the effectiveness of communications and site engagement.

For more information about cookies and how to manage them, you can visit resources like the AllAboutCookies.org website. By using our site and Services, you consent to our use of cookies and similar technologies as described in this section.

7. Your Privacy Rights and Choices

You have certain rights and choices regarding your Personal Data. Hive CRM is committed to providing you with access and control over your information, in line with applicable privacy laws.

7.1 Access, Correction, and Deletion of Your Data

• Access & Portability: You have the right to request a copy of the Personal Data we hold about you and to request details about how we use it. In most cases, you can directly access and review your account information and data stored in Hive CRM by logging into your account. If you require additional access or a downloadable copy of your data, you can contact us and we will provide it (subject to authentication of your identity).
• Correction: If any of your Personal Data is inaccurate or outdated, you have the right to correct or update it. You can usually do this through your account settings (for basic profile info) or by editing records in the CRM (for Customer Data). For any information that you cannot change yourself, please contact us and we will correct it as needed.
• Deletion: You have the right to request deletion of your Personal Data. As noted, you can delete much of your data directly within the Service (for example, removing a contact or deleting a note). If you want to delete your entire account and all associated data, you may do so by canceling your account or contacting us for assistance. Once your account is canceled, we will delete your data as described in Section 5.2. If you prefer, you may request that we delete specific information (where feasible) without closing your account – we will honor such requests to the extent possible. Please note that deleting certain data may affect your ability to use the Service. Also, in some cases we may retain limited information as required by law or for legitimate business purposes (see Section 5.2 for details).

We will respond to legitimate requests to access, correct, or delete Personal Data within a reasonable timeframe and as required by law (typically within 30 days). For security, we may need to verify your identity (and authority, if you make a request on behalf of someone else) before fulfilling your request. There is no fee for making these requests, though repeated or excessive requests may incur a fee as permitted by law.

7.2 Objection and Restriction; Withdrawal of Consent

• Objecting to Processing: In certain situations, you may have the right to object to or restrict specific types of processing of your Personal Data. For example, if we process your data based on our legitimate interests, you can object if you believe it infringes on your rights. If you object, we will consider your request and stop or adjust processing unless we have compelling legitimate grounds or a legal obligation to continue.
• Restriction: You may have the right to request that we limit processing of your Personal Data in certain circumstances (for instance, while we are verifying the accuracy of data you contested or in lieu of deletion). We will restrict processing of your data upon valid request, and only retain enough information to ensure we respect the restriction in future.
• Withdraw Consent: If we rely on your consent to process any Personal Data (such as for optional marketing communications or certain integrations), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing already completed, but it will prevent us from continuing the specific activities that relied on consent. For example, you can withdraw consent for marketing emails by unsubscribing, and withdraw consent for Google data access by revoking the integration (see Section 9.4).

7.3 Communication Preferences (Opting Out of Emails)

Hive CRM may send you emails or other communications in two categories: (a) Transactional or Service Communications, and (b) Promotional or Marketing Communications.

• Service Communications: These are emails and messages necessary for the administration of your account and the Services. They include messages like account confirmations, billing receipts, password resets, important service announcements, and support responses. You cannot opt out of these service-related communications as long as you have an active Hive CRM account, because they are essential to providing our Services. (For example, you wouldn't want to miss a security alert about your account.)
• Marketing Communications: These include newsletters, product announcements, offers, and event invitations that are not strictly necessary for service usage. We will send you marketing communications if you have signed up for them or if you are using our Services and have not opted out. You have the right to opt out of marketing emails at any time. You can unsubscribe by clicking the "unsubscribe" link in any marketing email, or by adjusting your email preferences in your account settings (if available), or by contacting us at info@hivecrm.ai with your request. Once you opt out, we will stop sending you promotional emails. Please note that it may take a few days to fully remove you from all mailing lists, and opting out of marketing does not affect service communications as noted above.

7.4 Cookies and "Do Not Track"

As described in Section 6, you have choices about how to manage cookies and tracking technologies. You can set your browser to refuse certain cookies or to alert you when cookies are being sent. If you do so, note that some parts of our Service may not function properly.

"Do Not Track" (DNT) is a preference you can set in some web browsers to signal that you do not wish to be tracked across websites. Hive CRM's websites do not currently respond to DNT signals. However, we limit tracking to the purposes described in this policy (and we do not share your data with third parties for cross-site advertising without your consent).

7.5 No Discrimination

Hive CRM will not discriminate against you for exercising any of your privacy rights. For example, we will not deny you Services, provide a different quality of service, or charge different prices because you exercised your rights under applicable law.

7.6 Additional Rights for EEA/UK/Swiss Individuals

If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with similar privacy laws, you have certain additional rights under the General Data Protection Regulation (GDPR) or equivalent laws. These include the rights described above (access, correction, deletion, restriction, objection, portability, and withdrawal of consent). Hive CRM respects these rights and this Privacy Policy is intended to give you the necessary information to exercise them.

If you have concerns about our handling of your Personal Data and are located in these jurisdictions, you also have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first at info@hivecrm.ai so we can address your concerns directly. We are committed to resolving any issues in a timely and professional manner.

8. California Privacy Rights

If you are a resident of California, you are granted specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section applies solely to California consumers and is intended to comply with CCPA/CPRA requirements. It describes the categories of Personal Information (as defined by California law) that Hive CRM collects, the purposes for which we use it, the categories of third parties to whom we disclose it, and your California privacy rights.

8.1 Categories of Personal Information Collected

In the preceding 12 months, Hive CRM has collected the following categories of Personal Information from California consumers, corresponding to the examples given in Section 1 of this policy:

• Identifiers: Such as your name, email address, IP address, account username, and similar identifiers. (Collected directly from you when you register or use our Service.)
• Customer Records Information: This includes contact information and any personal details you may store in the CRM about your own customers or leads (for example, phone number, employer, physical address), as well as billing information for our customers (excluding payment card details which go directly to our payment processor). (Collected from you as you use the Service.)
• Commercial Information: Records of the products or services you have purchased or considered (e.g., your subscription plan, billing history) and other usage records (like the features you use). (Collected from your interactions with our Service.)
• Internet or Network Activity: Information about your interaction with our website or application, including usage data, logs, cookie identifiers, and browsing data on our site. (Collected automatically via cookies and logs as you use our online services.)
• Geolocation Data: General location information inferred from your IP address (we do not collect precise GPS coordinates). (Collected automatically from your device's network connection.)
• Professional or Employment Information: If you provide it, we may have your employer or company name, your job title/role, and industry. (Collected from you during sign-up or profile completion.)
• Inferences: We do not profile you in a way that results in characteristic inferences (such as predicting your preferences or behavior) beyond basic personalization of your experience. We do not collect or derive sensitive inferences like health, racial origin, etc. Any inferences drawn are limited to internal analytics about product usage and do not have legal or significant effects on you.

We do not intentionally collect sensitive personal information as defined under CPRA (such as social security numbers, driver's license numbers, precise geolocation, financial account passwords, biometric data, or information about sexual orientation, health, or religion) from consumers. Any sensitive data that might be incidentally contained in Customer Data (which you as a user input into our system) is only processed on your behalf and not used by us in any separate way.

8.2 Purposes and Disclosures

For each of the above categories, we collect and use the personal information for the business and commercial purposes described in Section 2 ("How We Use Personal Data") of this Privacy Policy. In short, we use the information to provide and improve our Services, communicate with you, secure our platform, and comply with law.

We disclose personal information to third parties only for the specific business purposes described in Section 3 ("How We Share Personal Data"). In the past 12 months, we have disclosed the categories of personal information listed above to the following types of third parties, to the extent necessary for our operational purposes:

• Service Providers: e.g., cloud hosting providers, email delivery services, customer support tools, and payment processors (for all categories as needed to perform their functions).
• Analytics Partners: e.g., providers of analytics tools (for Internet/Network Activity data via cookies, though typically this is aggregated data).
• Legal or Government Entities: if required for compliance or legal process (could apply to any category if lawfully requested, but such disclosures are rare).
• Business Transfer Recipients: if we undergo a merger or sale as described earlier (could include any category as part of assets transferred).

Importantly, we have not "sold" any personal information in the last 12 months. Under CCPA, "sell" is broadly defined to include any transfer of personal information to a third party for valuable consideration. We do not sell your data in the conventional sense (for money), nor do we share it for targeted advertising purposes. We also have not "shared" personal information for cross-context behavioral advertising as defined by CPRA. Therefore, we do not provide a "Do Not Sell or Share My Personal Information" opt-out link, because we do not engage in those practices. If in the future we ever decide to sell personal information, we will provide required notices and opt-out mechanisms. But as of the date of this Privacy Policy, we affirmatively do not sell or share personal information of our users or their contacts.

8.3 Your California Privacy Rights

Under CCPA/CPRA, California residents have the following rights with respect to their personal information (in addition to the general rights already described in Section 7):

• Right to Know: You have the right to request that we disclose to you the specific pieces and categories of personal information we have collected about you in the past 12 months, the categories of sources for that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we shared or disclosed it. Much of this is described above in this Privacy Policy, but you can also request an individualized report.
• Right to Delete: You have the right to request that we delete personal information we have collected from you (and direct our service providers to do the same), subject to certain exceptions. As noted, you can delete much of your data via the Service or by closing your account, but you may also submit a deletion request as described below. If an exception applies (for example, if we are legally required to keep certain data or if the data is needed to complete a transaction you requested), we will let you know in our response.
• Right to Correct: Effective January 1, 2023, California residents have the right to request correction of any inaccurate personal information we maintain about them. If you believe we have incorrect information, please contact us and upon verification of your identity, we will correct it as needed.
• Right to Opt-Out of Sale/Sharing: As discussed, Hive CRM does not sell or share personal information as defined by CCPA. Therefore, there is no need to opt out. We treat all consumers the same in this regard.
• Right to Limit Use of Sensitive Personal Information: This right applies if a business uses or discloses sensitive personal information beyond what is necessary to provide the services. Hive CRM does not use or disclose sensitive personal information in ways that trigger this right. Should our practices change, we will update our policies accordingly.
• Right of Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of the above rights. Hive CRM will not deny you Services, charge you different prices, or provide a different level of service because you exercised your rights. Any financial incentive or difference in service (if we ever offer one) related to your data will be explained and offered only with your prior opt-in consent.

8.4 Exercising Your California Rights

To exercise your "Right to Know," "Right to Delete," or "Right to Correct" described above, please submit a verifiable consumer request to us by either:

• Emailing us at: info@hivecrm.ai, with the subject line "California Privacy Rights Request" and detailing your request.
• (If available, through an online web form or portal – currently, the primary method is via email.)

For verification, we may need to request additional information from you to confirm your identity (or authority if you are making a request on behalf of someone else, such as being an authorized agent). This is to protect your information from unauthorized access or deletion at the request of someone else. We will only use the information you provide for verification to process your request.

For authorized agents: If you are a legally designated agent making a request on behalf of a California consumer, we will require proof of your authorization (such as a signed permission from the consumer or power of attorney) and will still verify the identity of the consumer directly where required.

We will acknowledge receipt of your request within 10 days and aim to respond within 45 days as required by law. If we need more time (up to an additional 45 days), we will inform you of the reason and extension in writing. Our response will cover the information requested or the result of your deletion/correction request, or an explanation if we cannot fulfill part of the request (due to a legal exception, for example).

8.5 "Shine the Light" Law

California's "Shine the Light" law (Civil Code § 1798.83) allows users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Hive CRM does not disclose personal information to third parties for their direct marketing purposes. Therefore, we have no list of such third-party disclosures to provide. If you have questions about our practices in this regard, you can contact us at info@hivecrm.ai.

9. Google Workspace Integrations

Hive CRM offers integrations with Google Workspace services – specifically Gmail, Google Calendar, and Google Drive – to enhance your productivity and streamline your workflow. This section describes what data we access from your Google account, how we use and protect it, and how you can manage or revoke our access. We take Google integration data privacy extremely seriously and adhere to Google's API policies (including their API Services User Data Policy and Limited Use Requirements) at all times.

9.1 Data Accessed from Google Services

When you connect Hive CRM to your Google account, you will be asked to grant our application certain permissions (scopes) to access your Google data. We only request the minimum scopes necessary to provide the integration features you opt into. Depending on which integration(s) you use, Hive CRM may access the following Google user data:

• Gmail: If you integrate your Gmail, Hive CRM will be able to access your email messages. This typically includes reading the subject, sender and recipient email addresses, timestamp, and body content of emails in your mailbox, as well as any attachments. We use this access to let you view and manage your email conversations within Hive CRM. For example, you may see a history of emails with a particular contact directly on their CRM record. Hive CRM may also allow you to send emails via your Gmail account (using Gmail's send functionality) from within the CRM interface. In doing so, we may compose and send messages on your behalf when you instruct us to.
• Google Calendar: If you connect your Google Calendar, Hive CRM will access your calendar events. This includes event details such as the event title/name, date and time, location, attendees (invitee email addresses), event description/notes, and event status/response (e.g., accepted, tentative). We use this to display your scheduled meetings and events inside Hive CRM (for instance, on a calendar view or a timeline for a contact) and to allow you to create or update events from the CRM. If the integration is two-way, Hive CRM can create new events on your Google Calendar or update existing ones when you schedule activities in the CRM.
• Google Drive: If you integrate Google Drive, Hive CRM may access files and folders in your Google Drive that you specifically choose to link or import. This typically includes file metadata such as file name, type (MIME type), size, last modified date, and possibly file content if you open or import the file through Hive CRM. For example, you might attach a Google Drive document or PDF to a CRM record; Hive CRM would retrieve that file (and possibly store a copy or reference to it) so that it can be associated with the record. We do not scan or index the contents of your Drive files beyond what is needed to display or transfer the file as requested by you. We will never modify or delete files in your Drive unless explicitly instructed by you via our app (for instance, if you use a Hive CRM feature to upload a new version or remove a link).

Important: Hive CRM only accesses your Google data after you have gone through Google's OAuth consent process and granted us permission. You will see a consent screen from Google describing the specific permissions our app is requesting. If you are not comfortable granting a certain permission, you can decline — though that may limit the functionality (e.g., we can't sync your emails without email access). We do not automatically gain access to any Google data without your explicit consent.

9.2 How We Use Your Google Data

We use data obtained from Google services solely to provide you with the intended integration functionality in Hive CRM. Specifically:

• Using Gmail Data: Your email data is used to display your email communications within the CRM so you have a unified view of interactions with your contacts. For example, if you view a contact or deal record in Hive CRM, you might see a timeline of emails exchanged with that contact. We may store copies of relevant email threads or metadata in our database to enable fast retrieval and searching within the CRM. Additionally, if you send an email from Hive CRM (using the Gmail integration), we transmit the content of that email to Gmail for delivery. We do not use the content of your emails for any purpose other than showing it to you and the intended recipients. We do not use your email content to serve ads, and we do not allow any human at Hive CRM to read your emails except in specific cases with your consent or where needed for security or compliance (e.g., investigating a reported abuse incident, and even then only in accordance with Google's policies that strictly limit such access).
• Using Calendar Data: Your calendar events are used to populate calendar views or scheduling features in Hive CRM. For instance, if Hive CRM has a scheduling module or a task due date calendar, integrating your Google Calendar allows the CRM to avoid double-booking and to show your availability. We might also use event information to send you reminders or to associate a meeting with a contact in the CRM (e.g., linking a meeting event to the attendees' contact records). The data is not used beyond providing these features. We do not expose your calendar details to anyone else except as you direct (for example, if you invite a colleague to an event via Hive CRM, then obviously those invite details are shared with that person and Google through the normal Calendar invitation process).
• Using Drive Data: Files from Google Drive are used to enrich your CRM records. If you attach or link a Google Drive file to a contact or project in Hive CRM, we will fetch that file (and possibly store a copy or an excerpt of it) to display or preview it within the CRM for your convenience. For example, if you attach a proposal document from Drive to a sales deal record, your team members on Hive CRM can click to view that document (with appropriate Drive access). We respect Google's access controls – meaning if a user in Hive CRM doesn't have permission to a file in Drive, our integration won't override that. We do not use file data to analyze anything beyond providing you the file. We don't use information from your files to build profiles or features outside of the file attachment feature you requested.

In all cases, any data from Gmail, Calendar, or Drive is only used within the context of providing the Hive CRM service to you. We do not use Google integration data for any independent data mining, marketing, or product development purposes. In particular, we do not use data from your Gmail, Calendar, or Drive for advertising, nor do we use it to train machine learning models or AI systems outside of the specific features that operate on your data for your benefit. Any automated processing on your Google data (e.g., analyzing an email to log it to the right contact) happens strictly to serve your needs and improve your individual experience.

9.3 How We Store and Protect Google Data

Data retrieved from Google services via our integrations is stored and secured with the same care as any other data you entrust to Hive CRM, as outlined in Section 5 (Security). We apply the following practices:

• Limited Storage: We only store Google data if and as long as needed to provide the Service to you. For example, if Hive CRM syncs your latest 100 emails with a contact, those emails might be stored in our database so you can quickly view them. If you delete an email or disconnect a contact, we may remove the stored copy accordingly. We do not keep infinite historical data from Gmail if it's no longer necessary for the CRM's function, and we follow any caching and data retention guidelines set by Google's API policies (such as respecting Gmail's cache duration limits). We also do not store Google OAuth tokens or credentials in plain text – they are encrypted and kept secure.
• No Unauthorized Sharing: We treat your Google data as highly confidential. We do not share your Gmail messages, Calendar events, or Drive files with any third party, except with service providers as needed to operate the integration (for example, our servers might temporarily communicate with Google's servers or use a secure service to parse an email). Any such service providers are bound by strict confidentiality and security obligations. They cannot use your Google data for any purpose other than assisting with our service at our request.
• Data Segregation: Your Google data in Hive CRM is associated with your account and is not accessible to other customers' accounts. For instance, another Hive CRM customer cannot accidentally see your emails or files; that data is tied to your user profile and permissions. Internally, we enforce access controls so that only the processes and team members that need to handle your Google integration data (for support or technical troubleshooting) can access it – and even then, any human access to Gmail message data, in particular, is limited and only permitted in specific circumstances in line with Google's policies (e.g., with your consent for support or where required by law).
• Deletion: If you delete an email or event within Hive CRM, or unlink a file, we will delete any stored copies of that content in our system (while it will remain in your Google account unless you also delete it there). If you delete your Hive CRM account entirely, any data fetched from Google that is stored in your account will be deleted, just as all your other CRM data is deleted (as described in Section 5.2). We do not retain Google user data post-account deletion except as required for legal compliance or if you've separately exported some data.
• Compliance with Google Policies: Hive CRM abides by Google's API Services User Data Policy and Google Workspace Developer Guidelines regarding data handling. Google's policies prohibit the use of data obtained from restricted scopes (like Gmail) for purposes like serving ads, creating profiles on users, or other unrelated uses. We strictly follow these rules. We undergo Google's verification processes to ensure our app meets security standards. Our use of Google data is subject to audit and review by Google, and we maintain transparency about our data practices.

9.4 Your Control Over Google Integration

Using our Google integrations is entirely optional. If you choose to connect your Google account to Hive CRM, you remain in control and can manage or revoke that access at any time:

• Managing Integration Settings: Within Hive CRM, you may have a settings page or dashboard where you can disconnect your Google account or turn off specific sync features. For example, you might pause email syncing or disconnect Google Drive integration if you no longer want Hive CRM to access those services. Check the integration settings in your Hive CRM account for these options.
• Revoking Access via Google: You can also revoke Hive CRM's access to your Google account directly from Google. To do this, visit your Google Account's security settings and find the section for "Third-party apps with account access." There, you can see a list of apps that have access to your account data. Choose Hive CRM and choose the option to remove or revoke access. Once revoked, Hive CRM will no longer be able to access your Google information or receive any updates from your account.
• Effect of Revocation: If you revoke the integration, Hive CRM will stop syncing data from Google. You will not see new emails, events, or files coming in to the CRM from that point. However, please note that any data previously synced from Google and stored in Hive CRM will remain in your Hive CRM account until you delete it or until you delete your Hive CRM account. For instance, if some emails were synced before revocation, you might still see those in the CRM, but they will no longer update. If you want this data removed, you can delete it manually in the app or contact us for assistance. Revoking access via Google does not by itself delete the data that Hive CRM already had; it only prevents further access. Rest assured, even if you revoke access, your previously synced Google data remains protected under the terms of this Privacy Policy until you decide to delete it.
• Reconnecting: If you change your mind, you can re-initiate the connection by going through the integration setup again in Hive CRM and re-granting permissions. Your data will then resume syncing. You may need to re-import data that wasn't synced during the disconnected period if desired.

Our goal is to give you seamless integration benefits while keeping you in full control of your Google data. If you have any questions or concerns about our Google integrations or how your data is handled, you can contact us at info@hivecrm.ai.

We encourage you to review Google's own Privacy Policy and security settings to understand how Google protects your accounts as well. You can find more information in Google's user documentation and privacy pages (for example, Google's Privacy Policy is available at https://policies.google.com/privacy, and their support article on managing third-party access is available on Google's Help Center).

Summary: Hive CRM's use of information received from Google APIs will adhere to Google's Limited Use requirements. We access only the data needed for user-facing features, we do not transfer Google-derived personal data to others except as necessary to provide the service (and never without appropriate consent or legal basis), and we never use it for advertising purposes. Your Google data is yours — we just help you use it more conveniently within Hive CRM.

10. Children's Privacy

Hive CRM's Services are not directed to children under the age of 16, nor do we knowingly collect personal information from children under 16. Our platform is intended for business and professional use by adults. If you are under 16 (or a minor under applicable law), please do not use our Services or provide any personal information about yourself to us.

In the event we learn that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as soon as possible. If you believe that we might have any information from or about a minor under 16, please contact us at info@hivecrm.ai so that we can investigate and promptly address the issue.

Parents or legal guardians who believe their child may have provided us personal information can also contact us to request deletion of such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy.

If the changes are material, we will provide a more prominent notice (such as by posting a notice on our website or by emailing you) to inform you of the update and, if required by law, obtain your consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Hive CRM after any update to this Privacy Policy will constitute your acknowledgment of the changes and agreement to be bound by the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Hive CRM (Privacy Team)
Email: info@hivecrm.ai

We will respond to your inquiries as soon as reasonably possible, generally within 30 days. If you need to access this Privacy Policy in an alternative format due to a disability, please contact us and we will accommodate your needs.

Thank you for trusting Hive CRM with your information. We are dedicated to safeguarding your privacy and providing a secure, reliable service for all our users.