Privacy Policy

We collect information you provide directly to us, information collected automatically, and information from third-party sources.

1.1 Information You Provide

Account Information:

• Name, email address, phone number
• Username and password (encrypted)
• Profile photo and biography
• Professional credentials and certifications
• Business information (if applicable)

Portfolio Content:

• Images, videos, and other media files you upload
• Project descriptions and metadata
• Tags, categories, and custom fields
• Client testimonials and reviews

Communication Data:

• Messages sent through our platform
• Support tickets and correspondence
• Survey responses and feedback

Booking and Transaction Data:

• Booking details (date, time, service type, pricing)
• Payment information (processed securely by our payment provider)
• Billing address and tax information
• Transaction history and invoices

Gaming Data:

• XP points, levels, and achievements
• Honey Token balance and transaction history
• Trading card collection and trading history
• Leaderboard rankings and statistics

1.2 Information Collected Automatically

Usage Information:

• Pages viewed, features used, and time spent on platform
• Search queries and navigation patterns
• Interactions with other users and content
• Feature usage analytics (e.g., card trading frequency, booking patterns)

Device and Technical Information:

• IP address and geolocation (city/country level)
• Browser type, version, and language settings
• Device type, operating system, and screen resolution
• Referral source and UTM parameters
• Session duration and timestamps

Cookies and Similar Technologies:

We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and analyze platform usage. See our Cookie Policy for details.

1.3 Information from Third Parties

• Social media profile information (if you connect accounts)
• Payment verification data from payment processors
• Public business information to verify professional credentials
• Analytics data from third-party tools (anonymized where possible)

We use the information we collect for the following purposes:

2.1 Service Delivery

• Create and manage your account
• Display your portfolio and profile to potential clients
• Process bookings and facilitate transactions
• Enable messaging between users and clients
• Calculate XP, levels, and award achievements
• Manage Honey Token balances and transactions
• Generate and distribute trading cards
• Provide customer support and respond to inquiries

2.2 Platform Improvement

• Analyze usage patterns to improve features and user experience
• Conduct A/B testing and experiments
• Debug technical issues and optimize performance
• Develop new features and services
• Generate anonymized analytics and insights

2.3 Communication

• Send transactional emails (booking confirmations, receipts, password resets)
• Notify you of account activity and platform updates
• Send marketing communications (with your consent; you can opt out anytime)
• Request feedback and conduct surveys
• Announce new features, promotions, and events

2.4 Safety and Security

• Detect and prevent fraud, abuse, and security breaches
• Monitor for prohibited activities and Terms of Service violations
• Verify identity and authenticate access
• Enforce our policies and legal rights
• Comply with legal obligations and respond to lawful requests

2.5 Personalization

• Customize your experience based on preferences and behavior
• Recommend relevant content, features, and connections
• Display personalized analytics and insights
• Tailor marketing communications to your interests

2.6 Legal Compliance

• Comply with tax, accounting, and financial regulations
• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our rights, property, and safety

3.1 Data Location

Your data is stored and processed in:

• Primary servers: Cloud infrastructure (location to be determined, with preference for New Zealand or Australia data centers)
• Image storage: Cloudinary (global CDN with data redundancy)
• Payment data: Processed and stored by our payment provider (not stored on HIVE servers)
• Backups: Encrypted backups stored in geographically diverse locations

3.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access controls: Role-based access, principle of least privilege, multi-factor authentication for staff
• Password security: Passwords hashed using bcrypt with strong work factors
• Network security: Firewalls, intrusion detection, DDoS protection
• Regular audits: Security assessments, penetration testing, code reviews
• Monitoring: 24/7 security monitoring and incident response procedures
• Staff training: Regular security awareness training for all team members

3.3 Data Retention

We retain your personal information for as long as necessary to provide services and comply with legal obligations:

• Active accounts: Data retained while account is active
• Deleted accounts: Most data deleted within 30 days; some data retained for legal/security purposes
• Transaction records: Retained for 7 years per tax and accounting requirements
• Legal holds: Data subject to legal proceedings retained until resolution
• Anonymized data: May be retained indefinitely for analytics

3.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users within 72 hours of discovery
• Report to the New Zealand Privacy Commissioner as required by law
• Provide information about the breach, data affected, and remediation steps
• Take immediate action to contain and remediate the breach

HIVE uses cookies and similar technologies to provide, secure, and improve our services. For detailed information, please see our Cookie Policy.

4.1 Types of Cookies We Use

• Essential cookies: Required for authentication, security, and basic functionality
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Help us understand how users interact with HIVE
• Marketing cookies: Used to deliver relevant advertising (with consent)

4.2 Your Cookie Choices

You can control cookies through:

• Our cookie consent manager (appears on first visit)
• Your browser settings (may affect functionality)
• Opt-out tools provided by advertising networks
• Account settings for personalization preferences

4.3 Do Not Track

Some browsers support "Do Not Track" signals. Currently, there is no industry standard for handling DNT signals, so HIVE does not respond to them. We honor opt-out preferences expressed through our platform settings.

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Public Information

Information you choose to make public is visible to all HIVE users and may be indexed by search engines:

• Your portfolio, profile, and professional information
• Public trading cards featuring your profile
• Leaderboard rankings (username and level)
• Public achievements and badges

5.2 With Your Consent

• When you explicitly authorize us to share information
• When you use integrations with third-party services
• When you participate in co-marketing initiatives

5.3 Service Providers

We share information with trusted service providers who assist in operating HIVE:

• Cloud hosting: Infrastructure providers (servers, databases)
• Payment processing: Payment gateways and fraud prevention services
• Image storage: Cloudinary for media hosting and delivery
• Email services: Transactional and marketing email providers
• Analytics: Platform usage and performance monitoring
• Customer support: Help desk and communication tools

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.4 Business Transfers

If HIVE is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5.5 Legal Requirements

We may disclose information to:

• Comply with legal obligations, court orders, or regulatory requirements
• Enforce our Terms of Service and protect our legal rights
• Investigate fraud, security issues, or Terms violations
• Protect the safety and rights of HIVE, users, or the public

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you individually for research, marketing, and analytics purposes.

HIVE integrates with third-party services to provide enhanced functionality. These services have their own privacy policies:

6.1 Cloudinary (Image Storage)

• Portfolio images and media files are stored on Cloudinary's global CDN
• Cloudinary processes and optimizes images for delivery
• Images are stored with access controls but may be publicly accessible via URLs
• Review Cloudinary's privacy policy: https://cloudinary.com/privacy

6.2 Payment Processors

• Payment card data is collected and processed by PCI-DSS compliant payment providers
• HIVE does not store complete payment card numbers
• Payment providers may use your data for fraud prevention and compliance
• Specific provider information available in account settings

6.3 Analytics Services

We may use analytics tools to understand platform usage. These services collect data about your interactions, which may include IP addresses and usage patterns.

6.4 Social Media Integration

If you connect social media accounts or share HIVE content on social platforms, those platforms may collect information about your HIVE activity according to their privacy policies.

6.5 External Links

HIVE may contain links to external websites. We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies.

Under New Zealand privacy law, you have the following rights regarding your personal information:

7.1 Access

You have the right to access the personal information we hold about you. You can view and export most of your data through your account settings. For a complete data export, contact us at privacy@hive.nz.

7.2 Correction

You can update most of your information directly in your account settings. If you need assistance correcting information you cannot edit yourself, contact our support team.

7.3 Deletion

You can delete your account at any time through account settings. Upon deletion:

• Your profile and portfolio will be removed from public view immediately
• Most personal data will be deleted within 30 days
• Some data may be retained for legal, security, or accounting purposes
• Anonymized data may be retained for analytics
• Trading cards featuring you will be marked as legacy cards but may remain in circulation

7.4 Data Portability

You can export your data in commonly used formats (JSON, CSV) through account settings or by requesting a data export.

7.5 Marketing Opt-Out

You can opt out of marketing communications:

• Click "unsubscribe" in any marketing email
• Adjust email preferences in account settings
• Contact support@hive.nz to opt out of all marketing

Note: You will still receive transactional emails necessary for account operation (e.g., booking confirmations, security alerts).

7.6 Object to Processing

You can object to certain types of data processing by:

• Disabling analytics cookies through cookie settings
• Adjusting privacy settings in your account
• Contacting us with specific objections

7.7 Lodge a Complaint

If you believe we have not handled your personal information appropriately, you can:

• Contact our Privacy Officer at privacy@hive.nz
• Lodge a complaint with the New Zealand Privacy Commissioner: www.privacy.org.nz
• For EU residents: Contact your local data protection authority

If you are located in the European Economic Area (EEA), UK, or Switzerland, additional protections apply under the General Data Protection Regulation (GDPR):

8.1 Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract performance: To provide HIVE services you've signed up for
• Legitimate interests: To improve our platform, prevent fraud, and ensure security
• Consent: For marketing communications and optional cookies
• Legal obligations: To comply with tax, accounting, and regulatory requirements

8.2 International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for transfers to countries with equivalent protections
• Additional safeguards as required by GDPR

8.3 Additional GDPR Rights

In addition to rights listed in Section 7, EU users have:

• Right to restriction: Request we limit how we use your data
• Right to object: Object to processing based on legitimate interests
• Automated decision-making: Right not to be subject to decisions based solely on automated processing

8.4 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer:

8.5 Supervisory Authority

EU residents have the right to lodge a complaint with their local supervisory authority if they believe we have not complied with GDPR.

HIVE is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

If you are under 18, please do not use HIVE or provide any personal information to us. If we learn we have collected personal information from a child under 18, we will delete that information as quickly as possible.

If you believe we have inadvertently collected information from a child under 18, please contact us immediately at privacy@hive.nz.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on the platform
• For significant changes, provide advance notice and opportunity to review
• Obtain consent if required by law

Your continued use of HIVE after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you may delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy inquiries within 30 days. For urgent security matters, please mark your communication as "URGENT" in the subject line.