Privacy Policy

1. Introduction

Welcome to Haive ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website haive.app or use our mobile application.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1.1 Data Controller Information

For the purposes of applicable data protection laws (including GDPR and Swiss DPA), the data controller is:

1.2 Data Protection Contact

For data protection inquiries, please contact us at: team@haive.app

2. Information We Collect

2.1 Personal Information You Provide

When you sign up for our email list or create an account, we may collect:

• Email address
• Name (if provided)
• Profile information (if you create an account)
• Any other information you choose to provide

2.2 Automatically Collected Information

When you visit our website or use our app, we automatically collect certain information, including:

• IP Address: Your approximate location (city, country) derived from your IP address
• Device Information: Browser type, device type, operating system
• Usage Data: Pages visited, time spent, clicks, and interactions
• Language Preference: Your preferred language (English, Spanish, French, German, or Portuguese)
• Referrer Information: The website or source that directed you to us
• Marketing Data: UTM parameters if you arrived via a marketing campaign
• Geolocation Data: Approximate city and coordinates (from IP address, not GPS)

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the website to function (no consent required)
• Performance/Analytics Cookies: Help us understand how visitors use our site (requires consent)
• Functionality Cookies: Remember your preferences like language selection (requires consent)
• Targeting/Marketing Cookies: Track your activity to deliver relevant advertising (requires consent)

Cookie Consent: For users in the EU, EEA, Switzerland, and UK, we will obtain your explicit consent before placing non-essential cookies on your device. You can withdraw your consent at any time by adjusting your cookie preferences or browser settings.

You can control and delete cookies through your browser settings. However, blocking certain cookies may impact your ability to use some features of our services.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide and maintain our services
• Communications: To send you updates about Haive launches in your city
• Personalization: To provide content in your preferred language
• Analytics: To understand how users interact with our services
• Marketing: To measure the effectiveness of our marketing campaigns
• Geographic Targeting: To notify you when Haive becomes available in your city
• Improvements: To improve our website, app, and services
• Security: To detect and prevent fraud, abuse, and security incidents

3.1 Legal Basis for Processing (GDPR & Swiss DPA)

For users in the European Union, European Economic Area, UK, and Switzerland, we process your personal data based on the following legal grounds under Article 6 of GDPR:

• Consent (Article 6(1)(a)): When you sign up for our email list, create an account, or consent to cookies and marketing communications
• Contractual Necessity (Article 6(1)(b)): To provide services you have requested and fulfill our obligations under our Terms of Service
• Legitimate Interests (Article 6(1)(f)): To improve our services, conduct analytics, prevent fraud, and ensure security, where our interests do not override your rights
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws, regulations, and legal processes

You have the right to withdraw consent at any time where we rely on consent as the legal basis. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (e.g., email delivery, analytics, hosting)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly consent to sharing

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (SSL/TLS)
• Secure database storage with access controls
• Regular security assessments and updates
• Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (European Union, EEA, and UK)

If you are in the European Economic Area (EEA), UK, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure/Right to be Forgotten (Article 17): Request deletion of your personal data in certain circumstances
• Right to Data Portability (Article 20): Request your data in a structured, commonly used, machine-readable format
• Right to Object (Article 21): Object to processing of your data for direct marketing or based on legitimate interests
• Right to Restriction of Processing (Article 18): Request restriction of processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right Not to be Subject to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing, including profiling, that produces legal or similarly significant effects
• Right to Lodge a Complaint: Lodge a complaint with your local supervisory authority if you believe your rights have been violated

EU Supervisory Authorities: You can find your local data protection authority at https://edpb.europa.eu/about-edpb/board/members_en

6.2 Swiss Data Protection Rights

If you are in Switzerland, you have similar rights under the Swiss Federal Data Protection Act (revDPA/nFADP), including:

• Right to Information: Request information about data processing
• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Deletion: Request deletion of your personal data
• Right to Data Portability: Request your data in a portable format
• Right to Object: Object to processing in certain circumstances
• Right to Lodge a Complaint: Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

Swiss Supervisory Authority: Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch

6.3 CCPA/CPRA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out of Sale/Sharing: Opt-out of the sale or sharing of your personal information (note: we do not sell or share personal information)
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your CCPA rights

Do Not Sell or Share My Personal Information: We do not sell or share your personal information as defined by CCPA. If this changes, we will provide a clear opt-out mechanism.

6.4 Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have similar rights, including:

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt-out of targeted advertising, sale of personal data, and profiling

6.5 Exercising Your Rights

To exercise any of these rights, please contact us at team@haive.app. Please specify which right you wish to exercise and provide sufficient information for us to verify your identity.

Response Timeframe: We will respond to your request within:

• EU/EEA/UK/Switzerland: 30 days (may be extended by 2 months for complex requests)
• California & Other US States: 45 days (may be extended by 45 days with notice)

We will not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. We may request additional information to verify your identity before processing your request.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. Specifically:

• Email Subscribers: Retained until you unsubscribe or request deletion
• Account Data: Retained while your account is active, plus any legally required retention period after deletion
• Analytics Data: Typically retained for 2 years for business analysis
• Legal Compliance Data: Retained as required by applicable law

8. Third-Party Services

Our services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We use the following third-party services:

• Google Analytics: For website analytics (see Google's privacy policy)
• IP Geolocation Services: For determining approximate location from IP addresses
• Cloud Hosting Providers: For secure data storage and application hosting

9. Children's Privacy

Our services are not intended for children. We do not knowingly collect personal information from children under the applicable minimum age requirements:

• United States: 13 years old (COPPA compliance)
• European Economic Area and UK: 16 years old (GDPR Article 8)
• Switzerland: 13 years old

If you believe we have collected information from a child under the applicable age limit, please contact us immediately at team@haive.app and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Switzerland and the European Union. These countries may have different data protection laws than your jurisdiction.

10.1 Transfers from EU/EEA/UK

When we transfer personal data from the European Union, European Economic Area, or United Kingdom to countries outside these regions, we implement appropriate safeguards as required by GDPR, including:

• Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses for data transfers to third countries
• Adequacy Decisions: We may transfer data to countries that have received an adequacy decision from the European Commission
• Binding Corporate Rules: Where applicable, we rely on approved Binding Corporate Rules
• Additional Safeguards: We implement supplementary measures as necessary to ensure adequate protection

10.2 Transfers from Switzerland

For transfers from Switzerland, we comply with the Swiss Federal Data Protection Act and implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC)
• Adequacy decisions recognized by Switzerland
• Other legally recognized transfer mechanisms under Swiss law

10.3 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have implemented for international data transfers. Please contact us at team@haive.app to request a copy of the relevant safeguards or more information about where your data is processed.

11. Automated Decision-Making and Profiling

We may use automated processing and profiling to enhance your experience, such as:

• Personalizing content and recommendations based on your location and preferences
• Analyzing user behavior to improve our services
• Detecting and preventing fraud or security threats

GDPR Rights: If you are in the EU/EEA/UK, you have the right not to be subject to decisions based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you (Article 22 GDPR). Currently, we do not make decisions that have legal or similarly significant effects based solely on automated processing. If this changes, we will inform you and provide you with the opportunity to contest the decision and request human intervention.

You can object to automated decision-making or profiling by contacting us at team@haive.app.

12. Data Breach Notification

We have implemented security measures and incident response procedures to protect your personal data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify Supervisory Authorities: Report the breach to relevant data protection authorities within 72 hours of becoming aware (as required by GDPR Article 33 and Swiss DPA)
• Notify Affected Individuals: Inform you without undue delay if the breach is likely to result in a high risk to your rights and freedoms (GDPR Article 34)
• Provide Information: Describe the nature of the breach, likely consequences, and measures taken or proposed to address the breach

If you have concerns about a potential security incident, please contact us immediately at team@haive.app.

13. Email Marketing and Communications

If you sign up for our email list, we will send you marketing communications about Haive launches, updates, and features.

13.1 CAN-SPAM Compliance (United States)

We comply with the CAN-SPAM Act. Our marketing emails will:

• Include a valid physical postal address
• Clearly identify the message as an advertisement (when applicable)
• Include a clear and conspicuous unsubscribe mechanism
• Honor opt-out requests within 10 business days
• Not use false or misleading header information

13.2 GDPR Email Marketing Compliance

For users in the EU/EEA/UK/Switzerland, we will only send marketing emails based on:

• Your explicit consent, or
• Legitimate interest (soft opt-in) if you are an existing customer

13.3 Unsubscribe

You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or by contacting us at team@haive.app. Please note that even if you unsubscribe from marketing emails, we may still send you transactional or service-related communications.

14. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: We will notify you of material changes by:

• Posting the updated privacy policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for material changes)
• Displaying a prominent notice on our website or app

For EU/EEA/UK/Switzerland users, if changes require new consent (e.g., new purposes for processing or new categories of data), we will obtain your explicit consent before the changes take effect.

Your continued use of our services after changes are posted constitutes acceptance of the updated policy, unless otherwise required by law.

15. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at: