Verified privacy request
Request data removal
Choose complete account deletion or a narrower cleanup. Processing runs in the background and this panel tracks the result.
1. What happens when you submit
- Identity verification. Signed-in users use their active session. Signed-out users verify the account email with a one-time code.
- Request receipt. We create a unique reference and queue the selected cleanup actions. Signed-out request-status credentials are sent in a protected header rather than placed in the URL.
- Background cleanup. The system removes the selected account records, workflow history, stored files, search-index entries, and/or connection credentials associated with the verified user.
- Result tracking. The page polls for completion. If a subsystem reports an exception, the request is marked completed with exceptions so it can be investigated instead of appearing fully complete.
2. Removal scope
| Choice | Designed to remove | Does not itself remove |
|---|---|---|
| Complete account deletion | Account profile; personal workflow and agent records; uploaded/generated files; personal source documents and indexes; workspace/brand references; stored connection records and tokens | Data held independently by a connected provider; another organization’s records it must retain; lawful minimal compliance records |
| Workflow history | Chats, agent memory/context, task and workflow records matched to the user | Account profile, uploads, or connections not selected |
| Uploaded content | User source documents, generated files, associated knowledge rows and vector-index entries, and user storage objects | Provider originals or organization-owned copies outside the user’s scope |
| Disconnect integrations | Stored Hive Citadel connection records and encrypted access/refresh credentials, plus connector-imported personal source records covered by the cleanup | The provider’s own copy of data or, in every case, the provider-side consent grant |
3. Disconnect here and revoke at the provider
Deleting a stored credential prevents future Hive Citadel use of that credential. For defense in depth, also revoke Hive Citadel in the provider’s security or connected-app settings. Provider revocation immediately changes the provider-side authorization boundary and is especially important if a request is still processing.
Removing Hive Citadel data does not delete content held by Google, Microsoft, GitHub, YouTube, or another provider. Delete provider-held content using that provider’s product or an authorized tool that supports deletion.
Provider revocation directory (47)
| Provider | Method | Provider-side action |
|---|---|---|
| SharePoint sharepoint | OAuth | Revoke in Microsoft account or tenant enterprise app consent. |
| OneDrive onedrive | OAuth | Revoke in Microsoft account or tenant enterprise app consent. |
| Outlook Email outlook-email | OAuth | Revoke in Microsoft account or tenant enterprise app consent. |
| Outlook Calendar outlook-calendar | OAuth | Revoke in Microsoft account or tenant enterprise app consent. |
| Microsoft Teams teams | OAuth | Revoke in Microsoft account or tenant enterprise app consent. |
| Gmail gmail | OAuth | Revoke in Google Account > Security > Third-party access. |
| Google Drive google-drive | OAuth | Revoke in Google Account > Security > Third-party access. |
| Google Calendar google-calendar | OAuth | Revoke in Google Account > Security > Third-party access. |
| Google Contacts google-contacts | OAuth | Revoke in Google Account > Security > Third-party access. |
| YouTube youtube | OAuth | Revoke in Google Account > Security > Third-party access. |
| GitHub github | OAuth | Revoke in GitHub Settings > Applications. |
| Jira jira | OAuth | Revoke in Atlassian account connected apps and security settings. |
| LinkedIn | OAuth | Revoke in LinkedIn Settings > Data Privacy > Permitted services. |
| LinkedIn Business linkedin-business | OAuth | Revoke in LinkedIn company/organization app permissions. |
| Instagram | OAuth | Revoke in Meta/Instagram security and app permissions. |
| X x | OAuth | Revoke in X connected apps settings. |
| WHOOP whoop | OAuth | Revoke Hive Citadel in WHOOP account app or connected-service settings. |
| TikTok tiktok | OAuth | Revoke in TikTok security > app permissions. |
| Stripe stripe | OAuth | Revoke app access in Stripe connected applications. |
| Azure DevOps azure-devops | OAuth | Revoke in Microsoft/Azure DevOps app authorization settings. |
| App Store Connect app-store-connect | Customer credential | Revoke API key in App Store Connect > Users and Access > Integrations. |
| Google Play Console google-play-console | OAuth | Revoke in Google Account > Security > Third-party access and remove access in Play Console Users and permissions if needed. |
| PlugLayer pluglayer | Customer credential | Rotate/revoke API keys in PlugLayer and delete local key configuration. |
| Cloudflare cloudflare | Customer credential | Revoke or roll the scoped token in Cloudflare Dashboard > My Profile > API Tokens, then disconnect it in Hive Citadel. |
| GoDaddy godaddy | Customer credential | Delete or regenerate the customer-owned key at developer.godaddy.com/keys, then disconnect it in Hive Citadel. |
| RevenueCat revenuecat | Customer credential | Revoke or rotate the RevenueCat secret API key and disconnect it in Hive Citadel. |
| Twilio WhatsApp twilio-whatsapp | Customer credential | Rotate the Twilio auth token and remove or update the configured WhatsApp webhook if applicable. |
| SAP ECC sap-ecc | Customer credential | Rotate or revoke customer-managed credentials in your SAP environment. |
| SAP S/4HANA sap-s4hana | Customer credential | Rotate or revoke customer-managed credentials in your SAP environment. |
| SAP Ariba sap-ariba | Customer credential | Rotate or revoke customer-managed credentials in your Ariba tenant. |
| Oracle Fusion ERP oracle-fusion-erp | Customer credential | Rotate or revoke customer-managed credentials in Oracle IAM/tenant controls. |
| Dynamics 365 Finance & Operations dynamics-365-finance-operations | Customer credential | Rotate or revoke customer-managed credentials in your Microsoft tenant. |
| Salesforce salesforce | Customer credential | Rotate or revoke connected app credentials/tokens in Salesforce setup. |
| Dynamics 365 Sales dynamics-365-sales | Customer credential | Rotate or revoke customer-managed credentials in your Microsoft tenant. |
| HubSpot Enterprise hubspot-enterprise | Customer credential | Rotate or revoke private app tokens/API keys in HubSpot. |
| ServiceNow servicenow | Customer credential | Rotate/revoke API users, keys, or OAuth credentials in ServiceNow. |
| Jira Service Management jira-service-management | Customer credential | Rotate/revoke API tokens or app credentials in Atlassian admin. |
| BMC Helix bmc-helix | Customer credential | Rotate/revoke customer-managed credentials in BMC Helix admin. |
| Freshservice freshservice | Customer credential | Rotate/revoke API keys or OAuth credentials in Freshservice admin. |
| Databricks databricks | Customer credential | Revoke PAT/service credentials in Databricks workspace admin. |
| Snowflake snowflake | Customer credential | Rotate or revoke credentials, key pairs, or integration users in Snowflake. |
| Microsoft Fabric microsoft-fabric | Customer credential | Rotate/revoke tenant credentials in Microsoft Fabric/Entra admin. |
| BigQuery bigquery | Customer credential | Rotate/revoke service account keys in Google Cloud IAM. |
| Redshift redshift | Customer credential | Rotate/revoke DB credentials, IAM roles, or integration secrets in AWS. |
| DocuSign docusign | Customer credential | Revoke integration keys/tokens in DocuSign admin. |
| Adobe Acrobat Sign adobe-acrobat-sign | Customer credential | Revoke integration credentials in Adobe Acrobat Sign admin. |
| Telegram telegram | Environment credential | Disable connector in-app and rotate Telegram bot token via BotFather. |
4. Limited retention and backups
Deletion is subject to applicable law and legitimate preservation needs. We may retain a minimal deletion-request record, security and fraud evidence, billing/accounting records, records subject to legal hold, and information needed to establish or defend legal claims. These records are access-restricted and are not retained for ordinary product use.
Residual copies may remain in protected backups until normal rotation. They are not restored to active use except for disaster recovery, and deletion controls are reapplied where appropriate.
5. Organization-managed data
If your account belongs to an organization, some workspace data may be controlled by that organization. A personal request removes data within the verified user’s deletion scope; it may not authorize deletion of records the organization owns or must retain. Contact your workspace administrator for organization-level deletion.
6. Manual escalation
If the form is unavailable, a request shows completed with exceptions, or you cannot access the account email, contact support@hivecitadel.com with “Data Removal Request” and any request reference. Do not send passwords, access tokens, or one-time codes.