Skip to content

Trust center / Legal

Privacy policy

A precise account of how Hive Citadel handles account information, connected-service data, AI workflow content, and privacy requests.

Plain-language summary. We use your data to provide and secure the features you choose. We do not sell personal data, use connected-service data for advertising, or use Google Workspace data to train generalized AI models. Connecting an app is optional, permissions are shown by the provider, and you can disconnect or request deletion.

This summary helps with readability; the complete policy below controls.

1. Scope and who we are

This Privacy Policy applies to Hive Citadel, Agent Marketplace, associated websites, applications, APIs, support, and connected workflows (the “Services”) operated by Hive Citadel (“Hive Citadel,” “we,” “us,” or “our”).

For personal workspaces and direct accounts, Hive Citadel generally determines why and how personal data is processed. For an organization-managed workspace, the organization may be the controller and Hive Citadel may process data on its instructions. In that case, submit workplace privacy requests to the organization first; we will assist it as required.

2. Data we process

CategoryExamplesSource
Account and identityName, email, profile image, authentication identifiers, timezone, roles, workspace membershipYou, your organization, or sign-in provider
Connected-service authorizationProvider, granted scopes, account identifier, encrypted access/refresh tokens, token expiry, connection statusOAuth or credential flow you initiate
Connected-service contentMessages, email, calendar events, contacts, files, documents, repository or project records, domain/DNS/edge configuration, social content, metadataThird-party service you connect
Inputs and outputsPrompts, chats, attachments, agent plans, tool results, generated files, approvals, workflow historyYou and service operation
Workspace and configurationAgents, automations, schedules, knowledge sources, connector settings, policiesYou or workspace administrators
Usage, device, and securityIP address, browser/device signals, timestamps, request and error logs, audit events, fraud and security signalsAutomatic collection
Commercial and supportPlan, usage, transaction references, invoices, support communications and feedbackYou, payment providers, and our support systems

We do not intentionally collect passwords for your connected services through OAuth. Payment card details are handled by payment providers and are not intended to be stored in the Services.

3. Why we process data

  • Provide accounts, workspaces, agents, search, knowledge retrieval, workflows, and requested connected-service actions.
  • Authenticate users, preserve sessions, enforce permissions, and maintain connection tokens.
  • Generate AI-assisted responses and artifacts and carry out actions you or an authorized administrator request.
  • Operate, monitor, debug, support, meter, and improve the reliability and usability of the Services.
  • Detect fraud, abuse, security incidents, and violations; protect users, the Services, and third parties.
  • Administer subscriptions and comply with accounting, tax, legal, and regulatory obligations.
  • Send service notices and, where permitted, product communications that you can opt out of.

Where laws such as the GDPR or UK GDPR require a legal basis, we rely on: performance of a contract to provide requested Services; legitimate interests in securing, supporting, and improving the Services; consent where required, including for optional connections or marketing; and compliance with legal obligations. Where we process data for an organization, we follow that organization’s documented instructions subject to our agreement and applicable law.

5. OAuth and connected services

A connection begins only when you or an authorized workspace administrator selects a provider and completes its authorization flow. The provider displays the permissions requested. The granted scope is the outer technical boundary; product permissions, workspace access, tool availability, user instructions, and confirmation controls further limit what an agent can do.

Depending on the connector you choose, the Services may:

  • read, search, index, summarize, draft, organize, create, update, send, publish, or delete content where the displayed permission and enabled feature allow it;
  • store encrypted tokens, connection metadata, synchronization cursors, selected imported records, search indexes, and workflow outputs so the feature continues to work;
  • send relevant content to AI inference and infrastructure providers acting for us to produce the result you requested; and
  • retain audit and operational records needed to show what occurred and investigate failures or misuse.

We do not access a provider account that you have not connected. We do not use a connection to bypass provider permissions. For the current permission-to-feature explanation, see OAuth & app permissions.

For customer-managed API credentials, including Cloudflare tokens and GoDaddy key/secret pairs, credentials are encrypted server-side and used only against the provider API and environment selected at connection time. The provider determines the outer permissions of the credential; Hive Citadel applies tool availability, workspace controls, and confirmation gates in addition. Disconnecting removes our stored connection, while revoking or rotating the credential at the provider invalidates it at the source.

6. Google API and Google Workspace data

Google connectors may access data from Gmail, Google Calendar, Google Contacts, Google Drive, Google Sheets, Google Play Console, or YouTube, depending on the connector and scopes you approve. We use this data only to provide or improve the user-facing feature you requested, such as email assistance, calendar management, contact lookup, document search, spreadsheet work, application operations, or YouTube publishing.

Hive Citadel’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data, use it for advertising, use it to determine creditworthiness, or use it to train or improve generalized/non-personalized AI or machine-learning models. Humans do not read Google Workspace data except with your specific consent for support, when necessary for security, when data is aggregated and anonymized for internal operations, or when required by law.

You can remove Google access from Google Account third-party connections. For YouTube, you may also revoke access through Google security settings. Deleting data stored by Hive Citadel does not delete content held by Google or YouTube; use the relevant Google product to delete provider-held content.

7. AI processing and model training

The Services use AI models to interpret requests and generate outputs. Relevant prompts, retrieved content, tool context, and outputs may be transmitted to contracted inference providers. We configure and govern providers as subprocessors or service providers where applicable.

We do not use connected-account content to train generalized AI/ML models. We may use feedback, telemetry, and appropriately de-identified or aggregated information to evaluate and improve the Services. We will seek any consent required before using personal content for a materially different purpose.

8. When we disclose data

We disclose only what is reasonably necessary to:

  • infrastructure, hosting, storage, database, security, monitoring, communications, payment, support, and AI inference providers acting under contract;
  • the connected service when carrying out an action you requested;
  • workspace members and administrators according to workspace configuration and permissions;
  • professional advisers, auditors, insurers, authorities, or others when required by law or reasonably necessary to protect rights, safety, and service integrity; or
  • a successor in a merger, financing, reorganization, or sale, subject to applicable notice and consent obligations.

We do not sell personal data or share it for cross-context behavioral advertising.

9. Retention

We retain data only for as long as reasonably necessary for the purpose collected. Actual periods depend on workspace configuration, contractual commitments, the status of an account, and legal obligations.

DataTypical retention rule
Active account, workspace, workflow, and connected contentWhile the account or workspace is active and the data is needed to provide the selected feature
OAuth tokens and connection credentialsUntil disconnection, deletion, expiry, provider revocation, or administrative removal
Security, audit, support, and billing recordsFor the period reasonably necessary for security, dispute, tax, accounting, and legal obligations
Deletion request recordRetained as a minimal compliance record, including request reference, status, timestamps, and non-content completion metadata
BackupsRemoved through normal backup rotation unless preservation is legally required; backups are isolated from ordinary product use

10. Security

We use safeguards designed for the sensitivity of the data, including encryption in transit; encryption at rest where supported; encrypted connector credentials; access controls; workspace isolation; monitoring; logging; secure development practices; and confirmation controls for sensitive actions. No security program can eliminate all risk.

11. Your choices and rights

Depending on your location and relationship with us, you may have rights to access, correct, delete, export, restrict, or object to processing; withdraw consent; opt out of certain disclosures; or appeal a decision. You may also complain to a competent data-protection authority.

Use our verified data-removal process or email support@hivecitadel.com. We may need to verify identity and authority. We will respond within the period required by applicable law. Certain data may be retained where an exemption or legal obligation applies.

12. Organization-managed accounts

Workspace administrators may control membership, connectors, agents, policies, content, and retention. Your organization may access or delete workspace data and may receive account activity. If your account uses an organization-controlled email or workspace, that organization’s notices and agreements may also apply.

13. International transfers

Data may be processed outside your country. Where required, we use recognized transfer mechanisms and supplementary safeguards, such as contractual protections, access controls, and data minimization.

14. Children

The Services are intended for business users and are not directed to children under 18. Do not submit children’s personal data unless your organization has a lawful basis, appropriate authority, and a written agreement with us covering that use.

15. Changes to this policy

We may update this policy as the Services, laws, or providers change. We will post the revised version and update the date above. Where required, we will provide additional notice or obtain consent before a material new use of personal data.

16. Contact

Contact Hive Citadel at support@hivecitadel.com. Include “Privacy Request” in the subject line. Do not send passwords, OAuth tokens, or highly sensitive content by email.