Privacy Policy
This Privacy Policy explains which data the HiveFlow app and our servers process, for what purposes, and on which legal bases (contract performance, legitimate interest, and consent where required), consistent with Brazil’s LGPD and good practices for international users.
1. Information we process
Depending on permissions and features you use, we may process:
- Identity & contact: display name, login email, internal account IDs, language, device country code/context, and, if you use social login, basic name/photo fields from the identity provider (Google/Apple via Firebase as configured).
- Operational beekeeping data: baits, swarms, map coordinates, inspections, feeding, attractants, captures, harvests, transfers, splits, losses, donations, sales, treatments, inventory, notes, quantities, and dates you enter—including queued offline rows until sync.
- Media: photos from gallery or camera; may be stored on servers for synchronized viewing.
- Location (approximate or precise) when allowed: maps, hive/trap coordinates, and weather lookups via third-party APIs.
- Technical & usage data: device model, OS, push tokens (FCM/APNs), sync/error logs, API IP addresses, aggregated analytics via Firebase and similar SDKs.
- Subscriptions: purchase identifiers, receipts, or verification tokens sent to Google Play or the App Store and our backend to unlock PRO; HiveFlow does not receive your full card number.
2. Purposes and legal bases
We use data to:
- Provide the Service: authentication, persistence, sync, FREE/PRO enforcement, history, stats, and maps.
- Operational communications: account, security, support, material updates, and, subject to settings/permissions, non-promotional push about the Service.
- Billing and anti-fraud: validate subscriptions and prevent purchase sharing across accounts.
- Improvement, diagnostics, and security: aggregated metrics, technical logs, abuse detection, UI experiments where used.
3. Sharing and processors
We do not sell personal data. We share only as needed with:
- Infrastructure and messaging vendors (API hosting, transactional email, queues) under confidentiality duties.
- Google and Apple: authentication, app distribution, payments, and subscription validation.
- Google Firebase: push notifications, analytics, and optional app configuration as enabled in the build.
- Mapbox: map rendering and caching; offline downloads stay on device.
- Open-Meteo or other public weather APIs: forecast requests parameterized by coordinates.
- Authorities when law, court order, or regulatory process requires.
4. International transfers
Data may be processed in Brazil and on servers of vendors in the United States, European Union, or other regions. We use contractual clauses or equivalents recognized by LGPD and implement appropriate safeguards.
5. Security and retention
We use TLS in transit, access controls, and environment segregation, without guaranteeing absolute security. We retain data as long as needed to operate the Service, meet legal duties, resolve disputes, and enforce these Terms, and may keep aggregated anonymized statistics longer.
- Active account: operational data while the account exists unless you request deletion.
- Account deletion: erase or anonymize personal data within a reasonable period, subject to backups, accounting records, and legal holds.
- Logs and support: shorter to moderate retention per internal policy and storage capacity.
Brazil-based data subjects may request confirmation, access, correction, anonymization, portability, or deletion at team@gethiveflow.app, subject to legal exceptions.
6. Data-subject rights & channels
You may correct inaccurate data in-app when available or via support. Withdrawing consent for optional features (e.g., notifications) may disable parts of the Service without breaching the contract for core features you still use.
- Confirmation of processing and access.
- Correction of incomplete or inaccurate data.
- Deletion or anonymization where not legally required to retain.
- Information on sharing and, where applicable, review of automated decisions.
7. Children
HiveFlow is not directed to people under 18. If we learn of an underage account without valid parental consent, we will block and delete data as feasible.
8. Cookies, SDKs, and telemetry
Mobile apps are not browser cookie-based, but SDKs (e.g., Firebase) may use limited advertising identifiers and pseudonymous logs for usage, crashes, and messaging. You may limit tracking via OS privacy controls or resetting ad IDs.
9. Changes
We may update this Policy; the in-app date indicates the current version. Material changes will be communicated reasonably (in-app notice or email).
10. Notable integrations
Using these features also subjects data to each provider’s policy:
- Google Play / Android: billing, integrity checks, Google account data policies.
- Apple App Store / iOS: Apple ID billing, restore purchases, Apple privacy terms.
- Firebase (Google): Analytics, Cloud Messaging, Remote Config / Crashlytics if enabled.
- Mapbox: map tiles, styles, and technical session metadata.
- Open-Meteo: coordinate-parameterized forecast requests without a separate Open-Meteo account.
11. Privacy contact
Privacy questions or rights requests: team@gethiveflow.app.