Privacy Policy
Last updated: 2 February 2026
1. Introduction
Hivebrain ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our knowledge base platform at https://hivebrain.co.uk (the "Service").
We are the data controller responsible for your personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, password (encrypted)
- Billing Information: Company name, billing address, bank account details (processed securely by GoCardless)
- Content: Articles, documents, images, and other materials you upload
- Communications: Emails and messages you send to us
2.2 Information Collected Automatically
- Usage Data: Pages viewed, features used, actions taken within the Service
- Device Information: Browser type, operating system, IP address
- Cookies: Session cookies and preferences (see our Cookie Policy)
- Log Data: Access times, error logs, referring URLs
3. How We Use Your Information
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service | Contract performance |
| Processing payments and billing | Contract performance |
| Sending service notifications and updates | Contract performance / Legitimate interest |
| Responding to support requests | Contract performance |
| Improving our Service and user experience | Legitimate interest |
| Preventing fraud and ensuring security | Legitimate interest / Legal obligation |
| Complying with legal obligations | Legal obligation |
4. Data Sharing and Disclosure
We may share your personal data with:
4.1 Service Providers
- GoCardless: Payment processing (bank details for Direct Debit)
- Hosting Provider: Data storage and infrastructure
- Email Service: Transactional emails
All service providers are bound by data processing agreements and process data only on our instructions.
4.2 Legal Requirements
We may disclose your data if required by law, court order, or to protect our rights and safety.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.
5. Data Retention
We retain your personal data for as long as necessary to:
- Provide the Service while your account is active
- Comply with legal obligations (e.g., financial records for 7 years)
- Resolve disputes and enforce agreements
After account cancellation:
- Your Content is retained for 90 days (unless you request immediate deletion)
- Account data is anonymised or deleted within 90 days
- Billing records are retained for 7 years as required by law
6. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure password hashing
- Regular security updates and monitoring
- Access controls and authentication
- Regular backups
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
7. International Data Transfers
Your data is primarily processed and stored in the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.
8. Your Rights
Under UK GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a portable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent where processing is based on consent |
To exercise your rights, contact us using the details below. We will respond within one month.
9. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.
11. Contact Us
For privacy-related enquiries or to exercise your rights, contact us:
- Email: privacy@hivebrain.co.uk
- Website: https://hivebrain.co.uk
12. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113