Your business runs on data. If your team is going to use sensitive company information inside HiveNet, you need to know exactly how it’s handled — who can see it, who can’t, and what we’ll never do with it. This page is the plain-English version.
Our long-term plan is full data sovereignty in Australia — running the chat and bot servers on Australian-hosted infrastructure. We’re not there yet at our current scale; today we run in Hetzner’s Singapore region, with detail in §11.
The short version
Your data is yours. We don’t sell it, advertise off it, share it across customers, or feed it into AI training. Not now. Not later. Not in any form.
Only your people can read it. The people you invite to your rooms, and the bot you talk to. That’s the list.
Logs may be accessed by our support team only with your permission — when you’ve raised a support ticket or a security investigation. Every access is recorded with the operator’s name, time, and reason. Never for product improvement, training, analytics, or curiosity.
If something goes wrong we tell you. Within 72 hours of confirming it, with what we know and what we’re doing about it.
You can leave with your data and have us delete the rest. One email; we’ll wipe accounts, memory, OAuth tokens, and rooms.
1. Your data is yours
Any sensitive company information your team puts into HiveNet belongs to your business. We treat it that way. We will never:
Sell it, rent it, license it, or otherwise pass it to anyone for commercial benefit.
Use it for advertising, profiling, or marketing — ours or anyone else’s.
Share it across customers. One business’s pricing never ends up in another’s bot.
Feed it to AI training pipelines. Think of those pipelines as unplugged from your data — nothing your team puts into HiveNet flows into any model’s training, ours or our providers’. The big AI companies we use have published commitments to that effect, and we hold them to it (the subprocessor section has the quotes).
2. Who can read your data
Three groups, in this order:
Your people. The team members you invite to a room. You decide who’s in, who’s out, and when to remove them.
Your bot. The AI assistant attached to your account. The bot is isolated from every other customer’s bot — one customer’s notes never surface in another’s session.
The HiveNet support team, only with your permission. Logs may be accessed by our support team when you have raised a support ticket or a security investigation — the ticket is the permission. Every access is recorded with the operator’s name, the time, and the reason, and we keep those records for audit. The team able to do this is fewer than five named operators with hardware-key SSH access. We never access customer conversations for product improvement, model training, analytics, or curiosity.
3. What happens when you message your bot
Plain English version of the journey:
You type a message in HiveNet. It travels to our server over an encrypted connection (HTTPS, behind Cloudflare).
It’s saved as a chat message in our database, in a room only your invited team can see.
Your bot reads it and decides what to do. To form an answer it sends the relevant text to an AI model (currently Anthropic’s Claude, with OpenAI, Google, or MiniMax as supporting models depending on the task).
The model returns an answer. Your bot delivers it back into your room.
Your data does not stop in any analytics tool, marketing platform, or advertising network along the way. The AI providers we use have published commitments not to train on this data and to retain it only briefly for safety review. Full provider list and the quoted commitments are in the subprocessor section.
4. What we’d do if something went wrong
We don’t have a 24/7 security operations centre. We do have a clear set of commitments:
We acknowledge any security report or suspected breach within one business day.
A named operator investigates — not a forum, not a queue.
If we confirm a breach has affected your data, we tell you within 72 hours. The notification says what we know, what we don’t yet know, and what we’re doing about it.
Afterwards, we publish a post-incident summary covering root cause, scope, and what changed so it doesn’t happen again.
We’d rather over-notify than under-notify.
5. What you control
Who’s in your rooms. Invite and remove anyone, any time.
Which Google or Microsoft accounts your bot can access. You authorise it; you can revoke it from your Google or Microsoft account at any time and the bot loses access immediately.
Your conversation memory. You can ask the bot to forget specific items, or ask us to wipe its memory entirely.
Leaving. Email [email protected] from the address on file and we’ll deactivate the account, wipe its memory, revoke OAuth tokens, and remove room data.
TECHNICAL DETAIL
The rest of this page is for IT, security, and procurement teams running their own checks. The plain-English commitments above are the contract.
Inter-server traffic runs only on a private network that has no public route (see §7).
6.2 At rest
Honest answer: full-disk encryption on our PostgreSQL data volumes is on the roadmap, not in place today. What we do have:
Database authentication is scram-sha-256; the database port is firewalled to the private network only.
Microsoft 365 OAuth tokens are AES-256-GCM encrypted before storage in PostgreSQL.
Bot credential directories enforce chmod 700 at runtime so other host processes can’t read them.
Hetzner provides physical access control to the data centres.
7. Hosting & the private network
Server
Role
Public exposure
Chat server
Matrix server (Synapse), Element web UI, PostgreSQL
Ports 80 & 443 only, behind Cloudflare
Bots server
Bot containers (one per customer/persona), HiveBots middleware
Ports 80 & 443 only, behind Cloudflare
The two servers communicate over an isolated private network (10.0.0.0/24) inside Hetzner’s data centre. That network has no public route — it doesn’t exist on the internet. Concretely:
The Matrix database (PostgreSQL on :5432), the Matrix server (Synapse on :8008), and the HiveBots middleware (:3000) are bound to the private network only. UFW drops every packet not coming from 10.0.0.0/24.
The Synapse admin API is double-locked: nginx blocks /_synapse/admin/* from non-private sources, and Cloudflare adds a WAF rule on top.
Each bot runs in its own Docker container on a private bridge network with no inter-container links, so bot ↔ bot communication is impossible even on the same machine.
8. Subprocessors
Every third party that may process your data when you use HiveNet:
HTTPS request metadata + ciphertext (terminates TLS at edge with our certificate)
Global edge; nearest PoP serves the user
Anthropic, PBC
Primary chat model (Claude)
Bot prompts & responses for the active turn
USA
OpenAI, L.L.C.
Secondary chat model
Bot prompts & responses for the active turn
USA
Google LLC
(a) Gemini API for memory embeddings; (b) OAuth + Google Workspace APIs when you connect a Google account
Embedding text; live Workspace data scoped to the OAuth grant you authorised
USA / global
Microsoft Corporation
Microsoft 365 OAuth + Graph APIs when you connect a Microsoft account
Live Microsoft 365 data scoped to the OAuth grant you authorised
USA / global
MiniMax
Fallback chat model + conversation summarisation
Bot prompts & responses for the active turn
Singapore / global
Namecheap (eForward)
Inbound email forwarding for our public addresses
Email envelope + body
USA
Quoted training-data commitments:
Anthropic: “We will not train our models on any Customer Content from paid Services.” Transient retention (typically 30 days) for safety review, then deleted.
OpenAI: “OpenAI does not train our models on inputs and outputs through our API.” Up to 30-day retention for abuse monitoring, then deleted.
Google (Gemini): Paid Gemini API usage is not used to train or improve their models, and prompts are not retained beyond the time required to deliver the response and meet legal/safety obligations.
MiniMax: API content is not used to train models.
If a provider materially changes its terms in a way that conflicts with these commitments, we’ll notify customers and switch providers if needed.
9. Authentication & access
User login: username + password against our Matrix server. Passwords stored hashed (bcrypt). Minimum 8 characters.
Password reset: via verified email only, sent over TLS-required SMTP.
Multi-factor authentication: standalone MFA on the Matrix login is on our roadmap. If it’s a hard requirement today, contact us — we can discuss SSO options that inherit MFA from your existing identity provider.
Registration: closed. New accounts are provisioned by us, on request, after we verify the customer.
Workspace SSO: optional Google or Microsoft OAuth to connect those accounts to your bot. You authorise; you can revoke at any time.
Bot tokens: each bot has its own Matrix access token and gateway token. There is no master key that grants access to all bots.
Operator access: SSH to production restricted to fewer than five named operators using hardware-backed SSH keys. Synapse admin API only reachable from the private network and blocked at the Cloudflare edge.
10. Logging & retention
What we log: service events — HTTP access logs, container logs, token-refresh, errors. We do not run conversational analytics or content-mining over your messages.
When we look at logs: in support of a ticket you’ve raised, or while investigating a security issue. Not for product improvement, training, or analytics.
Conversation memory: per-bot SQLite database on our infrastructure. You can ask the bot to forget specific items, or ask us to wipe it entirely.
Google/Microsoft user data: consistent with our Privacy Policy, we don’t store Google/Microsoft user content as long-term application data — the bot fetches what it needs to handle the live request and doesn’t warehouse Gmail/Drive/Calendar contents.
11. Where it physically runs
Today our infrastructure runs in Hetzner Cloud’s Singapore region. Singapore offers low latency to Australia, the same region for ANZ customers, a strong data-protection legal regime (the PDPA), and a price point that lets us self-host the open-source platform components without making the product unaffordable.
HiveBots PTY LTD is an Australian company. Full data sovereignty in Australia is on our roadmap. At our current scale, equivalent Australian-hosted compute would meaningfully change the price of the product. We’ll move when we can do it without making HiveNet inaccessible to small businesses, and we’ll tell customers in advance.
If you have a regulatory requirement that data must reside in Australia today, please tell us — we’d rather know now than later. A Data Processing Addendum is available on request.
12. What we haven’t done yet
We don’t want to oversell. As of this page’s date:
We don’t hold SOC 2, ISO 27001, or any third-party security audit.
At-rest disk encryption on the database volumes is on the roadmap, not in place.
Standalone MFA on Matrix login is on the roadmap.
We don’t offer customer-managed encryption keys (BYOK) today.
Australian-hosted infrastructure is on the roadmap; we run in Hetzner’s Singapore region today.
If any of those are blockers for you, please tell us — we’d rather know early.
13. Reporting a concern
Found a vulnerability or have a worry about how data was handled? Email [email protected]. We aim to acknowledge within one business day. Machine-readable disclosure contact at /.well-known/security.txt on our public site.
Privacy PolicyDPA on requestHosted in Singapore (Hetzner)Australian sovereignty on the roadmap
For the legal basis on which we collect and process personal data, see our Privacy Policy. This page applies to HiveNet, operated by HiveBots PTY LTD (Australia).