Hiivel

Privacy Policy

Effective date: 1 January 2025

1. Who we are

This Privacy Policy describes how Robarts Fox TLD (“we”, “us”, “our”), trading as Hiivel, collects, uses, and shares personal data when you use our website at hiivel.com and our software platform (“the Service”).

We are the data controller for personal data you provide to us directly. For data your organisation inputs into the platform about your employees, you are the data controller and we act as your data processor.

If you have any questions about this policy, contact us at hello@hivell.com.

2. What data we collect

Account and billing data

When you register or subscribe, we collect your name, email address, organisation name, and payment information (processed by Stripe — we do not store card details).

Platform data (processed on your behalf)

When you use Hiivel to manage your business, you may input personal data about your employees — including names, contact details, employment records, training certificates, right-to-work documents, and sickness records. This data is processed on your behalf as a data processor under your instruction.

Usage data

We collect standard server logs, browser type, IP address, pages visited, and actions taken within the platform for security, debugging, and platform improvement purposes.

Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies.

3. How we use your data

We use the data we collect to:

  • Provide, operate, and maintain the Service
  • Process payments and send billing notifications
  • Send service-related communications (onboarding, security alerts, policy updates)
  • Monitor for and investigate fraud, abuse, or security incidents
  • Comply with our legal obligations
  • Improve the platform through aggregated, anonymised analytics

We do not sell your personal data to third parties. We do not use your data for advertising.

4. Our legal bases (UK GDPR)

Under UK GDPR, we rely on the following legal bases:

  • Contract — processing your account data to provide the Service you’ve subscribed to
  • Legitimate interests — improving the platform, security monitoring, and fraud prevention
  • Legal obligation — where we are required to retain or disclose data by UK law
  • Consent — for any optional marketing communications (you can withdraw this at any time)

5. Data sharing and processors

We share personal data only with trusted processors to operate the Service:

  • Clerk — authentication and user management
  • Neon — database hosting (EU region)
  • Stripe — payment processing
  • Vercel — application hosting
  • Resend — transactional email

All processors are contractually bound to protect personal data and process it only on our instructions. We do not transfer personal data outside the UK or EEA except under appropriate safeguards.

6. Data retention

We retain account data for as long as your subscription is active. After cancellation:

  • Your data is retained for 30 days to allow export
  • After 30 days, all personal data is permanently deleted from our systems
  • Billing records may be retained for up to 7 years to comply with HMRC requirements

7. Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal obligations)
  • Portability — receive your data in a portable format
  • Restriction — ask us to limit processing in certain circumstances
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email us at hello@hivell.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

8. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. No system is 100% secure; if you believe your data has been compromised, contact us immediately at hello@hivell.com.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the platform. The “Effective date” at the top of this page shows when the current version was last updated.

10. Contact

For any privacy-related queries, contact Robarts Fox TLD (trading as Hiivel) at hello@hivell.com.