HivePipeBack to home

Privacy Policy

Last updated: March 18, 2026

Reyem Technologies Inc., including its parent, sister, and subsidiary companies (“Reyem Technologies,” “we,” “us,” or “our”) operates HivePipe, an AI-powered product requirements and agentic software development lifecycle platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

1. Information We Collect

Account and Identity Information

When you register for an account or sign in through a third-party OAuth provider, we collect information necessary to create and manage your account. This includes:

  • Email address — used to identify your account, send transactional notifications, and communicate service-related updates.
  • Name and display name — as provided by you directly or returned by your OAuth provider (GitHub, Google, or Microsoft).
  • OAuth profile data — when you authenticate via GitHub, Google, or Microsoft, we receive a limited set of profile fields from those providers, such as your provider-assigned user ID, avatar URL, and verified email address. We do not receive or store your OAuth provider passwords.

Organization Data

HivePipe is a multi-tenant platform. When you create or join an organization within the Service, we collect and store:

  • Organization name and configuration settings.
  • Membership records, including your role within the organization (Owner, Admin, Developer, or Viewer).
  • PRDs (Product Requirements Documents) and associated chat history created by members of your organization.

LLM Provider API Keys

HivePipe allows organizations to supply their own API keys for large language model (LLM) providers such as Anthropic, OpenAI, Google, and OpenRouter. These keys are encrypted at rest using AES-256-GCM encryption before being stored in our database. We do not use these keys for any purpose other than fulfilling requests made within your organization’s use of the Service.

Usage and Log Data

When you interact with the Service, our servers and infrastructure providers automatically record certain technical information, including:

  • IP addresses and approximate geolocation derived from IP.
  • Browser type, operating system, and device identifiers.
  • Pages visited, features used, and timestamps of activity.
  • Error logs and performance diagnostics.

Waitlist and Marketing Forms

If you submit a form to join our waitlist or request early access, we collect your email address and any other information you voluntarily provide. These forms are protected by Cloudflare Turnstile for bot detection; see Section 5 for details.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service — to create and manage your account, authenticate your sessions, enforce organization-level access controls, and deliver core product functionality.
  • Processing LLM requests — to route your prompts to the appropriate LLM provider using your organization’s configured API keys, and to stream and persist responses within your workspace.
  • Transactional communications — to send emails related to your account, such as invitation emails, password resets, and service notices.
  • Analytics and product improvement — to understand how the Service is used, identify usability issues, prioritize features, and improve overall quality.
  • Security and fraud prevention — to detect, investigate, and prevent unauthorized access, abuse, or violations of our Terms of Use.
  • Legal obligations — to comply with applicable laws, regulations, and lawful requests from governmental authorities.

We do not sell your personal information to third parties.

3. Data Storage and Security

Your data is stored in a managed PostgreSQL database hosted on cloud infrastructure. We implement industry-standard technical and organizational safeguards to protect your data, including:

  • Encryption of sensitive data at rest, including AES-256-GCM encryption for LLM provider API keys.
  • Encrypted connections (TLS/HTTPS) for all data in transit.
  • JWT-based session tokens with short expiry, stored securely in HTTP-only cookies.
  • Org-scoped data isolation — each organization’s PRDs, settings, and membership data are logically separated and access-controlled at the application layer.
  • Principle of least privilege applied to internal service access and roles.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

4. Third-Party Services

We share data with third-party service providers only to the extent necessary to operate the Service. These providers are obligated to protect your data and may not use it for their own independent purposes.

  • Resend — transactional email delivery. We send your email address and message content to Resend to deliver account-related emails such as organization invitations and notifications.
  • Cloudflare — infrastructure services including DDoS protection, CDN, and Turnstile bot detection on public-facing forms. Cloudflare may process IP addresses and request metadata as part of its security services.
  • LLM Providers (Anthropic, OpenAI, Google, OpenRouter) — when you interact with the AI assistant within HivePipe, your prompts and relevant context are transmitted to your configured LLM provider. The data handling practices of these providers are governed by their respective privacy policies.
  • OAuth Providers (GitHub, Google, Microsoft) — if you sign in using a third-party OAuth provider, your use of that provider is subject to its privacy policy. We receive only the profile fields you authorize during the OAuth flow.
  • Analytics Providers — see Section 5 for details on tracking technologies and analytics services we use.

5. Cookies and Tracking

Session Cookies

We use HTTP-only cookies to manage authenticated sessions. These cookies contain a signed JWT token that identifies your session and active organization. They are strictly necessary for the Service to function and cannot be opted out of while using authenticated features.

Analytics and Marketing Pixels

We use the following analytics and marketing tools on our marketing website. These tools use cookies and similar tracking technologies to collect information about your browsing activity:

  • Google Analytics — collects anonymized usage data such as page views, session duration, and traffic sources to help us understand how visitors interact with our marketing pages.
  • Google Tag Manager — a tag management system used to deploy and manage analytics and marketing scripts, including Google Analytics.
  • LinkedIn Insight Tag — enables conversion tracking and audience analytics for LinkedIn advertising campaigns.
  • Meta Pixel — enables conversion tracking and remarketing for advertising on Meta platforms (Facebook, Instagram).

These tracking technologies may collect your IP address, browser information, and interactions with our marketing pages. You can manage cookie preferences through your browser settings or opt out of interest-based advertising through industry opt-out tools such as the NAI Opt-Out Tool or DAA Opt-Out.

Cloudflare Turnstile

Our waitlist and contact forms use Cloudflare Turnstile, a privacy-preserving bot detection service. Turnstile analyzes signals such as browser behavior to distinguish humans from automated bots without displaying CAPTCHAs. This processing is subject to Cloudflare’s privacy policy.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — retained for the lifetime of your account and deleted within a reasonable period following a verified account deletion request.
  • Organization data and PRDs — retained for the lifetime of the organization and deleted following a verified organization deletion request.
  • Chat history and snapshots — retained as part of the PRD record to which they belong.
  • Encrypted API keys — deleted when removed by the organization owner or when the organization is deleted.
  • Log and diagnostic data — typically retained for 30–90 days depending on the infrastructure provider.

We may retain certain data for longer periods where required by law or legitimate legal interests, such as fraud investigation or tax record-keeping obligations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request correction of inaccurate or incomplete personal data.
  • Right to erasure — you may request deletion of your personal data. Requests will be fulfilled subject to any legal retention obligations.
  • Right to data portability — where technically feasible, you may request an export of your data in a machine-readable format.
  • Right to object or restrict processing — you may object to or request restriction of certain processing activities.
  • Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@reyem.tech. We will respond to verified requests within 30 days, or as required by applicable law.

If you are located in the European Economic Area, United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA respectively. We are committed to honoring those rights and will not discriminate against you for exercising them.

8. Children’s Privacy

HivePipe is a B2B professional platform and is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected such information, we will take prompt steps to delete it. If you believe a minor has provided us personal data, please contact us at privacy@reyem.tech.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page. For significant changes, we may also notify you via email or a prominent notice within the Service.

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this page periodically.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Reyem Technologies Inc.
Privacy Inquiries
privacy@reyem.tech

We are committed to working with you to resolve any concerns about your privacy in a fair and timely manner.