Privacy Policy
Last updated: July 2026
Introduction
Hivory (Pty) Ltd (“we”, “our”, or “us”) is a digital consultancy based in South Africa. This Privacy Policy explains how we collect, use, store, share, and safeguard your information when you use our services, including the Hivory client portal, managed AI agents, connected third-party integrations, and any associated products (collectively, the “Service”).
Information We Collect
We collect information you provide directly, including:
- Account information: Your name, email address, and authentication credentials when you sign in to the client portal.
- Content data: Article drafts, briefs, keywords, images, comments, and other content you create or approve through the content pipeline.
- Third-party connection data: When you connect services such as LinkedIn, we store OAuth tokens and basic account information (organisation name, profile name) required to act on your behalf.
- Analytics data: When connected, we access marketing and website analytics data from platforms such as Google Analytics, Google Ads, Microsoft Ads, LinkedIn, and Ahrefs to generate reports and dashboards.
- Website change requests: Natural language instructions you provide to the website agent, along with any attached images.
- Usage data: Information related to your interaction with the Service, such as pages visited, features used, and session activity.
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Generate, review, and publish content on your behalf through our AI agent pipeline
- Publish posts to connected social media accounts (e.g. LinkedIn) when you approve them
- Execute website changes you request through the website agent
- Generate analytics dashboards and reports from your connected data sources
- Send service-related communications, including review notifications and status updates
- Respond to your questions and support requests
- Comply with legal obligations
Third-Party Connections and OAuth
The Service allows you to connect third-party accounts (such as LinkedIn) to enable agent publishing and analytics. When you connect a third-party account:
- We request only the permissions required for the specific functionality (e.g. posting to a company page, reading post performance)
- OAuth access tokens are stored securely in our database and are never exposed to your browser or other client-side code
- Tokens are used solely to perform actions you have explicitly approved (e.g. publishing an approved post)
- You can disconnect any third-party service at any time through the Connections page in the portal
- We do not use data from connected services for advertising, marketing to third parties, or any purpose other than providing the Service to you
When you connect LinkedIn, we request the following permissions:
- w_organization_social: Allows us to publish posts to your company LinkedIn page on your behalf, only after you approve the content
- r_organization_social: Allows us to read your organisation's posts and profile information
- r_liteprofile: Allows us to identify the connecting user
You can revoke access at any time through the portal Connections page or through your LinkedIn permitted services settings.
AI Processing
Our Service uses AI models provided by Anthropic to generate, review, and edit content. When AI agents process your content:
- Article briefs, keywords, and content drafts are sent to Anthropic's API for processing
- Your personal account information (name, email) is not shared with Anthropic
- AI-generated content is always subject to your review and approval before publication
- Anthropic does not use your data to train their models (per their commercial API terms)
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties. We share your information only with the following service providers, strictly for operating and delivering the Service:
- AI processing (Anthropic): Content data sent for AI generation and review
- Hosting (Google Cloud, CodeCapsules): Infrastructure for running the portal and agent services
- Database (Supabase): Secure storage of account data, content, and connection tokens
- Email (Resend): Transactional and notification emails
- CMS platforms (Webflow, Emdash): Content published to your website CMS on your behalf
- Social platforms (LinkedIn): Posts published to your connected accounts when you approve them
- Analytics (Meaning by Hivory): Dashboard and reporting data
- Source control (GitHub): Website changes committed to your repository
We may also disclose your information if required by law, regulation, or legal process, or to protect rights, safety, or property.
Data Retention and Deletion
- Account and content data: Retained for the duration of your active engagement. Upon termination, data is retained for 30 days before permanent deletion.
- Third-party connection tokens: Deleted immediately when you disconnect a service through the portal.
- Analytics data: Retained in connected platforms (e.g. Google BigQuery) for the duration of your engagement and deleted within 30 days of termination.
- Agent run logs: Retained for operational monitoring and deleted with your account data.
Data Security
We implement appropriate technical and organisational measures to protect your information, including encryption of data in transit and at rest, secure authentication, row-level database security policies, and access controls limiting data access to authorised personnel and your designated team members only.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing of your data
- Receive your data in a portable format
- Disconnect third-party services and revoke access at any time
To exercise any of these rights, contact us at hi@hivory.io.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
Contact Us
For questions about this Privacy Policy or our data practices, contact us at hi@hivory.io.
Hivory (Pty) Ltd
South Africa