Privacy Policy

Jakeb Construction LLC (“we,” “us,” or “our”) operates HyveOS at hyveos.app. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. By using HyveOS, you agree to the practices described here.

Account Information

When you create an account, we collect your name (if provided), email address, and password (stored as a secure hash — we never store your plaintext password).

Company and Business Data

We collect information you enter into the platform, including client records, job details, estimates, invoices, change orders, photos, documents, daily logs, and any other data you create or upload while using HyveOS. This data belongs to you (see the Terms of Service for data ownership details).

Payment Information

We do not store your full credit card number or CVV. Payment processing is handled by Stripe, Inc. We receive and store limited billing information returned by Stripe, such as the last four digits of your card, card brand, billing name, and subscription status.

Usage and Technical Data

We may collect technical data automatically, including IP address, browser type, device identifiers, pages visited, and timestamps. This data is used to operate and improve the Service.

Communications

If you contact us by email, we retain that correspondence to respond to you and improve our support.

We use the information we collect to:

• Create and manage your account and company workspace
• Provide, operate, and improve the HyveOS platform
• Process payments and manage your subscription through Stripe
• Send transactional emails (account verification, invoices, team invitations, system notifications) via Resend
• Power AI-assisted features (estimate drafting, suggestions, summaries) via the Anthropic API — your data is sent to Anthropic only to generate responses and is not used to train their models under current agreements
• Detect, investigate, and prevent security incidents or abuse
• Comply with applicable legal obligations
• Communicate with you about product updates, billing changes, or service-critical information

We do not use your business data for advertising, and we do not sell your personal information to third parties.

We share data with the following third-party providers to operate HyveOS. Each provider has its own privacy policy and data practices:

We do not share your data with any other third parties except as required by law.

HyveOS offers optional integrations with Google Calendar and Google Drive. These integrations are not required to use HyveOS and are user-initiated from Settings → Integrations. This section describes exactly what Google data HyveOS accesses, what it stores, how it uses it, and how you can revoke access.

Scopes we request and why:

• Google Calendar — https://www.googleapis.com/auth/calendar.events: HyveOS uses this scope to create, update, and delete calendar events on your primary Google Calendar that correspond to your HyveOS jobs and schedule entries. HyveOS does notread events on your calendar — it only writes (and updates or deletes) the events it itself created.
• Google Drive — https://www.googleapis.com/auth/drive.file: HyveOS uses this scope to create one folder named “HyveOS — [your company name]” in your Drive and upload documents HyveOS generates (such as signed contracts and accepted-estimate PDFs) into that folder. Under the drive.file scope, HyveOS can only see files and folders it created. It does not read, download, modify, or delete any other files in your Drive, and it cannot list or search your Drive contents.

What Google data we store on HyveOS servers:

• Your Google OAuth access and refresh tokens, encrypted at rest using AES-256-GCM
• Your Google account email address — so HyveOS can show you which Google account is connected
• Google Calendar event IDs for the specific events HyveOS created on your calendar — so HyveOS can update or delete those particular events later (no event titles, descriptions, locations, attendees, or other event content is stored)
• One Google Drive folder ID per company workspace — the ID of the “HyveOS — [your company name]” folder HyveOS created for your documents

What we do not store:

• We do not store the contents of any Google Drive files (the file contents stay in your Drive)
• We do not store Google Drive file IDs for files HyveOS uploads — once uploaded, those files live in your Drive under your control
• We do not store the contents (titles, descriptions, locations, attendees) of Google Calendar events
• We never access — and therefore never store — any Google Calendar event or Google Drive file that HyveOS did not itself create

How we use Google user data:

HyveOS uses the Google user data described above solely to provide the Google Calendar sync and Google Drive backup features that you explicitly enabled. To be unambiguous:

• We do not sell Google user data, in any form, to anyone.
• We do not use Google user data for advertising or for any advertising-related purpose, including retargeting, personalized advertising, or interest-based advertising.
• We do not use Google user data to develop, improve, or train generalized or non-personalized AI or machine-learning models.

Sharing with third parties:

Google user data resides within HyveOS's infrastructure (Supabase for the encrypted-token database; Vercel for the application servers that exchange data with Google's APIs — both listed in Section 4). We do not share, transfer, or otherwise disclose Google user data to any other third party, except where strictly necessary to provide the service you requested, to comply with applicable law, or as part of a corporate transaction in which any successor entity is bound by terms at least as protective as this policy.

Retention, disconnect, and revocation:

You can disconnect Google Calendar or Google Drive at any time from Settings → Integrations within HyveOS. On disconnect, HyveOS:

• Calls Google's OAuth revocation endpoint to revoke the refresh token with Google.
• Deletes the stored access token, refresh token, and token-expiry timestamp from our database.
• Retains your Google account email address and (for Drive) the Drive folder ID so that if you reconnect later, HyveOS can identify the same Google account and re-use the existing folder rather than creating duplicates. You can ask us to delete these reconnection records at any time by emailing the address below.
• Does not delete events HyveOS previously created on your Google Calendar or files HyveOS previously uploaded to your Drive. Those remain in your Google account under your control, and you can delete them at any time directly from Google Calendar or Google Drive.

You can additionally revoke HyveOS's access from your Google Account at any time at myaccount.google.com/permissions.

When you delete your HyveOS account, all stored OAuth tokens, the Google account email, integration metadata (including the Drive folder ID), and Google Calendar event IDs stored against your jobs and schedule entries are permanently deleted from HyveOS as part of the standard account-deletion process. Data already in your Google account that HyveOS previously created (calendar events, Drive files) is not affected by HyveOS account deletion and remains under your control.

Limited Use compliance:

HyveOS's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Questions about Google data:

For questions about how HyveOS handles Google user data, or to request deletion of any retained Google account email or Drive folder reference, contact us at support@hyveos.app.

We implement the following security measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers uses TLS/HTTPS encryption
• Row-Level Security (RLS): Our database enforces RLS policies that ensure users can only access data belonging to their own company — enforced at the database level, not just the application layer
• Role-based access control: Within a company workspace, access to features and data can be scoped by user role (admin, manager, field user)
• Hashed passwords: Passwords are hashed using industry-standard algorithms and are never stored in plaintext
• Signed storage URLs: Files and images are served via short-lived signed URLs and are not publicly accessible by default

No security measure is 100% effective. If you believe your account has been compromised, contact us immediately at support@hyveos.app.

We retain your account and business data for as long as your subscription is active. If you cancel your subscription, we will retain your data for 90 days, during which you may export it.

After 90 days post-cancellation, your data may be permanently deleted from our systems and backups. We cannot recover data after this period.

To request early deletion of your account and data, email us at support@hyveos.app. We will process deletion requests within a reasonable time, subject to any legal retention obligations.

Certain data (e.g., billing records, audit logs) may be retained longer as required by applicable law or financial regulations.

HyveOS uses session cookies to maintain your authenticated session. We do not use third-party advertising cookies or cross-site tracking technologies. We may use minimal analytics to understand aggregate usage patterns (e.g., which features are used most frequently).

HyveOS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us immediately.

Depending on your location, you may have rights regarding your personal data, including:

• The right to access the personal data we hold about you
• The right to correct inaccurate data
• The right to request deletion of your data
• The right to export your data in a machine-readable format
• The right to object to certain processing activities

To exercise any of these rights, contact us at support@hyveos.app. We will respond within a reasonable timeframe.

We may update this Privacy Policy from time to time. When we make material changes, we will revise the effective date and notify active users via email or in-app notice. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:

Jakeb Construction LLC
Email: support@hyveos.app
Website: hyveos.app