Legal

Privacy Policy

Last updated: March 2026

Information We Collect

Account and tenant information

When you create a Base-Hive account, we collect your email address, password (stored as a one-way hash), and your organization name. If you are added to an existing tenant as a user, we collect your email address.

Connected social account credentials

When you connect a social media account through Base-Hive, we receive and store OAuth access tokens issued by the respective platform (Facebook, Instagram, LinkedIn, X, TikTok, YouTube, Pinterest, Reddit, Telegram, and others). These tokens are encrypted at rest and are used solely to perform actions you authorize — such as publishing posts and retrieving analytics.

Content you create and upload

We store posts, captions, media files (images and video), and platform-specific settings you create or upload through the dashboard or API. This content is stored and associated with your tenant and profile.

API keys

If you generate API keys for machine-to-machine access, we store a SHA-256 hash of each key. The raw key is displayed only at the time of creation and is never stored in recoverable form.

Usage and technical data

We collect standard technical information when you use our services, including IP addresses, browser type, device type, timestamps, API endpoint access logs, and post publishing results. This information is used to operate, secure, and improve the platform.

Webhook configuration

If you configure webhook subscriptions, we store the endpoint URL, event subscriptions, and delivery attempt logs including request and response payloads.

How We Use Your Information

  • To authenticate your identity and maintain your session
  • To connect to social platforms on your behalf and perform actions you authorize
  • To publish posts, retrieve analytics, and deliver webhook events as you request
  • To operate and maintain the platform, including debugging and incident response
  • To enforce our Acceptable Use Policy and protect the platform from abuse
  • To communicate with you about your account, service updates, and security notices
  • To comply with legal obligations

We do not sell your personal information. We do not use your content or connected account data to train machine learning models. We do not share your data with third parties for marketing purposes.

Connected Platform Data

Base-Hive acts as a conduit between you and third-party social platforms. When you connect an account, you authorize us to act on your behalf using the permissions granted during the OAuth flow. We store only what is necessary to perform those actions — primarily OAuth access and refresh tokens.

Each connected account's tokens are scoped to the profile (workspace) you connect them to. Tokens are encrypted at rest. We do not access platform data beyond what is required to fulfill your requests.

Your relationship with each social platform — including that platform's data practices, terms of service, and privacy policies — remains governed by your agreement with that platform.

Whitelabel Embed and Connect Sessions

If you use Base-Hive's whitelabel connect flow to allow your own users to connect social accounts through your product, Base-Hive receives and stores OAuth credentials for those end-users in the same manner described above. As the tenant operating the whitelabel embed, you are responsible for ensuring your end-users have been appropriately informed about how their data is handled.

AI Agent Access (MCP)

When AI agents access Base-Hive through the Execution MCP (available in Phase 1), they operate under the authentication and permissions of the tenant API key used to connect. All actions taken by an AI agent are logged and associated with your tenant account. You are responsible for the actions taken by agents authorized to use your API key.

Cookies and Analytics

We may use privacy-respecting analytics tools to understand aggregate usage patterns across the platform. We do not use cross-site behavioral advertising or sell browsing data to third parties. If we implement client-side tracking beyond what is necessary for authentication and session management, we will update this policy.

Data Retention

We retain your account data for as long as your account is active. Post content, media, analytics data, and webhook logs are retained according to your plan tier and may be subject to storage limits. You may delete profiles, posts, and media at any time through the dashboard or API.

If you close your account, we will delete or anonymize your personal data within 30 days, subject to any legal retention obligations. You may request deletion of your data at any time by contacting us.

Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a structured format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at the address below. We will respond within 30 days. For users subject to GDPR, we will respond within the timeframe required by applicable law.

Data Security

We use industry-standard practices to protect your data, including encrypted storage of OAuth tokens and API credentials, HTTPS for all data in transit, and access controls limiting who within our organization can access tenant data. No system is completely secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

International Processing

Base-Hive is operated globally. Data you submit may be processed in jurisdictions outside your country of residence, including the United States. By using Base-Hive, you acknowledge that your data may be transferred to and processed in countries with different data protection frameworks than your own. Where required, we implement appropriate safeguards for such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by displaying a prominent notice in the dashboard. The date at the top of this page reflects when the policy was last updated.

Contact

If you have questions or requests related to your personal data, please contact us through the contact form on our website. We will respond to privacy-related requests within a reasonable timeframe.