1. Who we are
HiveKeeper is operated by Culshaw Consulting Ltd, a company registered in England and Wales (company number 16938477).
Registered office:
30 Stanion Road
Brigstock
Northamptonshire NN14 3HW
United Kingdom
For the purposes of UK GDPR, Culshaw Consulting Ltd is the data controller for the personal data we collect through HiveKeeper.
You can contact us about privacy matters at [email protected].
2. What data we collect
Account data
When you create an account, we collect your email address, display name, and a hashed password. You may optionally provide a phone number, postal address, and emergency contact details for the in-app SOS feature.
Beekeeping data
The core purpose of HiveKeeper is to help you manage your apiary. We store the data you record about:
- Your apiaries (names, locations, landmarks, photos)
- Your hives (names, rows, status, box types, historical changes)
- Inspections (dates, notes, frame composition, queen sightings, varroa counts, treatments, photos, voice recordings)
- Harvests and equipment inventory
Voice and photo data
When you use voice recording during an inspection, audio is sent to our transcription service for conversion to text. The resulting text is stored as part of your inspection record; the audio itself is not retained by HiveKeeper beyond the time needed for transcription. Photos you upload are stored securely and linked to the relevant hive or inspection.
AI conversation data
When you use the HiveKeeper AI chat or frame photo analysis, your question and relevant apiary context are sent to our AI providers. These providers process the data solely to generate a response; they do not retain it to train their models (in line with their enterprise data commitments).
Location data
If you choose to, you can record the precise location of your apiaries and hives using your device's GPS. This is optional. HiveKeeper does not track your device's location in the background.
Payment data
If you subscribe to a paid plan, payment is handled entirely by our payment processor, Stripe. We do not see or store your full card details — we only receive a subscription identifier and billing status.
Referral scheme data
If you use the HiveKeeper referral scheme, each account is assigned a unique referral code. When someone signs up using your code, we link the two accounts by internal ID only. Email addresses and personal details are never shared between referrer and referee. Referral records are deleted if either account is deleted.
Technical data
When you use the app, we automatically receive basic technical information including your IP address, device type, browser, and app version. This is used to help the app function and to diagnose issues.
3. How we use your data
We use your data for the following purposes:
- Providing the service: Storing your hives, apiaries, and inspections so you can access them across devices.
- AI-powered features: Sending your question and apiary context to AI providers to generate personalised beekeeping advice or analyse frame photographs.
- Voice transcription: Converting your inspection voice notes into written text.
- Payment processing: Managing subscriptions and invoices via Stripe.
- Transactional communications: Sending essential emails such as sign-up confirmation, password resets, trial expiry notices, and subscription receipts.
- Marketing (opt-in): With your consent, sending product updates and newsletters. You can opt out at any time.
- Improving the service: Understanding general usage patterns and diagnosing bugs. We do not use your beekeeping data or voice recordings for product development or training AI models.
- Legal compliance: Retaining invoices and subscription records as required by UK tax law.
4. Legal basis for processing
Under UK GDPR, we must have a lawful basis for processing your data. The bases we rely on are:
| Purpose | Legal basis |
|---|---|
| Providing the HiveKeeper service | Contract (Article 6(1)(b)) |
| Payment processing | Contract (Article 6(1)(b)) |
| Transactional emails (essential) | Contract (Article 6(1)(b)) |
| Marketing emails | Consent (Article 6(1)(a)) — opt-in required |
| Referral scheme | Contract (Article 6(1)(b)) — part of the scheme you opt into |
| First-party analytics and in-app advertising | Legitimate interest (Article 6(1)(f)) — product improvement and sustainability. No personal content analysed. |
| Service improvement and security | Legitimate interest (Article 6(1)(f)) |
| Legal and tax record keeping | Legal obligation (Article 6(1)(c)) |
5. Third parties and subprocessors
To run HiveKeeper, we rely on the following trusted service providers. Each handles your data under their own privacy policies and contractually agreed data protection terms.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | AWS eu-west-2 (London, UK) |
| Cloudflare | Worker functions, API proxy, content delivery, security | Global edge (UK/EU primary) |
| GitHub Pages | Static web hosting for marketing pages — no user data | Global CDN |
| OpenAI | Voice transcription (Whisper) — processed in real time via paid API, not retained | United States |
| Anthropic | AI chat and frame photo analysis (Claude) — processed in real time via paid API, not retained | United States |
| Stripe | Payment processing and subscriptions | United Kingdom / Ireland |
| Resend | Transactional and marketing email delivery | United States |
| Median | Native mobile app wrapper (Android / iOS) — no user data stored | United States |
| Open-Meteo | Live weather for your apiaries — GPS coordinates only, no personal data | Germany / EU |
| postcodes.io / Nominatim | Geocoding of apiary locations — postcodes/town names only | UK / EU (open-source) |
| Leaflet.js / ESRI / OpenStreetMap | Satellite map tiles — no personal data transmitted | Global CDN |
| Google Charts API | QR code generation for hive labels — hive identifiers only, no personal data | Google global CDN |
These providers are contractually bound to process your data only on our instructions and to maintain appropriate security measures.
6. International data transfers
Some of our subprocessors are based outside the UK and European Economic Area (EEA). Where data is transferred outside the UK/EEA, we rely on appropriate safeguards as required by UK GDPR, including the UK's International Data Transfer Agreement (IDTA), the EU Standard Contractual Clauses (SCCs) with the UK addendum, or adequacy decisions where applicable.
Your primary beekeeping data is stored on Supabase (AWS eu-west-2, London, UK).
7. How long we keep your data
| Data type | Retention period |
|---|---|
| Your account and beekeeping data | While your account is active |
| Deleted account data | Removed within 30 days of deletion request |
| Backup copies | Up to 90 days in rolling backups |
| Invoices and subscription records | 6 years (UK tax and accounting law) |
| Error logs and security logs | 90 days |
| Marketing consent records | Until you unsubscribe, plus 6 months |
8. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Access — request a copy of the data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (“right to be forgotten”)
- Restriction — ask us to pause processing in certain circumstances
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest, or to marketing
- Withdraw consent — at any time, where processing relies on consent
Most of these can be exercised directly in the app: you can export or delete your data from the Settings screen. For anything else, email [email protected] and we will respond within one month.
You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly. We'd appreciate the chance to put things right first — please contact us before going to the ICO.
9. Security
We take reasonable technical and organisational measures to protect your data:
- Encryption of data in transit (HTTPS / TLS 1.2+)
- Encryption of data at rest (provided by Supabase and our subprocessors)
- Role-based access controls and row-level security on our database
- Hashed passwords (never stored in plain text)
- Secure API keys stored as secrets, never exposed to client code
- Regular software updates and dependency monitoring
Despite our efforts, no online service is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and the ICO as required by law.
See also our Security Policy for more detail.
10. Age restrictions
HiveKeeper is intended for users aged 18 or over. By signing up, you confirm that you are at least 18 years old. This reflects that paid subscriptions are processed via standard payment cards, which are generally only available to adults.
We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe a minor has signed up for HiveKeeper, please contact [email protected] and we will delete the account and any associated data as soon as reasonably possible.
11. Marketing communications
We may send you occasional product updates, newsletters, or offers related to HiveKeeper. We will only do this where:
- You have opted in at sign-up or in your account settings; or
- You are an existing customer and the communication concerns similar services (under the “soft opt-in” rule in UK PECR), with a clear opt-out in every message.
Every marketing email includes an unsubscribe link. You can also opt out at any time by emailing [email protected].
Transactional emails — password resets, trial expiry, payment receipts — will continue to be sent regardless of your marketing preferences, as they are essential to the service.
12. Cookies, analytics, and advertising
Cookies and local storage
HiveKeeper uses a small number of cookies and similar technologies, all for essential functionality:
- Authentication cookies — to keep you signed in
- Preference storage (local storage and session storage) — to remember your settings, current apiary, and cached data for offline use
We do not use advertising cookies, tracking pixels, or third-party analytics services such as Google Analytics, Hotjar, Mixpanel, or Segment. We do not share browsing data with advertising networks.
First-party analytics
We operate our own privacy-first analytics built on Supabase. We record non-personal usage signals to help us understand how HiveKeeper is used and to improve features. No third parties are involved.
What we record:
- Screen views — which screens you visit within the app
- Feature usage — events such as inspections saved, photos uploaded, reports viewed
- Paywall interactions — when you encounter a plan limit (to help us calibrate limits fairly)
- Onboarding completion — whether setup finished successfully
What we never record in analytics:
- The content of your inspection notes or transcripts
- Photos, audio, or any media
- Your location beyond the apiary postcode you choose to enter
- Any data from outside HiveKeeper
In-app advertising
Free-tier accounts, and occasionally Pro-tier accounts, may see adverts within the app. These adverts are served from a static, curated list maintained by us. There is no external ad network, no tracking pixel, no behavioural targeting, and no data sharing with advertisers. Commercial-tier accounts and Founding Beekeepers never see adverts.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes to our service, law, or best practice. When we make material changes, we will:
- Update the “Effective” date at the top of this page
- Notify you in-app or by email if the change affects how we handle your data
- Keep previous versions available on request
14. Contact us
For any questions about this Privacy Policy or how we handle your data:
Email: [email protected]
Post:
Privacy Enquiries
Culshaw Consulting Ltd
30 Stanion Road
Brigstock
Northamptonshire NN14 3HW
United Kingdom
You also have the right to complain to the UK Information Commissioner's Office:
ico.org.uk · 0303 123 1113
Back to HiveKeeper