Privacy Policy · HiveCliq

01 Who We Are

HiveCliq (Pty) Ltd ("HiveCliq", "we", "us") is a private company incorporated in South Africa, with registered offices in Cape Town. We provide AI automation, CRM, and growth-marketing services to clients globally.

Information Officer (POPIA) / Data Protection Officer (GDPR): HiveCliq Information Officer — privacy@hivecliq.com

This Policy explains how we collect, use, share and protect your Personal Information when you visit our website, contact us, chat with our AI sales consultant Lara, or use any HiveCliq service. It is governed by the Protection of Personal Information Act, 2013 (POPIA) for South African data subjects, the General Data Protection Regulation (GDPR) for EU/EEA data subjects, and the California Consumer Privacy Act (CCPA / CPRA) for California residents.

02 What Personal Information We Collect

We only collect information that's relevant to the service we're providing. This typically includes:

Information you give us directly

Identity data — first name, last name
Contact data — email address, phone number, country
Business data — company name, industry, team size, current process, business pain points (volunteered during a Lara conversation or a discovery call)
Marketing data — your communication preferences, campaign sources, UTM parameters
Transactional data — billing address, VAT number, banking details for debit-order set-up (processed by Payfast / PayPal / Stripe — we don't store full card data)
Conversation data — the messages you exchange with Lara, our AI sales consultant; the audio of any voice interactions if you use the (future) voice feature

Information collected automatically

Technical data — IP address, browser type and version, time-zone, device information
Usage data — pages visited, scroll depth, button clicks, referral source
Cookie data — see Section 6

Information from third parties

If you arrive via Google, Meta, LinkedIn or another platform we may receive ad-attribution data (without identifying you personally)
If you book a call through our calendar widget we receive name, email and timezone from the booking platform (GoHighLevel)

03 Why We Collect It (Lawful Bases)

We process Personal Information for the following purposes, on the lawful bases listed:

Purpose	Lawful basis (POPIA / GDPR)
Responding to your enquiry / chat with Lara	Performance of a contract / Consent
Providing the services you've signed up for	Performance of a contract
Sending invoices, processing payments, debt collection	Legal obligation / Contract
Sending marketing emails (newsletters, product updates)	Consent (you can opt out anytime)
Fraud prevention and security	Legitimate interest
Anonymous analytics to improve the website	Consent (cookie banner)
Audit-trail logging (terms acceptance, consent records)	Legal obligation / Legitimate interest

04 AI Conversations with Lara

Lara is our AI sales consultant powered by Anthropic's Claude language model. When you chat with Lara:

The text of your messages is sent to Anthropic's API to generate Lara's response.
Anthropic processes the data per their Commercial Terms and Privacy Policy. Per Anthropic's commercial terms, prompts and outputs are not used to train their models.
The full transcript is stored against your contact record in our GoHighLevel CRM so that we can continue the conversation later, send follow-ups and provide support.
If you book a call, your transcript helps Shawn prepare so he doesn't ask you the same questions again.
You may request deletion of your transcript at any time — see Section 9.

Important: Lara is an AI sales consultant. Her outputs do not constitute legal, medical, financial or other professional advice. You should verify any commitment we make in chat against a written confirmation from Shawn before relying on it.

05 Who We Share Your Information With

We share information only as needed to deliver our services. The third-party processors we work with include:

Processor	Purpose	Where they're based
Anthropic PBC	AI conversation processing (Lara)	USA
HighLevel Inc. (GoHighLevel)	CRM, conversation logs, calendars, marketing automation	USA
Vercel Inc.	Website hosting and serverless functions	USA / EU (Frankfurt)
Cloudflare Inc.	DNS, CDN, DDoS protection	Global
Payfast (Pty) Ltd	South African card and EFT payments	South Africa
PayPal Holdings Inc.	International recurring payments	USA
Stripe Inc.	International card payments (where applicable)	USA / EU
Twilio / Meta (WhatsApp Business)	WhatsApp message delivery	USA
Google LLC	Google Ads, optional GA4 analytics, Workspace email	USA
Meta Platforms Inc.	Facebook / Instagram Ads pixel (only if you consent)	USA
OpenAI	Optional secondary AI features	USA

Each of these processors is contractually bound to handle Personal Information in accordance with applicable data-protection law. We rely on appropriate transfer mechanisms (Standard Contractual Clauses, adequacy decisions where they exist) for international transfers.

We do not sell your Personal Information to any party.

06 Cookies

Our website uses three categories of cookies. The cookie banner you saw on first visit lets you choose which categories to accept.

Essential cookies (always on)

Needed for the site to work — session state, terms-acceptance flag, currency preference for the ROI calculator.

Analytics cookies (on if you accept)

Anonymous visit analytics via Google Analytics 4. Helps us understand which pages work and which don't. IP addresses are anonymised.

Marketing cookies (on if you accept)

Meta Pixel and Google Ads conversion tags so we can retarget you with relevant ads if you've engaged with our content. You can opt out anytime via the banner or directly in Meta's ad preferences and Google's ad settings.

You can revisit your cookie preferences at any time by clearing the hivecliq_cookie_consent entry in your browser's localStorage and refreshing the page.

07 How Long We Keep Your Data

Data type	Retention period
Lara chat transcripts (lead never converted)	24 months from last contact, then deleted
Active client records	For the duration of the engagement + 7 years (SARS / tax compliance)
Marketing email subscribers	Until you unsubscribe + 12 months for audit, then deleted
Cookie consent records	13 months (re-consent required)
Terms-acceptance audit log	10 years from acceptance (legal defence)
Payment records	5 years (SARS / FICA compliance)
Server logs (IP addresses, access logs)	30 days, then aggregated

08 How We Protect Your Information

HTTPS-only across the whole site (HSTS enforced)
API keys and secrets stored in encrypted environment variables, never committed to source control
Role-based access control inside our team — only people who need access have it
Strong password policies and multi-factor authentication on all admin systems
Regular dependency updates and security patches
Automated backups for all critical systems
Incident response: confirmed security incidents notified to affected data subjects within 72 hours

09 Your Rights

Depending on your jurisdiction you have the following rights over your Personal Information:

Right of access — request a copy of what we hold about you
Right to correction — fix inaccurate or incomplete data
Right to deletion ("right to be forgotten") — ask us to erase your data, subject to legal retention requirements
Right to restriction — pause our processing while we investigate a dispute
Right to portability — receive your data in a structured, machine-readable format
Right to object to processing based on legitimate interest, including direct marketing
Right to withdraw consent at any time, where we rely on consent
Right not to be subject to solely automated decisions — Lara qualifies leads, but final decisions on engagement are made by a human (Shawn)
California-specific: right to know what categories of Personal Information are collected and sold (we don't sell), right to opt out of sale (none to opt out of), right to non-discrimination

To exercise any right, email privacy@hivecliq.com. We respond within 30 days (POPIA), 30 days (GDPR) or 45 days (CCPA).

If you believe we've mishandled your data and we haven't resolved it, you can lodge a complaint with:

South Africa: Information Regulator — inforegulator.org.za
EU/EEA: your local Data Protection Authority — edpb.europa.eu
UK: Information Commissioner's Office — ico.org.uk
California: California Privacy Protection Agency — cppa.ca.gov

10 Children

Our services are not directed at children under 18. We don't knowingly collect Personal Information from anyone under that age. If you believe we have, contact us and we'll delete it.

11 Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated by email and/or in-app notification at least 14 days before the effective date. The current version is shown at the top of this page.

12 Contact Us

For any privacy question, request, complaint or concern:

Email: privacy@hivecliq.com
WhatsApp: +27 60 956 2756
Postal: HiveCliq (Pty) Ltd, Cape Town, South Africa

For other terms governing your use of our services, see our Terms & Conditions.

Privacy Policy.