Privacy Policy

1. Introduction

Quail'a Bee Solutions LLC, doing business as HiveMasterPro™ ("we," "our," or "us"), is a Wyoming limited liability company located at 30 N Gould St #56930, Sheridan, WY 82801, USA. We provide a beekeeping management platform for hobbyists, sideliners, and commercial beekeepers in the US and Canada. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, create an account, or use the HiveMasterPro application (web, iOS, Android), the HiveMasterPro Field Tech app, or the HiveMasterPro Fleet app.

We are committed to protecting your privacy and handling your data in accordance with applicable laws, including the General Data Protection Regulation (GDPR) for users in the EU/EEA, the California Consumer Privacy Act (CCPA) for California residents, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian residents.

2. Data We Collect

2.1 Website and Account Signup

When you visit our landing page or create an account, we collect:

• Email address (when you submit the signup form)
• Technical data such as IP address, browser type, device information, and approximate location
• Usage data (e.g., pages visited, interactions) when analytics are enabled and you have accepted the cookie banner
• Cloudflare Turnstile signals used to detect automated abuse on contact and signup forms

2.2 HiveMasterPro Application

When you create an account and use the app, we collect and store the following categories. Items marked optional are gated behind a per-feature consent toggle in Settings, and you can disable them at any time:

2.2.a Account & Profile

• Email, hashed password, name, optional business name, phone, address (street, city, state, zip, country), avatar, mentorship preferences, years of experience, state apiary license number and licence documents, multi-factor authentication (TOTP) enrolment

2.2.b Beekeeping records

• Apiaries (name, coordinates, environment), hives (full configuration, equipment, queen info, lineage), harvests, honey batches, winter prep, queen rearing graft batches and cell-stage tracking

2.2.c Field operations

• Inspections, pests, treatments, photos (optional), audio recordings (optional), GPS device location (optional), QR / NFC scan events, AI feedback ratings, voice transcripts (optional)

2.2.d Logistics

• Loads, manifests, vehicle records (VIN, plate, fuel logs, odometer), DVIR (Driver Vehicle Inspection Report) signatures and defect photos, driver location pings during active loads (optional, only while a load is in transit)

2.2.e Compliance

• State movement permits, health certificates, ELAP and CFIA exports, insurance policy PDFs and AI-extracted summaries, jurisdiction-aware filing tasks managed by Compliance Automation

2.2.f Commerce

• Sales CRM customer records, products, orders, invoices, fulfilment status; Stripe customer ID and subscription ID only (no card data — see §4)

2.2.g Sensor & IoT

• BroodMinder, HoneyPi, BeeLogger, MQTT and BLE readings when you link sensors to your hives

2.2.h AI inputs and outputs

• Photos, audio, and voice transcripts that you submit to AI features (optional, consent-gated per feature); AI outputs (frame summaries, sound-analysis verdicts, AI insights, AI-generated narratives) and AI feedback ratings you provide

2.2.i Telemetry

• Screen views and feature-usage events used to improve the app, Sentry crash reports, Cloudflare Turnstile signals on sensitive forms, landing-page Vercel Analytics page-view counts (cookie-consent gated)

3. How We Use Your Data

We use your data to:

• Provide, maintain, and improve the HiveMasterPro platform
• Process your signup and send account setup instructions
• Authenticate your account and manage your subscription
• Store and sync your beekeeping records across devices
• Power AI features (e.g., inspection parsing, Varroa risk prediction, insurance policy analysis) using third-party AI providers
• Provide weather data for apiaries and inspections
• Enable map features (geocoding, location picker) when configured
• Process Pre-Sales reservations made by your customers (where you operate as a producer using HiveMasterPro), including reservation status, pickup-window scheduling, waitlist promotion, and customer-initiated reschedule or contact-info updates
• Send transactional notifications you trigger to your customers (reservation confirmations, pickup reminders, waitlist promotion notices, producer messages) over the included SMS and email rails
• Respond to support requests and feedback
• Comply with legal obligations and enforce our terms

4. Data Hosting and Third-Party Subprocessors

Your data is hosted and processed by the following categories of subprocessors. A full list with regions, sub-processor SOC 2/ISO posture, and DPA links is published at our Data Processing Addendum page.

4.1 Hosting & Infrastructure

• Supabase (Pro): Postgres database, authentication, file storage, Edge Functions. SOC 2 Type II, GDPR-compliant. US region.
• Vercel (Pro): Landing-page and web-app hosting; processes IP addresses and request metadata. SOC 2 Type II.
• Cloudflare: CDN, WAF, and Turnstile bot-detection on sensitive forms.

4.2 Payments

• Stripe: Subscription billing, Customer Portal, webhook events. PCI-DSS Level 1. We never see or store card numbers.

4.3 AI Subprocessors (consent-gated)

The following providers process consented inputs (text, image, audio) for AI features. Each provider is invoked only by the feature that names it:

• Anthropic (Claude): Inspection parsing, AI insights, frame photo analysis (LLM stage), sound-analysis narrative, AI Assistant chat.
• OpenAI: Voice transcription (Whisper) and select chat fallbacks when a customer brings their own key.
• Google Gemini: Multi-provider verification cascade for frame photo analysis and queen detection.
• Roboflow: Specialist computer-vision detection (Varroa, queen, queen cell, brood, hive beetle, wax moth, pollen, DWV) used as ground truth that the LLM references.
• Groq: Low-latency LLM serving for the Morning Briefing and other timing-sensitive narratives.
• xAI / Grok (grok-4.3 family): Platform-managed text-reasoning resilience layer, enabled by default in production and used as a fallback in the AI cascade for text-reasoning tasks only — never for vision or audio. Customers may also supply their own xAI API key in Settings (BYO-key), which takes precedence over the platform-managed endpoint.

No AI provider listed above receives your data unless the feature that uses it is enabled in Settings and you trigger it. We do not feed your content into model-training datasets.

4.4 Maps, Weather & Public Open Data

• Open-Meteo (primary): Free weather forecast API used by every apiary by default. Operations may switch to OpenWeatherMap as a fallback when they supply their own API key in Settings.
• Google Maps: Map display, geocoding, and POI placement.
• USDA APHIS / NASS CropScape (CDL): Public agricultural land-use data used by Forage Intelligence and Regional Intelligence.
• NASA LANCE / ORNL DAAC MODIS: Public satellite NDVI vegetation index — the measured pixel-statistics baseline used by Forage Intelligence.
• Planet Labs (Basemaps v1): Daily high-resolution satellite mosaics. Enabled by default in production. The apiary's latitude and longitude are sent to api.planet.com to retrieve the most recent imagery quad for the surrounding area, used by Forage Intelligence and the Bloom Calendar as a vegetation-signal proxy. Results are labeled “(estimated)” in the app's data-source attribution to distinguish them from the measured NDVI sourced from NASA / ORNL DAAC MODIS.
• iNaturalist: Public bloom and pollinator observations used by the Bloom Calendar.
• EPA / PMRA: Public treatment product database (PHI, withdrawal periods, label search).

4.5 Telemetry & Error Reporting

• Sentry: Crash and error reporting from the apps and landing page. PII is scrubbed before transmission where reasonably possible.
• Vercel Analytics: Aggregate page-view counts on the landing page. Loaded only after you accept the cookie banner.

4.6 Public Blockchain (optional)

• Polygon: When you choose to anchor a honey batch's SHA-256 metadata hash to a public blockchain for traceability, the hash and a transaction reference are written to the Polygon network. No personal data, no wallet, and no cryptocurrency are ever required of you — credit-pack purchases cover the gas fee on your behalf.

4.7 Customer Communications (Pre-Sales SMS & email)

When you (as a producer using HiveMasterPro) trigger a customer-facing notification — for example, a reservation confirmation, pickup-window reminder, or waitlist promotion notice — the message is sent over a HiveMasterPro-managed communication rail. You do notneed a Twilio or SendGrid account of your own. The customer's phone number or email address (which they provided when making the reservation) is forwarded only to the rail handling that specific message.

• Twilio: SMS rail for reservation confirmations, pickup reminders (24-hour and 2-hour), waitlist promotion notices, and producer-authored SMS messages. Twilio also processes inbound replies (which surface in the producer's Communication Center inbox) and delivery status webhooks. Industry-standard message-data retention.
• SendGrid: Transactional email rail for the same Pre-Sales notification templates plus the producer daily inbox digest. SendGrid handles delivery, bounce, complaint, and unsubscribe webhooks; bounces and complaints surface in the producer's Communication Center inbox so producers can verify or remove bad addresses.

Customer-provided contact details collected through public reservation links are stored on the producer's tenant in Supabase (§4.1) and are subject to the same Row-Level Security and access controls as other producer data. We do not market to your customers, sell their contact information, or use it for any purpose other than executing the producer's requested workflow.

We use Data Processing Agreements (DPAs) with each subprocessor where required by law. Data may be transferred to and processed in the United States and other countries where our providers operate. For EU/EEA users, we rely on Standard Contractual Clauses and adequacy decisions where applicable.

5. Payment Information

Subscription payments and one-time purchases (such as blockchain verification credit packs) are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you subscribe to a paid plan or make a purchase, the following data is collected and shared with Stripe for the purpose of processing your transaction:

• Billing name and billing address
• Payment method details (card brand, last four digits, and expiration date)
• Email address (for receipts and payment correspondence)
• Transaction amount, currency, and subscription plan identifier

What we store: HiveMasterPro retains only your Stripe customer ID, subscription ID, subscription status, plan tier, billing email, billing-cycle dates, and transaction history (amounts, dates, and invoice references). We do notstore full credit card numbers, CVVs, or complete payment credentials on our servers at any time. All sensitive payment data is handled exclusively within Stripe's PCI-compliant environment.

Retention: Billing information (name, address, transaction history, and payment method metadata) is retained for the duration of your subscription and for a reasonable period thereafter as necessary for subscription management, refund processing, tax reporting, and compliance with applicable financial record-keeping obligations.

Stripe's data practices: Stripe processes your payment data in accordance with its own privacy policy, available at stripe.com/privacy. For information about how Stripe collects, uses, and protects your data, please refer to that policy directly.

Deletion requests: You may request deletion of your billing data by contacting us. Deletion requests are subject to applicable legal retention requirements (e.g., tax records, financial auditing obligations, and dispute resolution).

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS) and at rest
• Row-level security and access controls so users can only access their own data
• Secure authentication and credential storage
• Regular security practices and updates

In the event of a data breach that affects your personal data, we will notify you and relevant regulators as required by law (e.g., within 72 hours under GDPR).

7. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. When you delete data in the app or close your account, we will remove it from our active systems. Backup copies may persist for a limited period (typically up to 90 days) before being overwritten. We may retain certain data as required by law (e.g., for tax or legal compliance).

90-day Trash: When you delete records inside the app (apiaries, hives, harvests, batches, reservations, etc.), they are first soft-deleted into a Trash bin where they remain restorable for 90 days, after which they are auto-purged. Soft-deleted records are hidden from analytics, regional intelligence, and team views during the 90-day window. Every delete and restore is recorded in the per-tenant audit log.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Opt-out of sale: We do not sell your personal data. California residents may opt out of the "sharing" of personal information for cross-context behavioral advertising.

To exercise these rights, contact us. You can also export your data from the app (ELAP PDF/CSV, hive count exports, and reports). We will respond to valid requests within the timeframes required by applicable law.

9. AI and Automated Processing

HiveMasterPro uses AI features for inspection parsing, Varroa risk prediction, insurance policy analysis, and other insights. These features send relevant data to our AI processing provider(s) for analysis. AI outputs are not guaranteed to be accurate and should not be relied upon as professional advice. We do not use your data to train third-party AI models unless you have given explicit consent or we have disclosed this in a separate agreement.

10. Cookies & Similar Technologies

Our website may use essential cookies for session management and basic functionality. We do not use non-essential tracking cookies for advertising without your consent. If we add analytics or marketing cookies in the future, we will update this policy and obtain consent where required.

11. Children

HiveMasterPro is not intended for users under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

For questions about this Privacy Policy or our data practices, reach out via our contact page or write to us at:

Quail'a Bee Solutions LLC
30 N Gould St #56930
Sheridan, WY 82801, USA