← Back to HiveJammer

Privacy Policy

Last updated: 20 March 2026

This Privacy Policy explains how HiveJammer Personal ("the App") collects, uses, and protects your data. We are based in Dublin, Ireland, and operate under the General Data Protection Regulation (GDPR) and applicable Irish data protection law.

1. Data Controller

James Adamson, Dublin, Ireland
Contact: support@hivejammer.com

This section will be updated with full company registration details upon incorporation.

2. Data We Collect and Store

Data	Purpose	Legal Basis
Email address	Account creation and authentication	Contract
Scan metadata	Scan history (timestamps, threat verdicts, scan type)	Legitimate interest
Beta feedback	Product improvement during beta	Consent
Subscription status	Managing premium access	Contract

What we do NOT collect or store:

• The actual content of your screenshots, images, or videos
• Your passwords (breach check uses k-anonymity — see Section 4)
• Your browsing history or internet traffic
• Device contacts, call logs, SMS messages, or location data

3. Data We Process but Do NOT Retain

Some data is sent to third-party services for real-time analysis and is not stored by us after processing:

Data	Purpose	Retention
Screenshot/image data	Sent to Grok (xAI) and/or SightEngine for threat/deepfake analysis	Transient
URLs	Checked via link scanner heuristics and Google Web Risk	Transient
QR code content	Analysed for security risks	Transient
Message text	Analysed for phishing/scam indicators via heuristics and AI	Transient

4. Breach Check — Special Handling

Password breach checks use the Have I Been Pwned (HIBP) k-anonymity model. Your password is hashed (SHA-1) entirely on your device. Only the first 5 characters of the hash are sent to the HIBP API. Your actual password never leaves your device.

Email breach checks send your email address to the XposedOrNot API to look up known breaches associated with that address.

5. Third-Party Processors

We use the following third-party services. Each receives only the data necessary for its specific function:

Processor	What They Receive	Purpose
Grok (xAI)	Image/text data for analysis	AI-powered threat detection
SightEngine	Image/video data	Deepfake and AI content detection
Google Web Risk	URLs	Malicious URL detection
AlienVault OTX	App hash (SHA-256)	Malware threat intelligence
Supabase	User accounts, scan metadata	Backend database (EU-hosted)
Have I Been Pwned	First 5 chars of password hash	Password breach lookup
XposedOrNot	Email address	Email breach lookup
Stripe	Payment details (handled by Stripe)	Subscription billing
Sentry	Crash reports (no personal data)	App stability monitoring

We do not sell, rent, or share your personal data with any third party for advertising, marketing, or profiling purposes.

6. VPN — Data Handling

• No traffic logging. We do not log, inspect, filter, or monitor your internet traffic.
• Connection metadata only. We may retain minimal connection timestamps for service operation.
• DNS queries are routed through encrypted resolvers (Cloudflare or AdGuard) and are not logged by us.
• WireGuard encryption protects all data in transit.

7. Data Retention

Data	Retention Period
Account data (email, subscription)	Until you delete your account
Scan history/metadata	Until you delete your account or clear history
Beta feedback	Retained for product improvement; anonymised where possible
Crash reports (Sentry)	Per Sentry's retention policy (typically 90 days)

You can delete your account and all associated data at any time through the App's settings.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your data ("right to be forgotten")
• Data portability — Receive your data in a structured, machine-readable format
• Objection — Object to processing based on legitimate interest
• Restriction — Request that we limit how we process your data
• Withdraw consent — Where processing is based on consent, withdraw it at any time
• Lodge a complaint — File a complaint with the Data Protection Commission (DPC)

To exercise any of these rights, contact us at support@hivejammer.com. We will respond within 30 days.

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
www.dataprotection.ie

9. International Data Transfers

Some of our third-party processors (Grok/xAI, SightEngine, Google Web Risk) may process data outside the European Economic Area (EEA). Where data is transferred outside the EEA, it is protected by Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms under GDPR Article 46.

10. Children's Privacy

HiveJammer is not directed at children under 13. We do not knowingly collect personal data from children under 13. Users aged 13 to 16 in the EEA require parental or guardian consent, as required by GDPR Article 8.

11. Security Measures

• Server-side API keys — All API keys are stored on our backend proxy, not in the App
• Encryption in transit — All API communications use HTTPS/TLS
• VPN encryption — WireGuard protocol for VPN connections
• No plaintext passwords — Password breach checks use k-anonymity hashing on-device
• Encrypted local storage — Scan history is encrypted on your device using HMAC-SHA256

12. Cookies and Tracking

The App does not use cookies, web beacons, or third-party tracking SDKs. We do not track you across apps or websites. We do not serve advertisements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. The "Last updated" date at the top reflects the most recent revision.

14. Contact

For any questions, data requests, or privacy concerns:
support@hivejammer.com