Privacy Policy

Last updated: 7 June 2026

1. Data Controller

Jonas Fendel
Körnerstraße 14
64653 Lorsch
E-Mail: contact@hivekraft.com

2. Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Master data (e.g., names, addresses)
  • Contact data (e.g., email)
  • Content data (e.g., form inputs, beekeeping data)
  • Usage data (e.g., pages visited, access time)
  • Meta/communication data (e.g., device information, IP addresses)

3. Legal Basis

Below you will find an overview of the legal bases of the GDPR on which we process personal data:

  • Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of a contract (Art. 6(1)(b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party.
  • Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller.

3.X AI Transparency (AI Act Art. 50)

When using generative AI features (chat assistant, voice structuring, design studio, label suggestions, photo analysis), you are informed pursuant to Art. 50(1) of Regulation (EU) 2024/1689 (AI Act) that you are interacting with an AI system or that content has been generated by an AI system. Notification is provided via a visible indicator ("AI" badge) directly on the AI feature. Application date of the AI Act transparency obligations: 2026-08-02.

4. User Account / Registration

During registration, we collect the following data: name, email address, password (hashed with bcrypt). Processing is based on Art. 6(1)(b) GDPR for the performance of a contract.

During use of the service, we store the beekeeping data you enter (apiaries, hives, inspections, treatments, harvests, etc.). This data is used exclusively for providing the service.

4.X Account deletion with 14-day grace period (recovery phase)

When you delete your Hivekraft account, the final anonymization of your personal data is not executed immediately, but only after a 14-day grace period elapses. This pattern reflects the industry-standard interpretation of the right to erasure (Art. 17 GDPR) used by GitHub, Google and Apple, and is GDPR-compliant because you are fully informed about the deletion throughout the grace period and may revoke it at any time. Concrete data flow during the grace period: • When you click 'Delete account', a timestamp deletionScheduledAt = now + 14 days is set on your record; existing login sessions are invalidated immediately (tokenVersion bump). • A cryptographically random recovery token is generated — only the SHA-256 hash of the token is stored in the AccountDeletionToken table (token-at-rest is never readable). The plaintext token is sent exclusively via email to you and is valid for 14 days. • You receive a recovery email via Brevo (Sendinblue GmbH, Berlin, Germany — see §8.2) with a recovery link. As long as you click the link within the 14-day window, the scheduled deletion is fully reversed. • After 14 days have elapsed, an hourly cron job (account-deletion-anonymize) executes the final anonymization of your personal data: name, email and personal fields are overwritten; audit-relevant treatment-book data (treatments, EU 2019/6 Art. 108, 5-year retention obligation) remain pseudonymized. • If a bee disease quarantine block is active, deletion is not initiated (see §10.X bee disease reporting obligation). Legal basis: Art. 17 GDPR (right to erasure) in conjunction with Art. 6(1)(b) GDPR (performance of the lifecycle contract). Retention period of the recovery token: 14 days (matching the grace period; hard-delete after consumption or expiry). Recipient of the recovery email: Brevo (EU/DE, no third-country transfers).

5. Authentication / Session

We use JSON Web Tokens (JWT) for authentication. Tokens are stored as HTTP-only cookies and are valid for 30 days. No tracking cookies are used.

6. Hosting and Servers

The application is hosted by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with Hetzner. All data processing takes place exclusively on servers in Germany. When accessing our website, information is automatically stored in server log files transmitted by your browser (IP address, browser type, operating system, referrer URL, time of access).

7. Cookies

We distinguish two cookie categories that you can control separately:

  • Session cookie - Contains the encrypted authentication token. Validity: 30 days. Essential for login.

Beyond this, we use NO advertising or tracking cookies. For anonymized web analytics, we use Umami (see §13) — Umami itself uses NO cookies (cookieless), but stores a short-lived anonymous visit ID in the browser's localStorage. This is only set after your consent.

Consent Audit Trail (GDPR Art. 7(1))

Pursuant to Art. 7(1) GDPR, we are required to demonstrate your cookie consent. Therefore, each time you click 'Accept' or 'Decline' in the cookie banner, we store a server-side audit log containing: timestamp of consent, selected options (necessary/analytics), version of the privacy policy, and an anonymized hash of your IP address (SHA-256 with a project-specific salt — plaintext IPs are never stored). Retention period: 5 years (legal proof obligation). These logs are included in your data export (Settings → Export Data). The legal basis is Art. 6(1)(c) GDPR (legal obligation) in conjunction with Art. 7(1) GDPR.

Withdrawal of Cookie Consent (Art. 7(3) GDPR)

You can withdraw your consent for cookie usage at any time. This withdrawal applies exclusively to cookie consent — it is not to be confused with the consumer right of withdrawal for our subscription plans (see Right of Withdrawal).

Click 'Cookie Settings' in the footer. If you are logged in, we automatically mark your previous consent record as withdrawn server-side — no additional action required.

We do not delete your original consent record but supplement it with the withdrawal timestamp. This ensures we can prove that you consented and withdrew (accountability, Art. 5(2) GDPR).

You can also withdraw without a user account — the mechanism is just different: A new 'declined' record is created. We do not link anonymous consent logs to each other, as a reverse search via session IDs would enable inadmissible re-identification (data minimization, Art. 5(1)(c) GDPR).

Despite your withdrawal, we retain the audit record for another 5 years — analogous to § 147 AO (German Tax Code) and EDPB recommendations for accountability. After this period, automatic deletion occurs. This retention is permitted (Art. 17(3)(b) GDPR).

If you delete your Hivekraft account, the consent logs linked to your account are pseudonymized: the user field is set to null, while the audit contents (timestamp, choice, IP hash) remain preserved. This simultaneously fulfills your right to erasure (Art. 17 GDPR) and our accountability obligation (Art. 7(1) GDPR).

8. Data Processors and Third-Party Services

To provide our service, we use the following third-party providers that process personal data on our behalf:

8.1 Payment Processing (Stripe)

For processing payments for paid plans, we use Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, USA). When subscribing to a paid plan, your payment data (credit card details, billing address) is processed directly by Stripe. We do not store any complete payment data — only a Stripe customer ID and the subscription status. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Stripe is certified under the EU-US Data Privacy Framework. Stripe Privacy Policy.

8.2 Email Delivery (Brevo)

For sending transactional emails (registration confirmation, password reset), we use Brevo (Sendinblue GmbH, Berlin, Germany). Your email address is transmitted to Brevo for this purpose. Brevo processes data on servers within the EU. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). In addition to transactional emails, we send optional service notifications (e.g., reminders, tips). You can disable these in Settings. Brevo Privacy Policy.

8.3 Social Login (Google, Facebook)

You may optionally sign in via Google or Facebook (OAuth 2.0). In doing so, we only receive your name and email address from the respective provider. We do not gain access to your social media profiles or contacts. The use of Social Login is voluntary — registration via email and password is also available. The legal basis is Art. 6(1)(a) GDPR (consent).

8.4 Error Tracking (Sentry)

To detect and resolve errors, we use Sentry (Functional Software, Inc., USA). Sentry is certified under the EU-US Data Privacy Framework (DPF). We use the EU ingest endpoint (ingest.de.sentry.io) so the initial processing occurs within the EU. IP addresses are server-side scrubbed, no personal data is actively transmitted (sendDefaultPii: false). Retention: 30 days. The data transmitted consists of technical error data (stack traces, browser, URL). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in error remediation and system stability).

8.5 IP Reputation Protection (CrowdSec)

To defend against automated attacks (bots, brute-force, known attack patterns) we use CrowdSec (CrowdSec SAS, France). CrowdSec analyzes server-side access patterns and reports IP addresses that repeatedly exhibit malicious behavior to a community reputation network (crowd intelligence). Only technical access metadata is processed (IP address, user agent, requested URL, status code). Server location: EU (France). The legal basis is Art. 6(1)(f) GDPR (legitimate interest in IT security).

8.6 Speech Transcription (AssemblyAI)

For the audio transcription of voice input (Voice Roundup, dictation) we use AssemblyAI Inc. (Dublin, Ireland — EU region 'Universal-3 Pro'). Data transmitted: the audio binary (max. 30 minutes per recording) and an anonymous job ID. Processing has been in production since May 2026. Audio files are discarded after the transcription completes — a retention policy of 0 days has been requested from AssemblyAI. A processor relationship with AssemblyAI Inc. is in place; a data processing agreement pursuant to Art. 28 GDPR will be concluded shortly (as of May 2026). Server location: EU (Dublin, Ireland) — no third-country transfer to the USA. The legal basis is Art. 6(1)(a) GDPR (consent).

8.7 AI Routing (Requesty, EU)

For textual AI processing (chat, transcript structuring, recommendations, design studio, label generator) we forward the relevant text data primarily via Requesty (Inceptron AB, EU) to EU-hosted AI models. Processing takes place exclusively on European infrastructure (AWS Frankfurt region, Germany — eu-central-1); the data does not leave the EU. The AI models currently used are models from Google (Gemini family, Google Ireland Ltd. / EU region), Mistral (Mistral AI SAS, Paris, France) and OpenAI (GPT family, via EU region) — depending on the function as the primary model or as a technical failover; all are hosted and processed EU-resident (EU region) via Requesty, the data does not leave the EU. Requesty provides Zero Data Retention (no storage of content, no training on user data) and a data processing agreement pursuant to Art. 28 GDPR (DPA, as of June 2026 — conclusion in preparation). As processing takes place within the EU, there is NO third-country transfer. The legal basis is Art. 6(1)(a) GDPR (consent).

8.8 AI Routing — Failover (OpenRouter)

As a technical failover (fallback when EU routing is unavailable) and for users with their own API key (BYOK), textual AI processing may be forwarded via OpenRouter Inc. (San Francisco, CA, USA) to sub-sub-processors. Engaged sub-sub-processors are Mistral AI (Paris, France) and Anthropic, PBC (San Francisco, CA, USA) — both reached through OpenRouter, with no direct contract by Hivekraft. A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with OpenRouter, together with Zero Data Retention (see §9.7). EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR apply for third-country transfers to the USA. The legal basis is Art. 6(1)(a) GDPR (consent).

Beyond this, personal data is not shared with third parties, sold, or used for advertising purposes. An exception exists only if we are legally obligated to do so.

9. AI-Assisted Processing

Hivekraft uses AI-assisted features to improve beekeeping management. All AI features are optional and require explicit consent. For audio transcription we use AssemblyAI (Dublin, Ireland — see §8.6); audio data is processed within the EU. For textual and multimodal AI processing (structuring, chat, recommendations, photo analysis), anonymized data is transmitted primarily via Requesty (EU, Frankfurt — see §8.7) to EU-hosted AI models (see §8.7); the data does not leave the EU (Zero Data Retention). As a technical failover, OpenRouter (OpenRouter Inc., USA — see §8.8) may be used; EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR then apply for the third-country transfer to the USA. The legal basis is Art. 6(1)(a) GDPR (consent). Consent can be revoked at any time in the settings.

9.1 Voice Input

Audio data from voice input is transmitted for transcription to AssemblyAI (Dublin, Ireland — see §8.6); this processing has been in production since May 2026 and replaces the previously self-hosted Whisper server. Audio is discarded after processing; a retention policy of 0 days has been requested from AssemblyAI. The anonymized text transcript is then forwarded for structured extraction (detection of colony references, numbers, actions) primarily via Requesty (EU, see §8.7) to EU-hosted AI models (see §8.7); as a failover, via OpenRouter (see §8.8). Original audio files are automatically deleted after successful processing (Art. 5(1)(e) GDPR, storage limitation).

9.2 AI Chat Assistant

The AI chat assistant answers beekeeping questions using your colony data as context. Data transmitted includes: your question, context data about your colonies (current inspections, treatments, harvests, location weather). Chat histories are stored in your database and removed upon account deletion.

9.3 Intelligence Engine

The Intelligence Engine computes recommendations (e.g., swarm risk, health status, treatment timing, anomalies) rule-based and statistically directly on our server in Germany. This core analysis runs without external AI services — your data does not leave the server. If you additionally enable AI-powered explanations (e.g., natural-language summaries, AI chat responses), anonymized aggregate data is transmitted for that purpose primarily via Requesty (EU, see §8.7), as a failover via OpenRouter (see §8.8) — this is optional and opt-in.

9.4 Design Studio & Brand Generator

The Design Studio can generate AI-powered beekeeper profiles, brand pages, and HTML-based brand websites. Your inputs (name, description, style preferences, color schemes) are transmitted primarily via Requesty (EU, see §8.7) to EU-hosted AI models (see §8.7); as a failover, via OpenRouter (see §8.8). Generated content is stored in your user profile. Processing only occurs when you actively use the Design Studio.

9.5 Label AI (Label Generator)

The Label Generator creates AI-generated honey labels based on your inputs (honey variety, apiary name, design style, colors). Your inputs are transmitted primarily via Requesty (EU, see §8.7) to EU-hosted AI models (see §8.7); as a failover, via OpenRouter (see §8.8). Generated label designs are stored in your user profile. Processing only occurs when you actively use the Label Generator. The legal basis is Art. 6(1)(a) GDPR (consent).

9.6 Photo Analysis

Photos of bee colonies (combs, brood nests, varroa boards) can be submitted for AI-powered analysis primarily via Requesty (EU, see §8.7) to a multimodal AI model (see §8.7); as a failover, via OpenRouter (see §8.8). Data transmitted includes: the photo binary (max. 5 MB), associated colony metadata (name, type) and the analysis prompt. On the EU path (Requesty), processing takes place within the EU — no third-country transfer; Zero Data Retention applies (see §9.7). Analysis only occurs when you actively use the photo analysis feature. Daily limits depend on the plan (Free: 5, Pro: 50, Business: 500). The legal basis is Art. 6(1)(a) GDPR (consent).

9.7 Zero Data Retention (ZDR)

Textual AI processing takes place primarily via Requesty (EU, Frankfurt) on European infrastructure — the data does not leave the EU, and Zero Data Retention applies (no storage of content, no training on your data). A data processing agreement (DPA) pursuant to Art. 28 GDPR is in place with Requesty. As a failover, and for users with their own API key, OpenRouter (USA) may be used; here too Zero Data Retention and a data processing agreement apply (header data_collection: deny). We cannot provide an absolute guarantee, as processing is handled by third-party providers. Voice input audio files are automatically deleted after successful processing (maximum 24 hours).

9.8 Web Speech API (Speech Recognition)

The voice input in the chat uses the browser's Web Speech API. Audio data is transmitted to the browser vendor (Google Chrome: Google LLC, USA; Safari: Apple Inc., USA) for speech recognition. This processing is performed by your browser, not by Hivekraft. We have no control over data processing by the browser vendor. Please refer to your browser's privacy policy.

9.10 EU AI Act — Transparency Obligation

The AI-assisted features of Hivekraft (voice input structuring, AI chat, photo analysis, design studio, label generator) fall under Art. 50 of EU Regulation 2024/1689 (EU AI Act), which becomes binding on August 2, 2026. Risk classification under the AI Act: "Limited Risk" (limited risk, transparency obligation). We mark all features involving AI visibly in the user interface (e.g., via an AI badge or notice text). AI-generated content (images, texts) is labeled as such. You can object to the use of AI features at any time — Hivekraft remains fully usable without AI features.

9.11 Voice Roundup (Long Recordings)

Longer audio recordings of up to 30 minutes (e.g., an entire inspection round of multiple colonies) are buffered via BullMQ queue on our server in Germany and asynchronously transcribed by AssemblyAI (Dublin, Ireland — see §8.6). The subsequent per-colony segmentation and structuring is performed by the AI pipeline (primarily Requesty EU, see §9.2/9.7). Original audio files are automatically deleted after processing completes (Art. 5(1)(e) GDPR). If your internet connection is unavailable, recordings are buffered locally in your browser via IndexedDB and uploaded automatically once connectivity is restored — this buffering takes place exclusively on your device.

10. External Data Sources

Hivekraft uses the following external data sources to provide weather and phenology features:

  • German Weather Service (DWD) - Weather data and Growing Degree Sum (GTS) are obtained via the Bright Sky API, which provides open DWD data. Your location coordinates (latitude, longitude) are transmitted to the API service to retrieve location-based weather data. License: GeoNutzV (Source: Deutscher Wetterdienst).
  • OpenStreetMap - Map views use OpenStreetMap tiles. When loading the map, requests are sent to OpenStreetMap tile servers. OpenStreetMap Foundation Privacy Policy.

10.X Data Sharing in Case of Bee-Disease Suspicion (Notifiable-Disease Reporting)

If a notifiable bee disease is suspected (in particular American Foulbrood / AFB, European Foulbrood / EFB), we point you, as the animal keeper, to your statutory notification duty. HiveKraft does NOT report to authorities itself — the notification must be filed by the keeper. In this context we may share personal data (holder name, address, apiary location, affected hive IDs, diagnosis timestamp, and any photo evidence) with the responsible veterinary authorities at your request. Legal basis: Art. 6(1)(c) GDPR in conjunction with national bee-disease notification duties. Recipients by country: • Germany: AFB/EFB notification duty to the responsible veterinary authority (local/municipal veterinary office) — notifiable animal disease • Austria: AFB/EFB notification duty to the responsible district administration (Bezirkshauptmannschaft or Magistrat) • Switzerland: Animal Disease Ordinance (TSV) Art. 273–279 — notification duty for AFB/EFB to the cantonal veterinarian / bee inspector The retention period for these quarantine records is 5 years after sanitation is completed (EU 2019/6 Art. 108). Beta feature — the exact legal fulfilment of the notification duty rests with the beekeeper.

11. Community Insights & TrachtNetz

Hivekraft offers aggregated community statistics. Your data is only included anonymously in these statistics. Participation is voluntary and is requested during registration (opt-in). You can change your participation at any time in the settings.

12. Usage Analytics

To ensure system stability and detect abuse, we log API accesses (endpoint called, HTTP method, status code, response time). This data is linked to your user ID and automatically deleted after 90 days. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the security of the service).

13. Web Analytics (Umami — Self-Hosted)

To improve our service, we use Umami, a privacy-friendly open-source web analytics solution, which we self-host on our own servers at Hetzner Online GmbH in Falkenstein (Germany, EU). NO third-country transfer takes place and no external data processor is involved. Umami sets no cookies (cookieless) and uses no fingerprinting. Only anonymous usage statistics are collected: page URL, time on page, referrer, anonymized user-agent (browser/OS), screen size, and approximate country of origin (via IP geolocation; the IP itself is NOT stored). A short-lived anonymous visit ID is held in the browser's localStorage, which does not allow personal identification. The script is only loaded after your explicit consent in the cookie banner — without consent, no data is collected. You may withdraw your consent at any time via the footer link 'Cookie Settings'. The legal basis is Art. 6(1)(a) GDPR (consent).

14. Storage Duration

The storage duration of your data depends on the respective processing purpose:

  • Account data (name, email, profile): until account deletion
  • Beekeeping data (colonies, inspections, harvests): until account deletion. Upon account deletion, personal data is anonymized; beekeeping data is retained in anonymized form (EU 2019/6 retention requirement).
  • Treatment records: minimum 5 years from treatment date (legal retention requirement per EU 2019/6, Art. 108)
  • Server logs: 90 days
  • JWT cookies: 30 days
  • API usage logs: 90 days

15. Data Protection Officer

The appointment of a Data Protection Officer is not required under Art. 37 GDPR. For data protection inquiries, please contact: contact@hivekraft.com

16. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) - You have the right to obtain information about your stored personal data.
  • Right to rectification (Art. 16 GDPR) - You may request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) - You may request the deletion of your data. You can delete your account at any time. Treatment records are subject to legal retention requirements (5 years, EU 2019/6) and are retained in anonymized form.
  • Right to restriction (Art. 18 GDPR) - You may request the restriction of processing.
  • Right to data portability (Art. 20 GDPR) - You can export your data in a machine-readable format (JSON export via Settings → Export data).
  • Right to object (Art. 21 GDPR) - You may object to the processing of your data.
  • Right to lodge a complaint - You have the right to lodge a complaint with a data protection supervisory authority.

17. Data Security

We use SSL/TLS encryption for data transmission. Passwords are stored hashed with bcrypt. API keys and other sensitive credentials (e.g., for the configuration of external AI providers) are stored encrypted using AES-256-GCM (Authenticated Encryption with auth tag, scrypt-based key derivation). Access to your data is protected by authentication and restricted to your user account.

18. Changes

We reserve the right to update this privacy policy to ensure it always complies with current legal requirements. The most current version applies to your visit.