Privahive

Privacy Policy

Last updated: April 2025

1. Who we are

Privahive is an AI-powered privacy policy generator operated by Alexander Koch, Auf dem Loh 7, 57392 Schmallenberg, Germany.

Contact: alex@privahive.io

2. What data we collect

Generator form data

When you use the policy generator, we collect the information you enter: your website name, URL, business type, contact email address, and answers to questions about your data practices. This is used solely to generate your privacy policy and is stored in our database linked to your policy ID.

Email address (optional)

If you opt in to receive notifications about regulatory changes (GDPR, CCPA), we store your email address. This is entirely voluntary. We will only ever send you relevant policy update notifications — no marketing, no newsletters.

Payment data (paid plans)

Payments are processed by Stripe. We do not store credit card details. After a successful payment, Stripe provides us with your email address so we can send you your policy link.

Browser local storage (free plan)

For free users, we store your policy ID in your browser's local storage so you can return to your policy. This data never leaves your device and is not accessible to us.

3. How we use your data

  • To generate your privacy policy using Claude (Anthropic's AI)
  • To store your generated policy and make it accessible via its unique URL
  • To send you your policy link after a paid purchase
  • To notify you of GDPR/CCPA changes that may affect your policy (opt-in only)
  • To process payments and prevent fraud

We do not sell your data. We do not use your data for advertising.

4. Third-party service providers

Anthropic PBC (Claude API)

Your form data is sent to Anthropic's API in the US to generate the policy text. Standard Contractual Clauses (Art. 46 DSGVO) apply for EU data transfers. Privacy policy: anthropic.com/privacy

Supabase Inc.

Database and storage, hosted in EU data centers (Frankfurt). A Data Processing Agreement (DPA) is in place. Privacy policy: supabase.com/privacy

Stripe Inc.

Payment processing. Stripe handles all card data to PCI-DSS standards. Privacy policy: stripe.com/privacy

Resend Inc.

Transactional email delivery (policy links, law-change notifications). Privacy policy: resend.com/privacy

Vercel Inc.

Website hosting. Vercel may collect standard server logs (IP addresses, request timestamps). Privacy policy: vercel.com/legal/privacy-policy

5. Cookies and tracking

We do not use advertising cookies, tracking pixels, or analytics tools. The only browser storage we use is local storage on your device (free plan) to remember your policy ID. We do not track your behavior across websites.

6. Data retention

Generated policies are stored indefinitely so you can access them via their URL. To delete your policy and associated data, email alex@privahive.io with your policy ID — we will delete it within 30 days.

To unsubscribe from law-change notifications, use the unsubscribe link in any notification email, or contact us directly.

7. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you (Art. 15)
  • Rectification — request correction of inaccurate data (Art. 16)
  • Erasure — request deletion of your data (Art. 17)
  • Restriction — request that we limit how we use your data (Art. 18)
  • Portability — receive your data in a machine-readable format (Art. 20)
  • Object — object to processing based on legitimate interests (Art. 21)
  • Withdraw consent — at any time, without affecting prior processing
  • Lodge a complaint — with your national supervisory authority

The supervisory authority for Nordrhein-Westfalen is: www.ldi.nrw.de

To exercise any of these rights: alex@privahive.io. We will respond within 30 days.

8. Legal basis for processing (GDPR)

  • Generating and storing your policy — contract performance, Art. 6(1)(b)
  • Email notifications for law changes — your explicit consent, Art. 6(1)(a)
  • Payment processing — contract performance, Art. 6(1)(b)
  • Server logs (Vercel) — legitimate interests, Art. 6(1)(f)

9. International data transfers

Anthropic, Stripe, and Vercel are based in the United States. Transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) as approved by the European Commission (Art. 46 GDPR). Supabase stores data within the EU.

10. Children's privacy

Privahive is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have inadvertently done so, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time and will update the "Last updated" date above. Continued use of Privahive after changes constitutes acceptance of the updated policy.

12. Contact

Alexander Koch · Auf dem Loh 7 · 57392 Schmallenberg · Germany
alex@privahive.io