Bee

Privacy Policy

Last updated : 5 April 2026

1.0 Introduction

MyHives is a safety, participation, and lived-experience platform. We help people move more safely, document what they experience, support one another, make their voice visible, and access rapid help when needed.

Because MyHives is built around navigation, reporting, trusted relationships, and emergency support, some of the data processed through the platform can be highly sensitive in practice. This includes live and historical location, route and destination data, safety diary entries, public and private reports, trusted-circle relationships, emergency video and audio, language preferences, AI-assisted conversations, and in some cases information that may reveal health, ethnicity, religion, sexuality, political opinions, discrimination experiences, or other special-category personal data. Under the GDPR, such data requires extra protection and, where users choose to provide it, explicit consent is often the most appropriate legal route.

This white paper adopts four foundational positions.

  • First, privacy by design. MyHives is designed so privacy protection is part of product architecture from the start, in line with Article 25 GDPR and EDPB guidance.
  • Second, user control with honest limits. Users should control private/public sharing, permissions, trusted-circle access, and many retention choices, but we do not promise impossible outcomes such as instant deletion from all backups, screenshots, caches, reposts, or third-party copies.
  • Third, high-risk processing governance. Because MyHives involves location, emergency media, public/private safety reporting, and AI-supported interpretation, we treat DPIA-level assessment as required before launch and whenever major new processing is introduced.
  • Fourth, AI must be governed. The EU AI Act is phased in, with general-purpose AI obligations already in force and transparency obligations for certain AI interactions and AI-generated content applying from 2 August 2026.

2. Who we are

For the consumer-facing MyHives service, MyHives Coöperatie U.A. acts as the primary data controller. That means MyHives Coöperatie U.A. determines the purposes and means of the core B2C processing described in this policy.

MyHives B.V. may act as an affiliated technical services company and, depending on the processing context, as a processor or subprocessor to the cooperative where it develops, hosts, secures, supports, and maintains the platform on behalf of the cooperative. In other contexts, such as corporate administration, investor relations, finance, legal claims, security investigations, or internal governance, MyHives B.V. may act as its own controller for those separate purposes. These roles must be contractually documented and reflected in internal governance.

If you need to contact us about privacy, please use:

Email: privacy@myhives.nl

Controller: MyHives Coöperatie U.A.

3. Scope of this policy

This white paper covers the MyHives consumer platform, including:

  • Nest: navigation, real-time location, destination handling, route preferences, safer route scoring, route history, and route explanations.
  • Safety Diary: private and public logging, text, photos, video, audio, categories, tags, public/private toggles, selected sharing, and AI-assisted drafting or logging.
  • Trusted Circle: invite-based support relationships, trip sharing, emergency visibility, and revocation.
  • Panic and emergency support: live location, audio/video, alarm-centre access, trusted-circle access, translation, and escalation logic.
  • myHive GPT / myHive OS: interactive AI assistance, voice conversation, contextual logging, visual understanding through camera input or smart-glasses input where enabled, emergency translation, route recommendations, and AI-assisted safety interpretation.
  • Operations and governance: support, analytics, security, integrity, abuse prevention, legal compliance, model and workflow improvement, and internal risk controls.

4. Core privacy and governance principles

MyHives is governed by the following principles.

  • Purpose limitation. We process data only for specific, explicit, and legitimate purposes.
  • Data minimisation. We collect and use the least amount of data needed for the feature you choose to use.
  • Default privacy. Private is the default for diary content unless you actively choose public or directed sharing.
  • Layered consent. High-risk permissions and high-risk sharing actions require clear user action and should not rely on hidden defaults.
  • Retention discipline. We do not keep precise location, route, emergency, or diary data longer than justified.
  • Pseudonymisation where possible. We reduce identifiability wherever functionality allows.
  • Honest transparency. We tell users plainly what is recorded, who can see it, how long it is retained, and what cannot be guaranteed after public sharing.

These principles reflect GDPR and EDPB expectations around lawful processing, data minimisation, storage limitation, security, and privacy by design.

5. Cloud, hosting, and infrastructure

MyHives may use cloud and infrastructure partners including Amazon Web Services (AWS) and related service providers. Our primary cloud hosting and storage are intended to be in the EU region in Frankfurt, Germany.

EU-region hosting is helpful from a data residency perspective, but it does not automatically eliminate international transfer analysis. Personal data may still be transferred outside the EEA if support, remote access, analytics, model operations, or vendor services involve third countries. If data is transferred outside the EEA, MyHives will use lawful transfer tools such as an adequacy decision or the European Commission's Standard Contractual Clauses, together with supplementary safeguards where required. The Commission continues to recognise SCCs as the core transfer tool for non-adequate third-country transfers.

6. What data we process

6.1 Account and profile data

We may process your name, email, phone number, profile image, login credentials, account settings, language settings, and accessibility preferences. We use this data for account creation, authentication, support, service delivery, and security.

6.2 Live location and route data

We may process your current location, origin, destination, route history, live trip progress, route preferences, turn guidance, and proximity to safety signals. We use this to provide navigation, safer route scoring, trusted-circle trip sharing, panic support, and route history features. Even where location data is not special-category data under GDPR, it remains highly sensitive in practice because it can reveal habits, home, work, visits, and vulnerability patterns.

6.3 Safety Diary data

We may process text reports, tags and categories, public/private status, photos, videos, audio, location linked to the diary entry, selected recipients, and timestamps. We use this for personal record keeping, public safety signalling, trusted-circle sharing, selected disclosures, and route/safety intelligence.

6.4 Trusted Circle data

We may process invitations, accepted or rejected membership, live trip sharing, emergency visibility, and support interactions. We use this to support user-directed safety coordination.

6.5 Panic / emergency data

We may process real-time location, live or recorded video, live or recorded audio, alarm-centre interaction logs, incident metadata, trusted-circle emergency alerts, and escalation records. We use this to provide immediate support, emergency handling, auditability, abuse prevention, and legal preservation where required.

6.6 AI interaction data

We may process user prompts, voice recordings where enabled, transcriptions, AI outputs, route queries, contextual commands, user corrections, camera-derived scene understanding where enabled, smart-glasses feeds where enabled, and tone or intonation analysis where enabled for comfort, translation, or support optimisation.

6.7 Technical, security, and support data

We may process device identifiers, app version, crash logs, IP address, abuse flags, telemetry, and support conversations. We use these for security, reliability, debugging, analytics, abuse prevention, and platform improvement.

7. Why we process your data

We process personal data for the following purposes:

  • to create and manage your account;
  • to provide Nest navigation and route guidance;
  • to power route scoring and safety scoring;
  • to let you create, store, publish, or share Safety Diary content;
  • to operate Trusted Circle features;
  • to provide Panic and emergency support;
  • to support AI-assisted logging, translation, and contextual guidance;
  • to improve security, reliability, and service quality;
  • to prevent abuse, fraud, and misuse of the platform;
  • to comply with legal obligations;
  • and, where lawful, to improve our services, models, and safety intelligence.

9. Special-category and high-risk data

MyHives recognises that user-generated content may reveal:

  • racial or ethnic origin,
  • sexuality or gender identity,
  • religion,
  • health information,
  • political views,
  • or discrimination and harassment experiences.

MyHives does not require these categories by default. If you choose to submit them, we process them only as needed for the feature you selected, with explicit consent or another valid legal basis, with enhanced access controls, and with tighter retention rules.

Emergency video or audio may also capture highly sensitive information incidentally. Where that occurs, we process it only to provide urgent support, assist communication, preserve safety, investigate abuse, or comply with law.

10. myHive GPT / myHive OS

10.1 What the AI does

myHive GPT may support users by holding conversations, helping them log a situation, translating across languages, interpreting camera or audio input where enabled, assisting with route and safety context, helping save or publish diary entries, and supporting emergency communication. The AI acts on the user's instruction. It is assistive, not authoritative.

10.2 AI transparency

We aim to tell users clearly when they are interacting with AI, when AI is drafting, translating, or interpreting content, and when AI-generated output is being shown. The EU AI Act introduces transparency obligations for certain AI interactions and AI-generated content, with Article 50 transparency obligations applying from 2 August 2026.

10.3 AI is assistive, not authoritative

myHive GPT helps users, but users remain responsible for reviewing and confirming what is saved, shared, or published, especially where content concerns other people, sensitive facts, or public allegations.

10.4 Camera and audio context

If the AI can "see" through a phone camera or connected glasses, or hear and process live audio, that should happen only when the user actively enables it. There should be a visible indicator when sensing is active.

10.5 Tone, intonation, and mimicry

MyHives may analyse voice characteristics such as pace, tone, and intonation to improve communication quality, translation clarity, urgency detection, or emotional comfort during emergency support. MyHives does not claim that it can diagnose emotional states or infer protected traits with certainty.

10.6 Model training and improvement

We separate model and workflow improvement into three categories.

  • Public content. Public diary and public safety signals may be used to improve route scoring, safety scoring, signal classification, moderation, and product intelligence.
  • Private content. Private diary entries, private media, trusted-circle content, and panic audio/video are not used for open-ended model training by default.
  • Support and emergency data. Emergency data may be used for service delivery, incident quality review, fraud prevention, security, and tightly limited workflow improvement.

10.7 AI for route and safety scoring

MyHives may use collected data, especially public and aggregated data, to improve safety scores, route scores, route recommendations, contextual warnings, and safer path prediction.

11. Public, private, and directed sharing

11.1 Private content

Private diary content and private logs are intended to be visible only to the user, authorised MyHives service teams where strictly necessary, and emergency or service providers where needed to provide the service, secure the system, investigate abuse, or comply with law.

11.2 Public content

If you choose to make content public, it may be visible to all MyHives users and, depending on the product design, to people outside the app as well. Public means public. If you publish content publicly, others may view, copy, screenshot, share, cache, or reference it.

11.3 Sharing with Trusted Circle

By accepting or participating in a Trusted Circle relationship, users acknowledge that certain information may be shared between them when the feature is activated. Each user can revoke access later, but prior access already granted cannot be undone retroactively.

11.4 Sharing with lawyers, companies, or other selected recipients

If you choose to share a report directly with a lawyer, employer, company, or another third party, that is a user-directed disclosure. Once received, that recipient may become its own controller and apply its own policies and legal obligations.

12. User responsibility and platform responsibility

Users must not upload, publish, or share:

  • intimate images of others without lawful authority,
  • private or sensitive personal data of others without a lawful basis,
  • defamatory or knowingly false allegations,
  • doxxing content,
  • or other unlawful content.

Users remain responsible for reviewing AI-assisted output before publishing or sharing it.

MyHives reserves the right to moderate, restrict, remove, preserve, or disclose content where necessary to enforce platform rules, protect people, comply with law, investigate abuse, or support legal and safety obligations.

13. Device permissions and controls

13.1 Location

Used for current-position detection, routing, turn-by-turn navigation, trip sharing, panic response, route history, and safety scoring.

13.2 Camera

Used for diary uploads, live emergency support, AI-assisted contextual understanding where enabled, and profile/media tasks chosen by the user.

13.3 Microphone

Used for diary uploads, voice AI interactions, emergency translation, and emergency communication.

13.4 Contacts

Used only for inviting and managing a Trusted Circle where the user chooses to use that feature.

13.5 Revocation

Permissions can be revoked in device settings at any time, but doing so may limit or disable certain features.

14. Retention and deletion

Retention must be practical and reflected in system design.

14.1 Account data

Retained while your account is active. We may keep a soft-deletion period of up to 30 days after account deletion to support restoration, fraud checks, or abuse review.

14.2 Live navigation location

Retained during active navigation and for a short support or debugging window after the trip, for example up to 24 hours, then deleted or reduced to minimal metadata unless linked to an emergency event.

14.3 Route history

Only the last 20 visible route entries should be shown to the user. Recommended precise-history retention in active systems is no longer than 90 days unless a shorter period is chosen.

14.4 Private diary content

Retained until the user deletes it or closes the account, subject to short temporary buffers for abuse review or restoration support, then removed from active systems and aged out from backups.

14.5 Public diary content

Retained until deleted or made private by the user. Public display should cease promptly after a privacy change or deletion, but we cannot guarantee removal from screenshots, caches, external reposts, or independent recipients.

14.6 Trusted Circle data

Retained while the relationship is active. Access revocation should take effect promptly. Limited audit logs may be retained for a reasonable security period.

14.7 Panic incident data

Default retention of up to 12 months after incident closure. Longer retention may apply for legal claims, law-enforcement preservation, fraud review, or major incident investigation.

14.8 AI interaction logs

Ordinary prompts and outputs should have a short retention window unless the user saves them. Emergency AI interactions should align to panic incident retention.

14.9 Backups

Deleted data may remain in encrypted backups until overwritten on normal disaster-recovery cycles. We do not promise instant deletion from backups.

15. Data sharing and recipients

MyHives may share personal data with:

  • service providers and processors, including AWS and other infrastructure vendors, analytics and crash services, support tools, mapping and routing providers, notification providers, moderation or security tools, and AI/model-support vendors where approved;
  • Trusted Circle members, at the user's direction;
  • alarm centres and emergency partners, when panic support is activated;
  • selected recipients such as lawyers or employers, only at the user's direction or where law requires otherwise;
  • and authorities, where required by law, emergency necessity, or lawful request.

16. International transfers

Even with primary storage in Frankfurt, transfers may occur if vendors or support teams outside the EEA access personal data. If that happens, MyHives will rely on adequacy decisions where available or SCCs plus supplementary measures where required.

17. Security posture

MyHives aims to apply security measures appropriate to the risk, including:

  • encryption in transit and at rest,
  • role-based access,
  • access logging,
  • multi-factor authentication for internal access,
  • separate environments,
  • restricted emergency-media access,
  • vendor due diligence,
  • vulnerability management,
  • and incident response.

For panic and private diary content, access should be strictly need-to-know, logged, reviewable, and internally segmented.

18. User rights

Subject to applicable law, users may have rights to:

  • access,
  • rectify,
  • erase,
  • restrict,
  • object,
  • port data where applicable,
  • and withdraw consent.

MyHives should provide:

  • in-app privacy controls where possible,
  • clear settings for public/private status,
  • deletion tools,
  • and a dedicated privacy contact.

Users may also lodge a complaint with the Dutch Data Protection Authority or another competent supervisory authority.

19. Children and age-positioning

If MyHives is offered to minors or likely to be used by minors, separate age and parental-consent analysis is required. If the platform is intended primarily for adults, this should be stated clearly in the final public policy and Terms.

20. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice by reasonable means, such as in-app notice, email, or another service communication. The updated policy becomes effective on the date stated in the policy.