Privacy Policy
This Privacy Policy describes how HiveThread ("we", "us", or "our") collects, uses, and protects information when merchants and their end-customers use the HiveThread service ("the Service"). HiveThread is operated by Funsquare Pty Ltd, an Australian company based in Victoria. We are committed to handling personal information responsibly and in accordance with the Australian Privacy Act 1988 (Cth) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Who We Are
HiveThread is a unified-inbox platform that helps small businesses ("merchants") receive and reply to customer messages from Facebook Messenger, Instagram Direct Messages, SMS (via Twilio), and an embeddable webchat widget, and to monitor and reply to public reviews left on their Facebook Page and Google Business Profile, all in one shared inbox. The application is hosted at app.hivethread.io.
For privacy enquiries, contact us at [email protected].
This policy covers two groups of people:
- Merchants — the businesses (and their team members) who sign up for a HiveThread account to manage customer conversations.
- End-customers — the people who contact a merchant through Messenger, Instagram, SMS, or the merchant's website, and whose messages are routed through the Service to the merchant's inbox.
2. Information We Collect
We collect only the data necessary to operate the Service.
From merchants (when you sign up and use the app)
| Data | Purpose | Storage |
|---|---|---|
| Name, email address, hashed password | Create your account, authenticate sessions, send transactional alerts | Encrypted in transit, hashed (passwords) in our PostgreSQL database |
| Organisation name, timezone, business hours, team settings | Deliver the inbox and configure routing, notifications, and auto-responders for your team | PostgreSQL database |
| Facebook Page ID / name, Instagram Business account ID / name, Meta API access tokens | Fetch and send messages on your behalf via the Messenger and Instagram Messaging APIs once you connect these channels | Tokens encrypted at rest (AES-256-GCM) before being stored in the channel config |
| Twilio Account SID, auth token, phone number | Send and receive SMS on your behalf once you connect a Twilio sub-account | Encrypted at rest (AES-256-GCM) in the channel config |
| Google Business Profile account ID, location ID, OAuth access and refresh tokens | Read and reply to Google reviews on your behalf once you connect your Google Business Profile | Tokens encrypted at rest (AES-256-GCM) in our PostgreSQL database |
| Billing contact and payment status | Process subscription charges and comply with Australian tax and accounting obligations | Metadata in our database; payment card data is handled by our payment processor and never touches our servers |
| Server logs (IP address, user agent, request path, timestamps) | Security, debugging, abuse prevention | Application logs on Railway, retained for up to 90 days |
From end-customers (when they message a merchant)
| Data | Purpose | Storage |
|---|---|---|
| Display name and profile photo URL (from Meta, for Messenger and Instagram messages) | Show the contact in the merchant's inbox so an agent can identify the sender | PostgreSQL database (contact record) |
| Phone number (from Twilio, for SMS) | Identify the conversation and allow the merchant to reply | PostgreSQL database (contact record) |
| Platform-specific external identifiers (Meta PSID, IG-scoped ID, Twilio phone number) | Match incoming messages to the correct contact and thread | PostgreSQL database |
| Message content and attachments (text, images, media URLs) | Deliver the message to the merchant and allow them to reply | Message body in PostgreSQL; media attachments in Cloudflare R2 object storage |
| Timestamps, message status, delivery receipts | Display conversation history and delivery state | PostgreSQL database |
| Webchat visitor data (name and email if voluntarily provided, plus widget session ID) | Allow a returning visitor's conversation to be continued | PostgreSQL database |
From public reviews (when a merchant connects review monitoring)
If a merchant enables review monitoring for their Facebook Page or Google Business Profile, HiveThread reads the public reviews left on those properties so the merchant can see and reply to them in the unified inbox. The data we read is exactly the data the platforms (Meta and Google) make publicly available for that review:
| Data | Purpose | Storage |
|---|---|---|
| Reviewer display name and avatar URL (where the platform exposes it) | Show the reviewer in the merchant's reviews list | PostgreSQL database (review record) |
| Star rating (1–5) | Sort, filter, and notify on reviews by severity | PostgreSQL database |
| Review text and platform timestamp | Display the review and allow the merchant to reply | PostgreSQL database |
| Platform-specific review ID and the merchant's reply (if any) | Match the review to its source and keep our copy of the reply in sync with the platform | PostgreSQL database |
Review data is read-only from our side except for posting the merchant's reply. We do not analyse, redistribute, or aggregate review content beyond surfacing it inside the merchant's own HiveThread workspace and using it to draft AI-generated reply suggestions for that merchant.
We do not collect: browsing history outside the webchat widget, third-party tracking cookies, marketing cookies, advertising identifiers, or any data from end-customers beyond what is needed to deliver their message to the merchant.
Lawful basis
- Merchant account data (merchant login, billing, agent profiles) — contractual necessity, to provide HiveThread to the paying merchant.
- Customer messages received via Meta (Messenger, Instagram), SMS, and website chat — legitimate interest of the merchant in operating a customer service inbox, balanced against the customer's reasonable expectation that messages sent to a business will be received and read by that business.
- Data transferred to sub-processors (Resend, Cloudflare, Railway) — necessary for the performance of the service, governed by data processing agreements.
3. How We Use Your Information
We use the data we collect solely to:
- Deliver the core inbox service — store, display, and allow agents to reply to messages from Messenger, Instagram, SMS, and webchat.
- Read public reviews from connected Facebook Pages and Google Business Profiles, surface them in the merchant's review inbox, and post replies on the merchant's behalf when they choose to reply.
- Generate AI-drafted reply suggestions for messages and reviews, grounded in the merchant's own knowledge base, using Anthropic's Claude API. Reply suggestions are advisory only — a human merchant decides whether to send.
- Authenticate merchant users and maintain secure sessions (via Auth.js session cookies).
- Send transactional notifications (new-message and new-review alerts via email and web push) to merchant team members.
- Monitor service health and diagnose errors.
- Prevent abuse, spam, and security incidents.
- Comply with legal and regulatory obligations (for example, responding to lawful requests from authorities, or retaining billing records for Australian tax purposes).
We do not sell, rent, or share personal information with third parties for advertising or marketing purposes. We do not train AI models on merchant, end-customer, or review content.
4. Meta Platform Disclosures
We use Meta's Messenger Platform, Instagram Messaging API, and Pages API to receive and send messages, and to read and reply to public Page reviews, on behalf of our merchants. When a merchant connects their Facebook Page or Instagram Business account to HiveThread, we request the following permissions through Facebook Login for Business:
pages_messaging— read and reply to Messenger conversations on the connected Page.pages_manage_metadata— install the webhook subscription on the Page so HiveThread receives new-message events.pages_show_list— list the Pages the merchant administers so they can choose which one to connect.instagram_basic— discover the Instagram Business Account linked to the connected Page.instagram_manage_messages— read and reply to Instagram Direct messages on the connected Instagram Business Account.business_management— list Pages owned by a Meta Business Portfolio so business-owned Pages are connectable.pages_read_user_content— read public reviews on the connected Facebook Page so HiveThread can surface them in the merchant's review inbox.pages_manage_engagement— publish the merchant's review reply as a comment on the connected Page recommendation. Used solely to post replies on the customer's own connected Page; never used for liking, removing other users' comments, or sending private replies.
About this integration:
- We store the Meta access token encrypted at rest (AES-256-GCM), and we use it only to read and send messages, and read and reply to reviews, on behalf of the merchant.
- We receive end-customer profile data (display name, profile picture URL, platform-scoped ID) from the Meta APIs strictly for the purpose of displaying the conversation in the merchant's inbox.
- For reviews, we read the data Meta exposes publicly for that review (reviewer name and avatar where available, star rating, review text, timestamp, and any merchant reply) and store it in the merchant's HiveThread workspace for display and reply.
- We never use Meta data for advertising, profiling, training AI models, or any purpose unrelated to the merchant's own inbox and reviews surface.
- Merchants can disconnect the Meta integration at any time from the HiveThread settings. Disconnecting revokes our access token and stops new messages and reviews from being ingested. Historical messages and reviews already stored in the merchant's workspace are retained until deleted by the merchant or until the account is closed (see Section 8).
Your use of the Meta integration is also subject to Meta's own terms and privacy policy. See Meta's privacy policy at facebook.com/privacy/policy.
4A. Google Disclosures
We use the Google Business Profile API to read and reply to reviews on the merchant's Google Business Profile, on behalf of the merchant. When a merchant connects their Google Business Profile:
- We use Google's OAuth 2.0 flow with the
https://www.googleapis.com/auth/business.managescope, plus the standardopenid,email, andprofilescopes for sign-in. - We store the Google OAuth access and refresh tokens encrypted at rest (AES-256-GCM) and use them only to read and reply to reviews on the location the merchant chose during connection.
- We poll the merchant's selected location for new reviews on a schedule and write each review into the merchant's HiveThread workspace.
- Merchants can disconnect Google Business Profile at any time from the HiveThread settings. Disconnecting clears the stored tokens and stops further polling. Historical reviews already stored are retained until deleted by the merchant or until the account is closed.
HiveThread's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Twilio and SMS Disclosures
SMS messaging in HiveThread is delivered via Twilio Inc. When a merchant connects a Twilio sub-account to HiveThread, inbound and outbound SMS messages pass through Twilio's network. Twilio acts as a separate data processor and its handling of SMS data is governed by Twilio's privacy policy.
For Australian SMS, HiveThread provisions a Twilio sub-account specific to your business. Customer profiles, regulatory bundles, and number registrations live on your sub-account, not on a shared HiveThread master account. The sub-account is created at onboarding and the auth token is encrypted at rest.
Standard mobile carrier opt-out keywords (STOP, UNSUBSCRIBE, etc.) are honoured at the platform level. When an end-customer sends one of these to a HiveThread-managed number, future commercial messages from that merchant to that number are blocked by Twilio in line with carrier and regulatory requirements.
Merchants are responsible for ensuring they have a lawful basis (including, where required, prior express consent) to send SMS messages to their end-customers, in compliance with the Australian Spam Act 2003 and, for U.S. recipients, the Telephone Consumer Protection Act (TCPA).
6. Third-Party Processors (Sub-Processors)
We rely on a small number of trusted third parties to operate HiveThread. Each is bound by its own terms and privacy policy:
- Meta Platforms Ireland Ltd — Messenger Platform and Instagram Messaging API. Meta Privacy Policy
- Twilio Inc. — SMS delivery and receipt. Twilio Privacy Policy
- Railway Corp. — application hosting, managed PostgreSQL database, managed Redis cache/queue. Railway Privacy Policy
- Cloudflare, Inc. — DNS, CDN, TLS, R2 object storage (used for message media attachments), and Web Analytics on the hivethread.io marketing site (cookie-less, IP-anonymised aggregate page-view metrics). Cloudflare Privacy Policy
- Resend — transactional email (account alerts, password resets, new-message notifications). Resend Privacy Policy
- Stripe Inc. — payment processing, subscription billing, customer portal. Card data and payment-method tokens are handled by Stripe and never touch HiveThread servers. Stripe Privacy Policy
- Anthropic, PBC — Claude Haiku 4.5 API, used to generate AI message and review reply suggestions. Inbound message and review content may be sent to the Claude API for the purpose of drafting a reply suggestion. Per Anthropic's API terms, content sent via the API is not used to train Anthropic's models. Anthropic Privacy Policy
- OpenAI, OpCo, LLC — Embeddings API (
text-embedding-3-small), used to vectorise the merchant's own knowledge-base content so AI reply suggestions can retrieve the most relevant context. Only the merchant's knowledge-base entries are sent to OpenAI for embedding; end-customer messages and review content are not sent to OpenAI. Per OpenAI's API terms, data sent via the API is not used to train OpenAI's models. OpenAI Privacy Policy - Google LLC — Google Business Profile API, used to read and reply to reviews on a merchant's Google Business Profile location once connected. Google Privacy Policy
- Functional Software, Inc. (Sentry) — error monitoring and performance tracking. Stack traces, request paths, user IDs, and limited diagnostic context are sent to Sentry when an error occurs, so we can debug and prevent recurrence. We do not deliberately send message content, review content, or end-customer personal data to Sentry. Sentry Privacy Policy
The hivethread.io marketing site uses Cloudflare Web Analytics, a cookie-less, privacy-preserving page-view tool that records aggregate URL paths, referrer hostnames, and visitor country (derived from IP, which is then discarded). It does not set tracking cookies, does not identify individual visitors, and does not build advertising profiles. We do not use any other analytics, advertising, tag-management, or session-replay services. The HiveThread application itself (app.hivethread.io) does not include this beacon.
7. For customers messaging a HiveThread-powered business
If you send a message to a business via Facebook Messenger, Instagram DM, SMS, or the business's website chat widget, your message content, display name, and profile picture (where provided by the source platform) are shared with HiveThread by the underlying platform so the business can receive and respond to your message. HiveThread stores this information only to display the conversation to the business's agents and enable them to reply.
You can request access to or deletion of your data by contacting the business you messaged directly, or by contacting HiveThread using the contact details in this policy. Meta, Twilio, and other underlying platforms remain responsible for their own data handling — please see their respective privacy policies for how they process your data before it reaches HiveThread.
8. Data Retention
- Messages, contacts, and conversation history are retained for the lifetime of the merchant's account. When a merchant deletes their account, all conversation data is permanently deleted within 30 days.
- Media attachments in Cloudflare R2 follow the same lifecycle as the parent message: deleted within 30 days of account deletion.
- Application server logs are retained for up to 90 days, then deleted.
- Billing and tax records are retained for 7 years as required by Australian taxation law.
- Stripe customer record and payment-method tokens are deleted from HiveThread within 30 days of account deletion. Invoice records held by Stripe itself are retained per Stripe's terms.
- Backups may temporarily contain deleted data for up to 30 additional days before they themselves roll off.
A merchant may request earlier deletion at any time by contacting [email protected].
9. Data Security
We use industry-standard safeguards:
- All traffic to and from HiveThread is encrypted in transit using TLS.
- Passwords are hashed using a modern password-hashing algorithm (never stored in plain text).
- Third-party credentials — Meta access tokens, Twilio auth tokens — are encrypted at rest using AES-256-GCM before being written to the database.
- Access to production infrastructure is restricted to authorised Funsquare personnel and protected by strong authentication.
- The database is hosted on managed infrastructure with automated backups and encryption at rest.
No system is perfectly secure. In the event of a data breach affecting personal information, we will notify affected parties and the Office of the Australian Information Commissioner (OAIC) in line with the Notifiable Data Breaches scheme under the Australian Privacy Act.
10. Your Rights
Depending on where you are located, you may have some or all of the following rights in relation to the personal information we hold about you:
- Access — request a copy of the personal information we hold about you.
- Correction — ask us to correct inaccurate or incomplete data.
- Deletion — ask us to delete personal data we hold about you, subject to legal retention obligations.
- Data portability — receive your data in a machine-readable format.
- Objection — object to certain types of processing.
- Complaint — lodge a complaint with a supervisory authority.
These rights are available under the Australian Privacy Act (Australian Privacy Principles 12 and 13) and, where applicable, the EU GDPR (Articles 15–20).
To exercise any of these rights, contact [email protected]. We will respond within 30 days. In most cases, end-customers who want their data deleted should first contact the merchant they messaged — the merchant controls the inbox data. We will assist merchants in actioning those requests.
You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, or with your relevant EU data protection authority.
11. Cookies
The HiveThread application uses only session cookies required to keep merchants signed in (via Auth.js). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The embeddable webchat widget stores a local session identifier in the visitor's browser so that a returning visitor can continue their conversation; it does not set any tracking cookies.
12. Children's Privacy
HiveThread is a business tool and is not directed at children. Merchant accounts require users to be at least 18 years old. We do not knowingly collect personal information from children under 13. End-customers who message a merchant through one of the supported channels are presumed to be in compliance with the age requirements of the underlying platform (Meta, Twilio, or the merchant's own website).
13. International Transfers
HiveThread is operated from Australia, and our primary infrastructure is provided by Railway and Cloudflare, which operate globally distributed data centres. Personal data may be processed in the United States and other jurisdictions in which our sub-processors operate, including Stripe (US) for payment processing, Anthropic (US) for AI suggestion generation, OpenAI (US) for knowledge-base embeddings, Google (US) for Business Profile API access, Sentry (US) for error monitoring, and Resend (US) for transactional email. We rely on the safeguards provided by each sub-processor (including standard contractual clauses where applicable) to protect personal data during international transfers.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of material changes by email or through the app. The "Last updated" date at the top of this page will reflect the most recent change. Continued use of the Service after an update means you accept the revised policy.
15. Contact Us
For any privacy-related questions, data requests, or concerns, please contact:
HiveThread (Funsquare Pty Ltd)
Email: [email protected]
Based in Victoria, Australia