1. Introduction
Hivemanager Inc. ("Hivemanager.io," "we," "us") is committed to protecting the personal information of our users and their clients. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have.
This policy covers two distinct contexts:
- Clinic operators and staff ("Subscribers") who use Hivemanager.io to run their practice — we are the controller of your account information.
- Clinic clients and patients whose personal and health information is stored in the platform by Subscribers — in this case we act as a data processor on behalf of the Subscriber, who is the controller of that information.
If you are a clinic client whose information is held by a Subscriber, please direct privacy requests to the clinic directly. We will assist the clinic in responding as required.
2. Who We Are
Hivemanager Inc. is a Canadian corporation based in Edmonton, Alberta. The Hivemanager.io platform is a cloud-based practice management system designed for massage therapy clinics and related health and wellness businesses.
Our Privacy Officer can be reached at privacy@hivemanager.io.
3. What We Collect
Account and subscriber information
When you sign up, we collect your name, email address, business name, billing address, and payment information (processed securely by Stripe — we do not store full card numbers). We also collect your subscription plan details and correspondence with our support team.
Client and patient information
When Subscribers use the platform to manage their clients, we store the information entered by the Subscriber on behalf of their clinic. This may include:
- Contact information: name, email, phone, address, date of birth
- Health information: intake forms, health history, injuries, conditions, treatment notes (SOAP notes)
- Financial information: payment history, health benefits provider, benefits account number
- Appointment and booking history
This data is controlled by the Subscriber (the clinic). We process it only as instructed by the Subscriber and as required to provide the platform.
Usage and technical data
We automatically collect certain information when you use the platform: IP address, browser type, device type, operating system, pages visited, session duration, and error logs. This information is used to maintain and improve the service.
Marketing and lead data
If you submit a form on our website (e.g., contact form, demo request, lead magnet), we collect the information you provide — typically name and email address. This data is used to respond to your inquiry and, with your consent, to send relevant product updates and educational content.
4. How We Use Your Information
To provide the service
We use subscriber and client information to operate, maintain, and support the Hivemanager.io platform — including processing appointments, payments, reminders, and records on behalf of Subscribers.
To communicate with you
We use your contact information to send transactional messages (receipts, security alerts, service updates) and, where you have opted in, product news, tips, and educational content. You can unsubscribe from marketing emails at any time using the link in any email.
To improve the service
We use aggregated, anonymized usage data to understand how the platform is used, identify problems, and prioritize improvements. This data cannot be linked to individual users.
To comply with legal obligations
We may process and retain personal information as required by applicable law, including Alberta's Health Information Act, PIPEDA, and applicable financial regulations.
We do not sell personal information
We do not sell, rent, or trade personal information to third parties for their own marketing purposes.
5. Third-Party Processors
We share personal information with a limited set of third-party service providers that help us deliver the platform. These providers may only use your data as directed by us and are bound by data processing agreements.
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing and billing | USA (SCCs in place) |
| Google Cloud | Cloud infrastructure and data hosting | Canada / USA |
| Google Analytics / GTM | Website analytics and tag management | USA |
| Brevo (formerly Sendinblue) | Transactional and marketing email delivery | EU / USA |
| Meta (Facebook Pixel) | Website analytics and ad performance measurement | USA |
| Rewardful | Partner / affiliate program tracking | USA |
We may add or change service providers from time to time. Material changes will be reflected in an updated version of this policy.
Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal information may be transferred to the acquiring entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
Legal disclosures
We may disclose personal information to government authorities, courts, or law enforcement when required by law, or when we believe disclosure is necessary to protect the safety of our users or the public.
6. International Data Transfers
Some of our third-party providers store and process data in the United States or other jurisdictions outside Canada. Data transferred to the USA may be subject to access by US government agencies under US law. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect information transferred internationally.
Our primary data hosting is on Google Cloud infrastructure in Canada where available.
7. How Long We Keep Your Information
We retain personal information for as long as necessary to provide the service, fulfill the purposes described in this policy, and comply with legal obligations.
- Active subscriber accounts: Retained for the duration of the subscription plus a reasonable period thereafter to allow for account recovery.
- Cancelled accounts: Account data and client records are retained for up to 90 days after cancellation, then securely deleted, unless longer retention is required by law.
- Financial records: Retained for a minimum of 7 years to satisfy accounting and tax obligations.
- Marketing contacts: Retained until you unsubscribe or request deletion.
When we act as a data processor for a Subscriber, we retain data in accordance with the Subscriber's instructions and applicable law.
8. Consent
Where required by law, we obtain your consent before collecting, using, or disclosing your personal information. Consent may be express (a checked box, a signed form) or implied by your actions (for example, submitting a contact form implies consent to us responding by email).
You may withdraw consent at any time by contacting us at privacy@hivemanager.io, subject to legal or contractual restrictions. Withdrawal of consent may limit our ability to provide the service.
Where we process your personal information as a data processor on behalf of a Subscriber (clinic), consent is managed by that Subscriber. You will need to contact the clinic to exercise consent rights related to their use of your data.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your personal information, subject to legal retention requirements
- Withdraw consent to processing where consent is the legal basis
- Data portability — receive a copy of your data in a structured, machine-readable format
- Object to certain processing activities, including direct marketing
To exercise any of these rights, contact us at privacy@hivemanager.io. We will respond within 30 days. In some cases we may need to verify your identity before processing a request.
If you are a clinic client, please direct your request to the clinic (Subscriber) who holds your records. They are the controller of that data and are responsible for responding.
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Information and Privacy Commissioner of Alberta.
11. Security
We implement administrative, physical, and technical safeguards appropriate to the sensitivity of personal and health information. These include encrypted data transmission (TLS), encrypted data storage, access controls, and regular security reviews.
No method of transmission over the internet is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
In the event of a security incident that affects your personal information, we will notify you in accordance with applicable breach notification requirements.
12. Children
The Hivemanager.io platform is intended for use by business operators and health practitioners. We do not knowingly collect personal information from individuals under the age of 16 through our marketing website. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
Clinics using the platform to manage appointments for minor clients are responsible for ensuring they have appropriate consent from a parent or guardian as required by applicable law.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The updated policy will be posted at this URL with a revised "last updated" date. We will notify active Subscribers of material changes by email at least 30 days before they take effect. Your continued use of the service after the effective date of a change constitutes acceptance of the updated policy.
14. Contact
For questions, access requests, complaints, or to exercise any privacy right, contact our Privacy Officer:
Hivemanager Inc. — Privacy Officer9940 67th Ave NW
Edmonton, Alberta, Canada T6E 0P5
privacy@hivemanager.io
We will acknowledge your request within 5 business days and respond fully within 30 days.