Privacy Policy

1. Introduction

HiBee ("we", "our", or "us") operates the hibee.bd website and the HiBee SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using HiBee, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Data: Name, email address, password, and company name when you register.
• Billing Data: Payment method, billing address, and transaction history processed through our payment providers.
• Content: Product catalogs, bot configuration, and custom reply templates you upload.
• Support Data: Any information you share when contacting our support team.

2.2 Information Collected via Third-Party Platforms

When you connect social accounts (Facebook, Instagram, WhatsApp, Telegram), we receive:

• Page/Account Identifiers: Page ID, page name, profile picture, and access tokens.
• Messaging Data: Messages sent and received through connected platforms so our AI can process and reply.
• User Profile Info: Sender name and profile picture from messages, as provided by each platform's API.

We do not access your personal Facebook, Instagram, or WhatsApp messages — only messages sent to your connected business pages/accounts.

2.3 Automatically Collected Information

• Log Data: IP address, browser type, pages visited, timestamps.
• Cookies: Session cookies for authentication, preference cookies, and analytics cookies.
• Device Information: Operating system, device type, and screen resolution.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the HiBee platform.
• Process and respond to customer messages on your behalf using AI and/or human agents.
• Improve and personalize the Service and improve service performance using aggregated, anonymized usage data.
• Process payments and manage subscriptions.
• Send service-related notifications (e.g., billing receipts, security alerts).
• Detect, prevent, and address technical issues and security threats.
• Comply with legal obligations.

4. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Hosting, payment processing, email delivery, and analytics providers who process data on our behalf under strict confidentiality agreements.
• Platform Partners: Meta (Facebook/Instagram/WhatsApp), Telegram, as required to deliver messaging functionality.
• Legal Requirements: If required by law, subpoena, or government request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets.

5. Data Retention

We retain your data for as long as your account is active. After account deletion:

• Account data is deleted within 30 days.
• Messaging data and conversation history are deleted within 30 days.
• Billing records may be retained for up to 7 years as required by tax and financial regulations.
• Aggregated, anonymized analytics data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit.
• Encrypted storage for sensitive data at rest.
• Role-based access control (RBAC) for team members.
• Regular security audits and vulnerability assessments.
• Secure OAuth 2.0 token management for third-party integrations.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction (including GDPR, CCPA, and similar regulations), you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data (see our Data Deletion page).
• Portability: Request transfer of your data in a machine-readable format.
• Objection: Object to processing of your data for certain purposes.
• Restrict Processing: Request limitation of data processing.

To exercise any of these rights, please contact us at privacy@hibee.bd.

8. Facebook & Meta Platform Data

When you connect Facebook, Instagram, or WhatsApp through our platform:

• We request only the permissions necessary to read and send messages on your business pages.
• We do not store Facebook user access tokens longer than necessary and refresh them securely.
• Data obtained from Meta APIs is used solely to provide the HiBee Service and is not shared with any third parties for their independent use.
• You may revoke our access at any time from your Facebook Settings → Business Integrations.
• Upon revocation or account deletion, all Meta platform data is deleted within 30 days.

Our use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies.

9. Cookies

We use the following types of cookies:

• Essential Cookies: Required for authentication and core functionality.
• Analytics Cookies: Help us understand usage patterns (e.g., Google Analytics).
• Preference Cookies: Remember your settings and preferences.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.

11. Children's Privacy

HiBee is not directed to individuals under 16. We do not knowingly collect personal information from children. If we discover that a child's data has been collected, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: