Privacy Policy

What we collect

Nothing, except a single temporary encrypted session cookie. Hivelytics has no user accounts, no database, and no server-side storage of any personally identifiable information.

The session cookie

When you connect your Beehiiv account, your API key is encrypted with AES-256-GCM using a key held only on the server. The encrypted result is placed into a single cookie named session with the following attributes:

• HttpOnly — JavaScript on the page cannot read it.
• Secure — only sent over HTTPS.
• SameSite=Strict — never sent on cross-site requests.
• Max-Age: 8 hours — the cookie expires automatically.

When you click Disconnect, or when 8 hours pass, the cookie is gone and your API key is gone with it. Closing your browser also clears the session.

Your Beehiiv data

Posts, subscriber counts, and other analytics are fetched from the Beehiiv API in real time when you load the dashboard. None of that data is stored, cached, or logged on our side.

Third parties

None. No analytics provider, no advertising network, no tag manager, no error reporter. The site is hosted on Vercel and uses Upstash Redis only to rate-limit anonymous requests by IP.

GDPR / CCPA

Because we store no personal information, there is no subject access request surface. Disconnecting deletes everything we ever held about your session. There is nothing else to delete.

Contact

Questions? Email hello@gethivelytics.com.