HiveXP.ai

Last updated: 4 February 2026

Privacy Policy

This Privacy Policy explains how HiveXP.ai, operated by Quantum Touch Limited, collects, uses, stores, and protects your personal data when you use our platform and website.

1. Data Controller & Processor

Data Controller: When you visit hivexp.ai, create an account, or use the platform as an individual, Quantum Touch Limited (“we”, “us”, “our”) acts as the Data Controller.

Data Processor: When we provide services to your employer or organisation (“Client”), and process personal data on their behalf (e.g. employee training records, progress data, department assignments), we act as Data Processor under the terms of our Data Processing Agreement with that Client. The Client organisation remains the Data Controller for their employees’ data.

Registered Entity: Quantum Touch Limited, Company Registration Number 482832, Office 2, 12A Lower Main Street, Lucan, Dublin, K78 X5P8, Ireland.

2. What Data We Collect

2.1 Account & Profile Data

Name, email address, job title, department, company affiliation, profile photograph (if uploaded), and role within the platform. This data is collected at registration and during onboarding.

2.2 Training & Usage Data

Course completions, skill progress, assessment scores, XP earned, achievement unlocks, streak data, time spent on modules, learning path selections, and ROI entries you submit. This data is generated through your use of the platform.

2.3 AI Interaction Data

Conversations with AI tutoring features, prompts submitted to AI-powered tools, AI-generated responses, and feedback you provide on AI outputs. We process this data to deliver and improve the training experience. AI interaction data is not used to train third-party AI models.

2.4 Technical & Analytics Data

IP address, browser type and version, device information, operating system, pages visited, session duration, referring URLs, and general geographic location (country/region level). Collected via cookies and server logs.

2.5 Payment Data

If you or your organisation subscribe to a paid plan, payment is processed by Stripe. We do not store full card numbers. We retain Stripe customer IDs, subscription status, and billing history for account management.

2.6 User-Generated Content

Any custom courses, training materials, lesson content, or other content you or your organisation upload to the platform. You retain ownership of this content and are solely responsible for ensuring it does not infringe third-party rights.

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined in Article 6 of the GDPR:

  • Performance of a Contract (Art. 6(1)(b)): Processing necessary to deliver the HiveXP.ai platform and services you or your organisation have contracted for, including account management, training delivery, and support.
  • Legitimate Interests (Art. 6(1)(f)): Analytics to improve platform performance and user experience, fraud prevention, platform security, and aggregated reporting. We balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): Where required, such as for non-essential cookies, optional email communications, and marketing. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Where we are required to retain or disclose data to comply with applicable laws, regulatory requirements, or valid legal processes.

4. How We Use Your Data

  • To provide, maintain, and improve the HiveXP.ai platform and training services
  • To personalise your learning experience and recommend relevant training paths
  • To track and display your learning progress, achievements, and ROI metrics
  • To facilitate team and organisational features (leaderboards, department views, team management)
  • To power AI-driven features including AI tutoring, content generation, and adaptive learning
  • To process payments and manage subscriptions
  • To send transactional communications (account notifications, progress updates, achievement alerts)
  • To generate aggregated, anonymised analytics for platform improvement
  • To ensure platform security and prevent abuse

We do not: Use your data to make employment decisions, conduct behavioural profiling for HR purposes, sell your personal data to third parties, or use AI interaction data to train external AI models.

5. Data Sharing

We share personal data only with:

  • Your Organisation: If your account is linked to a company, authorised administrators within your organisation may access your training progress, completion data, and platform usage in accordance with their role permissions.
  • Service Providers: We use carefully selected third-party processors who process data on our behalf under Data Processing Agreements, including: Supabase (database and authentication, EU-hosted), Stripe (payment processing), Anthropic (AI capabilities via API — data is not used for model training), and Resend (transactional email).
  • Legal Requirements: Where required by law, regulation, legal process, or enforceable governmental request.

We do not sell, rent, or trade personal data to any third party for marketing or commercial purposes.

6. International Data Transfers

Our primary data infrastructure is hosted within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to service providers in the United States), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) and adequacy decisions where applicable, in compliance with Chapter V of the GDPR.

7. Data Retention

  • Active Accounts: We retain personal data for as long as your account or your organisation’s subscription remains active.
  • After Account Closure: We retain account data for up to 12 months following closure, to allow for reactivation and to comply with legal obligations. After this period, personal data is deleted or anonymised.
  • AI Interaction Data: Retained for the duration of the active subscription. Deleted or anonymised within 90 days of account closure.
  • Billing Records: Retained for up to 7 years in compliance with Irish tax and accounting requirements.
  • Aggregated/Anonymised Data: May be retained indefinitely as it no longer constitutes personal data.

8. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data, subject to legal retention obligations.
  • Right to Restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including for direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Self-Service Data Controls: You can exercise your right to data portability (download) and your right to erasure (deletion) directly from your account settings at Dashboard → Settings. These tools allow you to:

  • Download Your Data: Export a complete copy of your personal data, training history, progress records, AI interaction logs, and ROI entries in a structured, machine-readable format (JSON).
  • Delete Your Account & Data: Permanently delete your account and all associated personal data. This action is irreversible. Certain data may be retained where required by law (e.g. billing records for tax compliance).

For any rights request that cannot be completed via self-service, or if you need assistance, contact us at privacy@hivexp.ai. We will respond within 30 days.

If your account is managed by your organisation, certain requests (particularly deletion) may need to be coordinated with your employer as Data Controller, as they may have legitimate reasons to retain training records.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS) and at rest, access controls and role-based permissions, regular security assessments, and secure authentication via Supabase Auth.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children’s Data

HiveXP.ai is designed for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Supervisory Authority

If you are not satisfied with our handling of your data, you have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland’s supervisory authority:

Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. Continued use of HiveXP.ai after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related enquiries:

Quantum Touch Limited (trading as HiveXP.ai)
Office 2, 12A Lower Main Street, Lucan, Dublin, K78 X5P8, Ireland
Email: privacy@hivexp.ai