← Back to Hivemind

Privacy Policy

Effective: May 13, 2026

1. Introduction

Hivemind Inc. ("Hivemind," "we," "us," or "our") operates the Hivemind investment intelligence platform at hivemind.inc (the "Service"). This Privacy Policy describes the information we collect, how we use and protect it, and the choices you have regarding your information.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, our authentication provider (Clerk) collects your email address, name, and authentication credentials. We receive a unique user identifier from Clerk that we use to associate your data with your account.

Financial Account Data

If you connect a brokerage or investment account, we use Plaid Inc. to securely access information from your financial institution. Through Plaid, we receive:

  • Account information — account type (brokerage, IRA, 401(k), etc.), account names, account numbers (masked to last 4 digits), and current balances.
  • Holdings — the securities you hold (tickers, CUSIPs, ISINs), quantities, market values, and cost basis where reported by your institution.
  • Investment transactions — up to 24 months of transaction history (buys, sells, dividends, interest, fees, transfers).
  • Access tokens — long-lived credentials issued by Plaid that allow us to refresh your data on your behalf. These are stored encrypted at rest (see Section 5).

We do not receive your banking credentials (username, password, MFA codes). Plaid handles authentication directly with your institution. Plaid's use of your information is governed by its own End User Privacy Policy.

Access is read-only. Hivemind cannot initiate trades, transfers, or any other transactions on your accounts.

Portfolio and Preference Data

If you build a portfolio manually (instead of or in addition to connecting via Plaid), we store the tickers, weights, and any display preferences you set.

Usage Data

We collect anonymized analytics about how you interact with the Service (pages visited, features used, errors encountered) via Google Analytics and PostHog. This data is aggregated and does not include your financial account contents.

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate personalized intelligence about your portfolio (institutional ownership context, supply-chain exposure, news signals)
  • Sync your latest holdings and transactions from connected institutions
  • Communicate with you about your account, updates, and security
  • Detect and prevent fraud or unauthorized access
  • Comply with legal obligations

We do not sell your personal information or financial account data to third parties.

4. Third-Party Services

We rely on the following third-party services to deliver the Service. Each operates under its own privacy policy:

  • Plaid — financial account connectivity (End User Privacy Policy)
  • Clerk — user authentication
  • Google Cloud Platform — hosting, databases, key management
  • OpenAI — language model used to generate brief narratives. We send only aggregated portfolio metadata and article text, never raw financial account data, account numbers, or access tokens.
  • Google Analytics & PostHog — product analytics

5. Data Storage and Security

Your data is stored in Google Cloud Platform infrastructure located in the United States.

Encryption at rest: Plaid access tokens are encrypted using KMS envelope encryption — a per-record data encryption key (AES-256-GCM) encrypts the token, and that key is itself encrypted by a hardware-backed key managed by Google Cloud KMS. Decryption requires authorized service-account credentials, and every decryption is audit-logged.

Encryption in transit: All communication between your browser, our servers, and third-party services occurs over HTTPS (TLS 1.2 or higher).

We restrict access to your information to employees and contractors who need it to operate the Service, and we maintain administrative, technical, and physical safeguards consistent with industry standards.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account info: retained until you delete your account.
  • Financial account data (holdings, transactions, access tokens): retained until you disconnect the institution or delete your account, whichever comes first.
  • Aggregated analytics: retained indefinitely in anonymized form.
  • Webhook audit logs (records of automated data updates from Plaid): retained for operational and security purposes.

We may retain certain information longer when required by law, for fraud prevention, or to enforce our Terms of Service.

7. Your Rights and Choices

Disconnecting a Financial Account

You can disconnect any connected institution at any time from your Settings. When you disconnect:

  • We call Plaid's /item/remove endpoint to terminate access on Plaid's side.
  • Your access token is invalidated and removed from our database.
  • All associated holdings, transactions, and account records are deleted (cascade delete via foreign-key constraints).

Deleting Your Account

You can delete your Hivemind account at any time. Account deletion triggers /item/remove for every connected institution and removes your portfolio, preferences, and cached briefs. Audit-log entries may be retained in de-identified form for security and compliance.

Access, Correction, and Portability

You may request a copy of the information we hold about you, or ask us to correct or delete specific information, by emailing team@hivemind.inc. We respond to verified requests within 30 days.

Revoking Plaid Access

In addition to disconnecting through Hivemind, you can revoke Plaid's access to your financial institution directly via Plaid's consumer portal at my.plaid.com.

8. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

9. International Users

The Service is operated in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective" date at the top of this page and, for material changes, notify you by email or through the Service.

11. Contact Us

Questions about this Privacy Policy or our privacy practices? Email us at team@hivemind.inc.