Privacy Policy

Last Updated: January 14, 2026

At HiveSpace, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our GitLab Runner Dashboard service.

            🔒 Core Privacy Principle: Your GitLab Personal Access Tokens (PATs) and repository data never leave your machine. They are stored locally in your browser and used only to communicate directly with your GitLab instance.
        

1. Information We Collect

1.1 Information You Provide Directly

Data Type	Examples	Purpose
Account Information	Email address, organization name	Account creation, authentication, communication
Waitlist Signup Data	GitLab setup type, team size, pain points	Prioritize beta access, understand user needs
Settings Preferences	Demo mode toggle, onboarding tour status	Personalize your experience
Bug Reports	Error logs, screenshots (optional), description	Debug issues, improve service quality

1.2 Information Collected Automatically

Data Type	Examples	Purpose
Usage Analytics	Page views, feature usage, session duration	Improve product, understand feature adoption
Technical Data	Browser type, device, IP address, timestamp	Security monitoring, error diagnostics
Performance Metrics	Load times, API response times, error rates	Optimize performance, identify bottlenecks

1.3 Information We DO NOT Collect

            We explicitly DO NOT collect or store:
            GitLab Personal Access Tokens (PATs) - Stored only in your browser's localStorage
Repository code or files - Never accessed or transmitted
CI/CD pipeline configurations (.gitlab-ci.yml) - Processed client-side only
Job logs or build artifacts - Fetched directly from GitLab, not stored
GitLab project metadata - Only accessed client-side for display

        

2. How We Use Your Information

2.1 Primary Uses

Provide the Service: Authenticate users, store preferences, deliver dashboard features
Communicate with You: Send beta access tokens, product updates, and respond to inquiries
Improve the Service: Analyze usage patterns, prioritize features, fix bugs
Security and Fraud Prevention: Detect and prevent unauthorized access or abuse

2.2 Legal Bases for Processing (GDPR)

We process your data based on:

Contractual necessity: To provide the Service you signed up for
Legitimate interests: Improve our product, prevent fraud, ensure security
Consent: For optional features like bug reporting with screenshots
Legal obligations: Comply with applicable laws and regulations

3. How GitLab Integration Works (Client-Side Only)

HiveSpace operates as a fully client-side application when interacting with GitLab:

You enter your GitLab URL and Personal Access Token in the dashboard settings
This data is stored in your browser's localStorage - it never leaves your machine
JavaScript running in your browser makes API calls directly to your GitLab instance
GitLab responses (runner status, job data, logs) are displayed in your browser only
HiveSpace backend servers never see or store your GitLab token or data

            Technical verification: You can inspect the source code or use browser DevTools to confirm that GitLab tokens are only used in client-side fetch() calls directly to your GitLab server. Our backend API at 80fzdjs5bi.execute-api.ca-central-1.amazonaws.com only receives your HiveSpace beta access token (starting with "HSA_"), never your GitLab PAT.
        

4. Analytics and Tracking

We use analytics tools to understand how users interact with HiveSpace:

4.1 What We Track

Page views and navigation paths
Feature usage (e.g., "User clicked 'View Stuck Jobs'")
Session duration and frequency of use
Error messages and performance metrics

4.2 Analytics Providers

We may use third-party analytics services such as:

Google Analytics (with IP anonymization enabled)
PostHog (open-source, self-hosted option available)
Plausible Analytics (privacy-focused, GDPR-compliant)

These services may use cookies or similar tracking technologies. You can opt out via browser settings or extensions like uBlock Origin.

5. Bug Reporting and Screenshots

HiveSpace includes a "Report a Bug" button for users to submit feedback:

5.1 What's Included in Bug Reports

Mandatory: Error message, browser type, timestamp, URL where error occurred
Optional: Screenshot (requires your explicit consent via browser permission)
Optional: Additional description you provide

5.2 Screenshot Privacy

Screenshots are only captured if you grant permission
You can review screenshots before submitting
We automatically blur sensitive areas (e.g., tokens in settings) where possible
Screenshots are stored temporarily (30 days) for debugging, then permanently deleted

5.3 Your Control

You can always:

Decline browser screenshot permission
Submit bug reports without screenshots
Edit or redact screenshots before submission

6. Data Storage and Security

6.1 Where We Store Data

User accounts and settings: AWS DynamoDB (ca-central-1 region, Canada)
Bug reports: AWS S3 with 30-day lifecycle policy
Analytics: Third-party analytics provider servers (EU/US)
GitLab credentials: Your browser's localStorage only (never uploaded)

6.2 Security Measures

Encryption in transit: All API calls use HTTPS/TLS 1.2+
Encryption at rest: DynamoDB tables encrypted with AWS KMS
Access controls: Least-privilege IAM policies, multi-factor authentication for admins
Regular audits: Automated security scanning and dependency updates
No plaintext secrets: Admin passwords stored in AWS Secrets Manager

6.3 Data Retention

Data Type	Retention Period
Account information	Until account deletion + 30 days
Usage analytics	24 months (aggregated data retained indefinitely)
Bug reports (with screenshots)	30 days after resolution
Email communications	12 months
GitLab tokens	Until you clear browser data (never on our servers)

7. Data Sharing and Third Parties

7.1 We Share Data With

AWS (Amazon Web Services): Cloud infrastructure provider (DynamoDB, Lambda, S3, SES)
Analytics providers: To track usage and improve the product
Email service (AWS SES): To send beta access tokens and notifications

7.2 We DO NOT Sell or Rent Your Data

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

7.3 Legal Disclosures

We may disclose your information if required by law, such as:

In response to a valid subpoena or court order
To comply with national security or law enforcement requests
To protect the rights, property, or safety of HiveSpace, our users, or the public

8. Your Privacy Rights

8.1 Rights for All Users

Access: Request a copy of your data
Correction: Update inaccurate information
Deletion: Request account and data deletion (subject to legal retention requirements)
Opt-out: Unsubscribe from marketing emails (beta updates will still be sent)

8.2 Additional Rights (GDPR - EU Users)

Data portability: Receive your data in a machine-readable format
Restriction of processing: Limit how we use your data
Object to processing: Object to data processing based on legitimate interests
Withdraw consent: Revoke consent for optional data collection (e.g., analytics)

8.3 How to Exercise Your Rights

Email us at legal@hivespace.io with your request. We will respond within 30 days.

9. Cookies and Tracking Technologies

9.1 Cookies We Use

Cookie Type	Purpose	Duration
Essential	Session authentication, security	Session or 30 days
Analytics	Track usage, improve product	24 months
Preferences	Remember your settings (dark mode, etc.)	12 months

9.2 Managing Cookies

You can control cookies through:

Browser settings (clear cookies, block third-party cookies)
Browser extensions (Privacy Badger, uBlock Origin)
Opt-out links provided by analytics services

Note: Disabling essential cookies may prevent the Service from functioning properly.

10. Children's Privacy

HiveSpace is not intended for users under 18 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact legal@hivespace.io and we will delete it promptly.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including:

Canada: Primary data storage (AWS ca-central-1 region)
United States: Analytics providers, email delivery
European Union: Analytics providers (if using EU-based services)

We ensure adequate protections through:

AWS Standard Contractual Clauses (SCCs)
GDPR-compliant third-party processors
Encryption in transit and at rest

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email.

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

For privacy-related questions, concerns, or requests:

Email: legal@hivespace.io
Subject line: "Privacy Inquiry"
General inquiries: hello@hivespace.io

We will respond to all requests within 30 days.

Your trust is important to us. If you have any questions about how we handle your data, please don't hesitate to reach out.