We Never Sell Your Data
Your personal information is never sold, rented, or traded to any third party — period.
Minimal Data Collection
We collect only what is strictly necessary to operate your account and process payments.
No Payment Data Stored
All card processing is handled exclusively by trusted third-party payment processors. We never see or store your card details.
Passwords Are Never Stored
We do not store passwords in any readable form. Only a secure one-way cryptographic hash is retained.
1. Introduction
Otter Hive ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, why we collect it, how it is used, and the choices available to you.
By using the Otter Hive website and services (collectively, the "Service"), you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our Service.
2. Information We Collect
2.1 Account Information
When you create an account or subscribe to Otter Hive, we collect only the minimum information required to establish and maintain your account:
- First name and last name — to personalise your account interface.
- Email address — used as your login identifier and the primary channel for account notifications, receipts, and service updates.
- Subscription status and plan type — to determine what features you have access to.
- Payment reference identifiers — transaction IDs and subscription status tokens returned by our third-party payment processor. We do not store credit/debit card numbers, CVV codes, expiry dates, or any other raw payment card data.
We do not collect your date of birth, home address, phone number, or any other personal details unless legally required to do so.
2.2 Password Storage
We do not store your password. When you set a password, it is immediately converted to a one-way cryptographic hash (using industry-standard bcrypt or Argon2) before being stored. The original password is discarded and cannot be retrieved or read by anyone — including our own staff. If you forget your password, it must be reset; it cannot be recovered.
2.3 Technical & Server Logs
Like virtually every web service, our servers automatically record certain technical information when you access the Service. This includes:
- IP address — used for security purposes including fraud detection, rate limiting, and debugging server issues.
- Browser type and version
- Operating system
- Referring URL
- Pages visited and timestamps
- HTTP status codes and error logs
Server log data is retained for a maximum of 90 days for security and diagnostic purposes, after which it is automatically purged. We do not use server logs to build advertising profiles.
2.4 Cookies & Tracking
We use a small number of strictly necessary cookies to keep you logged in and maintain your session preferences. We do not use advertising trackers, cross-site tracking pixels, or third-party analytics that profile your behaviour. For full details, see our Cookie Policy.
| Data Type | Collected? | Notes |
|---|---|---|
| First & Last Name | Yes | Account personalisation only |
| Email Address | Yes | Login ID & account communications |
| Password | Never | Only a one-way hash is stored; the password itself is never retained |
| Card Number / CVV | Never | Handled exclusively by our payment processor |
| Payment Reference / Transaction ID | Minimal | Required to verify subscription status |
| IP Address | Minimal | Server logs — retained max 90 days for security |
| Phone Number | No | Not collected |
| Home / Postal Address | No | Not collected |
| Date of Birth | No | Not collected |
| Advertising / Behavioural Tracking | Never | We do not operate or permit advertising trackers |
3. How We Use Your Information
We use the information we collect solely for the following purposes:
- Account management — creating and maintaining your account, sending password-reset emails and security notifications.
- Service delivery — providing access to AI market predictions and features corresponding to your subscription plan.
- Subscription management — verifying payment status, issuing receipts, and managing renewals or cancellations via our payment processor.
- Security & fraud prevention — using IP logs and session data to detect unauthorised access, prevent abuse, and protect other users.
- Legal compliance — retaining transaction reference data as required by applicable financial and tax regulations.
- Service communications — sending you important notices about your account, changes to these policies, or downtime notifications. You cannot opt out of these transactional messages while your account is active.
We do not use your information for advertising, behavioural profiling, or any purpose not listed above.
4. Payment Processing
All payment card processing is performed exclusively by reputable third-party payment processors. When you enter payment details on our checkout, you are communicating directly and securely with the payment processor — your card data does not pass through our servers.
We receive only a non-sensitive payment reference token (e.g., a subscription ID or transaction ID) which we store solely to verify and manage your subscription status. This token does not contain and cannot be used to reconstruct your card number, expiry date, CVV, or any other sensitive payment information.
Our payment processors have their own privacy policies governing how they handle payment data. We encourage you to review their policies when completing a purchase.
5. Data Sharing & Disclosure
We do not sell, rent, lease, or trade your personal information to any third party. Full stop.
We may share limited information only in the following strictly necessary circumstances:
- Payment processors — your email address may be shared with our payment processor solely to create and manage your billing account.
- Infrastructure providers — our hosting provider processes data on our behalf under a data processing agreement and is prohibited from using your data for any other purpose.
- Legal obligations — if we are required by law, court order, or governmental authority to disclose information, we will comply. Where legally permitted, we will notify you before doing so.
- Business transfer — in the event of a merger, acquisition, or sale of all or substantially all of our assets, your data would transfer as part of that transaction. We would notify you via email and/or a prominent notice on our website in advance, and you would have the right to delete your account beforehand.
6. Data Retention
We retain your personal information for only as long as necessary to fulfil the purposes described in this policy:
- Account data (name, email, subscription info) — retained for the duration of your active account, plus up to 30 days after account deletion to allow for accidental-deletion recovery, then permanently purged.
- Payment reference records — retained for up to 7 years as required by financial record-keeping regulations.
- Server/IP logs — retained for a maximum of 90 days, then automatically deleted.
When retention periods expire, data is permanently and irreversibly deleted from our systems and any backups on a rolling schedule.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to access — request a copy of all personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request that we delete your account and personal data ("right to be forgotten"), subject to legal retention requirements.
- Right to restriction — request that we temporarily stop processing your data while a dispute is resolved.
- Right to data portability — request your data in a structured, machine-readable format.
- Right to object — object to processing based on our legitimate interests.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
8. Security
We take the security of your information seriously and implement the following measures:
- All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
- Passwords are stored only as one-way cryptographic hashes — staff cannot read them.
- Access to the production database is restricted to authorised personnel only, via secure authenticated connections.
- We perform regular security reviews and apply security patches promptly.
- Payment card data never traverses our infrastructure — it is handled entirely by our PCI-DSS compliant payment processor.
No method of electronic transmission or storage is 100% secure. While we implement industry best practices, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you promptly as required by applicable law.
9. Children's Privacy
The Otter Hive Service is intended for adults and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:
- Sending an email to the address registered on your account, and/or
- Displaying a prominent notice on the Otter Hive website.
The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.
11. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
- Email: [email protected]
- Website: otterhive.com
We will acknowledge your request within 5 business days and respond fully within 30 days.