Privacy Policy

RoastHive ("we", "us", or "our") operates the website at https://roasthive.com and the RoastHive platform (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2.1 Information you provide to us

• Account information — name, email address, and password when you register.
• Payment information — billing name, billing address, and payment card details. Card numbers are processed directly by our payment processor (Stripe) and are never stored on our servers.
• Communications — messages you send us via email or support channels.
• Uploaded content — static files (HTML, CSS, JavaScript, images, etc.) that you upload to deploy websites through the Service.

2.2 Information we collect automatically

• Log data — IP address, browser type and version, pages visited, referring URL, date and time of requests, and HTTP status codes.
• Usage data — features used, deploy frequency, and other interaction data within the dashboard.
• Device information — operating system, device type, and screen resolution.
• Cookies and similar technologies — see Section 8 for details.

2.3 Information from third parties

If you sign in via a third-party OAuth provider (e.g. GitHub, Google), we receive your name, email address, and profile picture as permitted by your settings with that provider.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and send related billing confirmations.
• Create and manage your account.
• Respond to support requests and communications.
• Send transactional emails (e.g. deploy notifications, password resets).
• Send product updates and promotional emails — you may opt out at any time.
• Monitor and analyze usage to improve the Service and fix bugs.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations.

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

• Performance of a contract — to provide the Service you have signed up for.
• Legitimate interests — to improve the Service, prevent fraud, and ensure security, where those interests are not overridden by your rights.
• Consent — for marketing emails and non-essential cookies. You may withdraw consent at any time.
• Legal obligation — where we are required to process data to comply with applicable law.

We do not sell your personal information. We may share it only in the following circumstances:

• Service providers — trusted third-party vendors who assist us in operating the Service (e.g. cloud infrastructure, analytics). These parties are contractually bound to use your data only on our behalf and in accordance with this policy.
• Stripe (payment processing) — we use Stripe to process payments. When you make a purchase, your payment card details are transmitted directly to Stripe and are never stored on our servers. Stripe may collect and process personal data as an independent data controller in accordance with its own Privacy Policy.
• Resend (transactional email) — we use Resend to deliver transactional emails such as account confirmations, deploy notifications, and password resets. Your email address and the content of those emails are transmitted to Resend for delivery. Resend may process personal data in accordance with its own Privacy Policy.
• Business transfers — if RoastHive is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
• Legal requirements — if required to do so by law or in response to a valid legal process (e.g. subpoena, court order), or to protect the rights, property, or safety of RoastHive, our users, or others.
• With your consent — for any other purpose with your explicit consent.

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we delete or anonymize your personal data within 90 days, except where we are required to retain it longer by law (e.g. for tax or accounting purposes).

Uploaded content and deployed sites are deleted immediately upon your request or upon account closure.

We implement industry-standard technical and organizational measures to protect your information, including TLS encryption in transit, encryption at rest, access controls, and regular security reviews.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

We use the following categories of cookies:

• Strictly necessary — required for the Service to function (e.g. authentication session tokens). These cannot be disabled.
• Functional — remember your preferences such as theme or language.
• Analytics — help us understand how visitors use the Service so we can improve it. We use privacy-friendly analytics that do not track you across third-party websites.

You can control non-essential cookies through your browser settings or our cookie consent banner.

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal data.
• Restriction — request that we restrict processing of your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

California residents may also have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt out of the sale of personal information (we do not sell personal information).

To exercise any of these rights, contact us at privacy@roasthive.com. We will respond within 30 days.

Your data may be processed in countries outside your own, including the United States, where data protection laws may differ. Where we transfer data from the EEA or UK to countries without an adequacy decision, we use Standard Contractual Clauses or other approved safeguards.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and by posting the updated policy on this page with a revised effective date. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you are located in the EEA and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority.