SaaS Hive — Privacy Policy

Last updated: 04/01/26  ·  Effective date: 04/01/26

1. Who We Are

1.1. SaaS Hive (saashive.com) is operated by 1048035 B.C. LTD, a corporation incorporated under the laws of Ontario, Canada, with its registered office at Office #645 145 ½ Church Street, Unit 5, Toronto, Ontario, M5B 1Y4, Canada ("SaaS Hive," "we," "us," or "our").

1.2. For the purposes of applicable data protection law, SaaS Hive is the data controller responsible for your personal data collected through the platform.

1.3. If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:

#645 145 ½ Church Street, Unit 5, Toronto, Ontario, M5B 1Y4, Canada
Privacy contact email: support@saashive.com
Website: saashive.com

2. What Data We Collect

We collect different types of data depending on how you use the platform and which role you are operating in.

2.1. Data collected from all users.

(a) Account information. Name, email address, and authentication credentials (such as a hashed password) when you create an account directly with us. If you sign up using a third-party authentication provider (such as Google), we receive the name and email address associated with that account.

(b) Profile information. Any additional information you voluntarily add to your profile, such as a bio, job title, company name, profile photo, or social media links.

(c) Usage data. Information about how you interact with the platform, including pages visited, products viewed, searches performed, products saved, clicks, time spent on pages, and navigation paths.

(d) Device and technical data. IP address, browser type and version, operating system, device type, screen resolution, language preferences, referring URL, and unique device identifiers.

(e) Cookies and similar technologies. We use cookies, local storage, and similar technologies as described in Section 7.

(f) Communications. If you contact us via email or through the platform, we collect the content of your messages and any attachments.

2.2. Additional data collected from founders.

(a) Business information. Company name, product name, product description, pricing information, website URL, screenshots, demo videos, logos, founder names, and other materials submitted as part of a product listing.

(b) Payment information. If you purchase paid services, we collect billing name, billing address, and payment method details. Payment card information is processed and stored by our third-party payment processor and is not stored on our servers.

(c) Identity verification data. If you participate in identity verification (whether for profile verification, fraud investigation, or trust scoring purposes), we may collect identity documents, photographs, and the results of verification checks conducted by our third-party verification provider. We do not store copies of identity documents on our servers after verification is complete; we retain only the verification result (pass/fail), the date of verification, and a verification reference ID.

Our third-party verification provider may perform facial comparison as part of the verification process. Where facial comparison constitutes biometric data processing under applicable law (such as UK GDPR or EU GDPR), the verification provider processes this data under its own controlled verification workflow and privacy policy. SaaS Hive does not receive, store, or process raw biometric data. Where applicable law requires a specific legal basis or special-category condition for biometric processing, we ensure that such processing is covered either by your explicit consent (obtained during the verification flow) or by another lawful condition permitted under applicable data protection law. If our verification provider does not perform facial comparison for your verification, no biometric data is processed.

2.3. Additional data collected from reviewers.

(a) Review content. The text of your review, including ratings, pros, cons, "best for" descriptions, and any other structured review fields.

(b) Review metadata. The date and time of your review, your account status at the time of review, and trust-scoring signals associated with your review (described in Section 4.3).

2.4. Data collected automatically for fraud detection and platform integrity.

(a) Device fingerprinting. We collect device-level signals, including but not limited to browser configuration, installed plugins, screen properties, timezone, and hardware identifiers. These signals are used to generate a device fingerprint for the purpose of detecting fraudulent accounts, review manipulation, and coordinated platform abuse. Device fingerprinting is performed using third-party fraud detection services. Where device fingerprinting involves storage on or access to your device, we will seek consent where required by applicable local law. Certain server-side fraud detection processing may occur without consent where it is strictly necessary for platform security or where we have a legitimate interest in preventing fraud, as permitted by applicable law.

(b) Behavioral signals. We analyze patterns of activity on the platform, such as review frequency, voting patterns, account creation timing, and navigation behavior, to detect anomalies consistent with fraud or manipulation. This analysis is performed server-side and does not require storage on your device.

(c) Cross-account signals. We may use the data described in this Section to identify relationships between accounts, such as accounts operating from the same device, IP address, or household.

3. How We Use Your Data

3.1. We use the data we collect for the following purposes:

(a) Operating the platform. Creating and managing your account, displaying product listings, publishing reviews, processing searches, generating rankings, and delivering the features described in our Terms of Service.

(b) Processing payments. Billing for paid services, processing refunds, sending invoices and receipts, and managing subscriptions.

(c) Fraud detection and platform integrity. Detecting and preventing fake reviews, review manipulation, fake accounts, coordinated abuse, and other violations of our Terms of Service. This includes the use of device fingerprinting, behavioral analysis, and cross-account analysis as described in Section 2.4.

(d) Trust scoring. Calculating review trust weights based on factors including identity verification status, account maturity, review quality, community helpfulness votes, and reviewer track record. Trust scores influence how reviews are weighted in product ratings, as described in our Terms of Service. Trust scores are internal and are not displayed publicly.

(e) Identity verification. Verifying the identity and legitimacy of founders and reviewers when required for trust badges, fraud investigation, or platform integrity purposes.

(f) Communications. Sending transactional emails (account confirmations, password resets, billing receipts, policy updates), responding to your inquiries, and delivering newsletters you have subscribed to.

(g) Analytics and improvement. Understanding how users interact with the platform, identifying technical issues, measuring the effectiveness of features, and improving the platform's design, content, and functionality. We use aggregate and anonymized data for these purposes wherever possible.

(h) Editorial content. Generating AI-assisted editorial content such as "Our Verdict" sections, category roundups, and comparison pages. This content is based on aggregate product data, review data, and category positioning, not on individual user profiles.

(i) Legal compliance. Complying with applicable laws, regulations, and legal processes, including responding to lawful requests from law enforcement or regulatory authorities.

(j) Protecting rights. Enforcing our Terms of Service, protecting the rights, property, or safety of SaaS Hive, our users, or the public.

3.2. Automated Decision-Making. SaaS Hive uses automated systems to support platform integrity and moderation decisions, including trust scoring, fraud signal detection, review weighting, anomaly detection, and account risk assessment. These automated systems inform decisions that may affect review visibility, review weight, verification requirements, or account status. Automated outputs may be subject to human review where appropriate, particularly where a decision results in account suspension, review removal, or restriction of paid services. If you believe an automated decision has materially and adversely affected your account or content, you may request a human review by contacting us at support@saashive.com.

4. Legal Basis for Processing (GDPR Users)

4.1. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

(a) Contract. Processing necessary to perform our contract with you (our Terms of Service), including operating your account, managing listings, processing payments, and delivering paid services.

(b) Legitimate interests. Processing necessary for our legitimate interests, provided those interests are not overridden by your rights. This includes fraud detection and platform integrity (Section 3.1(c)), trust scoring (Section 3.1(d)), analytics and platform improvement (Section 3.1(g)), and editorial content generation (Section 3.1(h)).

(c) Consent. Processing based on your consent, including sending marketing newsletters and using non-essential cookies. You may withdraw consent at any time as described in Sections 7 and 9.

(d) Legal obligation. Processing necessary to comply with a legal obligation to which we are subject.

4.2. Where we rely on legitimate interests, we have conducted a balancing assessment to ensure that our interests do not override your fundamental rights and freedoms. You may request details of this assessment by contacting us at support@saashive.com.

5. How We Share Your Data

5.1. We do not sell your personal data. We have never sold personal data, and we have no plans to do so.

5.2. We share your data with the following categories of recipients, only to the extent necessary for the purposes described in Section 3:

(a) Payment processors. We share billing and payment information with our third-party payment processor (currently Stripe) to process transactions, manage subscriptions, and handle refunds. The payment processor acts as an independent controller of payment data under its own privacy policy.

(b) Fraud detection and identity verification providers. We share device data, behavioral signals, and, when applicable, identity verification data with third-party fraud detection and identity verification services for the purposes described in Sections 2.4 and 3.1(c)–(e).

(c) Hosting and infrastructure providers. Your data is stored and processed by our cloud hosting and infrastructure providers. These providers act as data processors under our instructions.

(d) Email service providers. We share your email address and name with our email service provider to deliver transactional emails and newsletters you have subscribed to.

(e) Analytics providers. We share anonymized or pseudonymized usage data with analytics providers to understand platform performance and user behavior.

(f) Law enforcement and regulatory authorities. We may disclose your data when required by law, in response to a valid legal process (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect the safety of platform users or the public, to prevent fraud, or to enforce our Terms of Service.

(g) Business transfers. If SaaS Hive is acquired, merged, or undergoes a substantial asset sale, your data may be transferred to the successor entity. We will notify you via email or prominent notice on the platform before your data is transferred and becomes subject to a different privacy policy.

5.3. We require service providers that act as our processors to process personal data only on our instructions and in compliance with applicable data protection law. We enter into data processing agreements with processors that handle personal data on our behalf. Where a provider acts as an independent controller, such as a payment processor for payment data, its processing is governed by its own privacy policy and legal obligations.

6. Public Content

6.1. Certain content you submit to SaaS Hive is publicly visible by design. This includes:

(a) Product listings. All information submitted as part of a product listing (product name, description, pricing, screenshots, founder name, etc.) is publicly visible on the platform and may be indexed by search engines and AI systems.

(b) Reviews. Reviews you post are publicly visible and associated with your display name and profile. Reviews may be indexed by search engines and AI systems and may be used in SaaS Hive editorial content.

(c) Profile information. Your display name, profile photo, and any optional profile details you choose to make public are visible to other users.

(d) Founder responses. Public responses to reviews are visible to all users.

6.2. Public content may be cached by search engines, AI systems, and web archives. Even if you later delete or modify your content on SaaS Hive, cached copies may persist in third-party systems beyond our control.

6.3. We recommend that you do not include personal information in public content that you would not want to be permanently accessible.

7. Cookies and Similar Technologies

7.1. We use cookies, local storage, and similar technologies for the following purposes:

(a) Essential cookies. Required for the platform to function, including session management, authentication, and security. These cannot be disabled.

(b) Functional cookies. Remember your preferences, such as language, display settings, and saved products.

(c) Analytics cookies. Help us understand how users interact with the platform, including which pages are visited, how long users spend on pages, and which features are used. Analytics data is aggregated, anonymized, or pseudonymized where appropriate and is used to understand platform performance and user behavior.

(d) Fraud detection technologies. Certain fraud prevention technologies operate at the server level as part of our security infrastructure and do not require cookie consent. Where fraud detection technologies involve storage on or access to your device beyond what is strictly necessary for security, we will seek your consent where required by applicable law. The classification of specific fraud detection technologies as "essential" or "consent-required" may vary by jurisdiction, and we apply the standard required in your location.

7.2. We do not currently use advertising or marketing cookies. If this changes in the future, we will update this policy and, where required, obtain your consent before deploying such cookies.

7.3. Cookie consent. If you are located in the EEA, UK, or another jurisdiction that requires consent for non-essential cookies, we will present you with a cookie consent mechanism before placing non-essential cookies on your device. You may withdraw your consent at any time through the cookie settings accessible on the platform.

7.4. Browser settings. You can control cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

8. Data Retention

8.1. We retain your data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.2. Specific retention periods:

(a) Active accounts. We retain your account data and associated content for as long as your account is active.

(b) Deleted accounts. When you delete your account, we will delete or anonymize your personal data within 30 days, except as noted below. Certain data may be retained for up to 90 days in backup systems before full deletion.

(c) Reviews. If you delete your account, your reviews may be retained in anonymized form (with your name and identifiable profile information removed) for the purpose of maintaining platform integrity, aggregate rating accuracy, and historical product data.

(d) Payment records. Transaction records, invoices, and related financial data are retained for a minimum of 7 years after the transaction date, as required by Canadian tax and financial reporting laws.

(e) Fraud detection data. Device fingerprints, behavioral signals, and fraud investigation records may be retained for up to 3 years after the associated account is closed or the investigation is concluded, to support ongoing platform integrity efforts and to prevent previously identified bad actors from returning.

(f) CASL consent records. Records of your consent to receive commercial electronic messages are retained for the duration of your subscription and for a minimum of 36 months after your last interaction with our emails, as described in our Terms of Service.

(g) IP complaint records. Records related to intellectual property complaints, counter-notices, and repeat infringer determinations are retained for a minimum of 3 years after resolution.

(h) Legal holds. If data is subject to a legal hold, regulatory investigation, or pending dispute, it will be retained until the matter is resolved, regardless of the retention periods described above.

9. Newsletters and Commercial Communications

9.1. SaaS Hive operates email newsletters, including the SaaS Hive platform newsletter and the Launch and Tell newsletter. We will only send you the specific newsletter(s) you subscribed to.

9.2. We comply with Canada's Anti-Spam Legislation (CASL) and applicable anti-spam laws in all jurisdictions where we operate. We maintain records of your consent as described in our Terms of Service (Section 9.4).

9.3. You may unsubscribe from any newsletter at any time using the unsubscribe link provided in each email. We will process your unsubscribe request within 10 business days.

9.4. Unsubscribing from marketing newsletters does not affect transactional communications related to your account, such as security alerts, billing confirmations, policy updates, or Founding Member Period notifications.

9.5. All commercial electronic messages from SaaS Hive identify the sender, include our physical mailing address, and provide a functioning unsubscribe mechanism, as required by CASL.

10. Your Rights

10.1. Depending on your location, you may have some or all of the following rights regarding your personal data:

(a) Right of access. You may request a copy of the personal data we hold about you.

(b) Right to correction. You may request that we correct inaccurate or incomplete personal data.

(c) Right to deletion. You may request that we delete your personal data, subject to the retention requirements described in Section 8.

(d) Right to data portability. You may request a copy of your data in a structured, commonly used, machine-readable format.

(e) Right to restrict processing. You may request that we restrict the processing of your data in certain circumstances, such as while a correction or objection request is being evaluated.

(f) Right to object. You may object to processing based on legitimate interests. If you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your rights.

(g) Right to withdraw consent. Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

10.2. How to exercise your rights. You may exercise your rights by contacting us at support@saashive.com or through the account settings in your dashboard. We will respond to your request within 30 days. If we need additional time, we will notify you within the initial 30-day period.

10.3. Verification. We may need to verify your identity before processing your request. If we cannot verify your identity, we may decline the request.

10.4. Canadian residents (PIPEDA). If you are a Canadian resident, you have the right to access and correct your personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA). You may also file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

10.5. EEA, UK, and Swiss residents (GDPR). If you are located in the EEA, UK, or Switzerland, you have the rights listed in Section 10.1 under the General Data Protection Regulation (GDPR) or equivalent local legislation. You also have the right to lodge a complaint with your local data protection authority.

10.6. California residents (CCPA/CPRA). If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

(a) Right to know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collection, and the categories of third parties with whom it was shared.

(b) Right to delete. You may request deletion of your personal information, subject to the retention requirements described in Section 8.

(c) Right to correct. You may request that we correct inaccurate personal information we hold about you.

(d) Right to opt out of sale or sharing. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising purposes. Because we do not engage in these activities, there is no need for a sale/share opt-out at this time.

(e) Right to limit use of sensitive personal information. We do not use sensitive personal information (as defined under the CPRA) for purposes beyond those permitted under the CPRA, such as providing the services you request and maintaining security and integrity of the platform.

(f) Categories of personal information collected. The categories of personal information we collect are described in detail in Section 2 and include: identifiers (name, email, IP address), commercial information (transaction and billing records), internet and electronic network activity (usage data, device data, cookies), professional or employment-related information (where provided in profiles or listings), and inferences drawn from the above (such as trust scores and fraud signals).

(g) Categories disclosed to service providers. We disclose personal information to the categories of service providers described in Section 5, including payment processors, hosting providers, email service providers, analytics providers, and fraud detection and identity verification providers. These service providers process data under contract and are not permitted to use it for their own purposes.

(h) Retention. Retention periods and criteria for each category of personal information are described in Section 8.

(i) Non-discrimination. We will not discriminate against you for exercising any of your California privacy rights.

(j) You may exercise your rights by contacting us at support@saashive.com. We will verify your identity before processing your request and will respond within 45 days, or notify you if we need additional time as permitted by law.

11. International Data Transfers

11.1. SaaS Hive is based in Canada. Your data may be processed and stored in Canada and in other countries where our service providers operate, including the United States.

11.2. Canada has been recognized by the European Commission as providing an adequate level of data protection for transfers from the EEA. For transfers to countries that have not received an adequacy determination, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data is protected.

11.3. By using SaaS Hive, you acknowledge that your data may be transferred to and processed in jurisdictions outside your country of residence, which may have different data protection laws than your jurisdiction.

12. Data Security

12.1. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

(a) Encryption of data in transit using TLS/SSL.

(b) Encryption of sensitive data at rest.

(c) Access controls that limit employee and contractor access to personal data to those who need it for their job functions.

(d) Regular security assessments and monitoring.

(e) Secure development practices for platform code.

12.2. While we take reasonable steps to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data.

12.3. If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities in accordance with applicable law.

13. Children's Privacy

13.1. SaaS Hive is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16.

13.2. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@saashive.com.

14. Third-Party Links and Services

14.1. SaaS Hive product listings may contain links to third-party websites, products, and services. We are not responsible for the privacy practices or content of these third-party sites.

14.2. When you click a link to a third-party product or website from a SaaS Hive listing, you leave our platform and are subject to that third party's privacy policy.

14.3. We encourage you to review the privacy policies of any third-party sites you visit through links on SaaS Hive.

15. AI Systems and Structured Data

15.1. SaaS Hive product pages are structured with data markup designed to be readable by AI systems (such as ChatGPT, Perplexity, Claude, Google AI Overviews, and similar platforms). This structured data includes publicly available listing information such as product name, description, category, pricing, ratings, and review summaries.

15.2. We do not share non-public personal data (such as email addresses, account credentials, payment information, or device fingerprints) with third-party public AI systems (such as ChatGPT, Perplexity, Claude, Google AI Overviews, or similar platforms) for the purpose of indexing, training, or public surfacing.

15.3. The indexing and use of publicly available SaaS Hive content by third-party AI systems is governed by those systems' own terms and practices. SaaS Hive does not control whether or how third-party AI systems use publicly available content from the platform.

15.4. SaaS Hive uses AI-assisted tools internally, and may engage contracted AI service providers acting as data processors under our instructions, for editorial content generation (such as "Our Verdict" sections), fraud detection, review quality analysis, and content moderation. These internal and contracted AI tools may process aggregate product and review data, and where fraud detection or moderation requires it, may analyze individual account behavior as described in Section 2.4. Contracted AI service providers are bound by data processing agreements and may not use your data for their own purposes, including training their own models, unless we have expressly authorized it and disclosed it in this policy.

16. Changes to This Policy

16.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or platform features.

16.2. We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Non-material changes (such as formatting or clarifications that do not alter the substance of the policy) may be made without advance notice.

16.3. The "Last updated" date at the top of this page indicates when this policy was most recently revised.

16.4. Previous versions of this Privacy Policy will be archived and accessible at saashive.com/legal.

16.5. Operational Accuracy. We are committed to ensuring that this Privacy Policy accurately reflects our actual data collection, processing, sharing, and retention practices. We review this policy periodically and when we adopt new technologies, vendors, or data processing activities that may affect the accuracy of this policy. If we identify a material discrepancy between this policy and our actual practices, we will either update this policy or adjust our practices to align with it, and we will notify affected users where required by applicable law.

17. Contact and Complaints

17.1. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

1048035 B.C. LTD.
Office #645 145 ½ Church Street, Unit 5,
Toronto, Ontario, M5B 1Y4, Canada
Privacy contact email: support@saashive.com
Website: saashive.com

17.2. Canadian residents. You may file a privacy complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

17.3. EEA, UK, and Swiss residents. You may lodge a complaint with your local data protection supervisory authority.

17.4. California residents. You may contact the California Attorney General's office at oag.ca.gov for information about your privacy rights.

17.5. We aim to respond to all privacy inquiries within 30 days.