Get Started

Privacy Policy

Last Updated: November 13, 2024 | Effective Date: November 13, 2024

Overview

StickyHive ("we," "our," or "us") is a comprehensive community management platform that includes a Chrome extension designed to enhance community management on platforms like Skool, Circle, and Mighty Networks with AI-powered features. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our platform, services, and Chrome extension.

By installing and using StickyHive, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Authentication Information

What We Collect:

  • Platform Authentication Tokens: We capture session cookies, CSRF tokens, and authentication tokens from the community platforms you visit (Skool, Circle, Mighty Networks) to enable backend API access on your behalf
  • StickyHive Account: When you log in via our website (stickyhive.ai), we receive:
    • Access and refresh tokens (for authentication)
    • User ID (anonymous identifier)

Important: The extension does NOT collect your email address or password. All login happens on our website (stickyhive.ai), and the extension only receives anonymous authentication tokens.

1.2 Personal Communications & Website Content

To provide our community management features, we collect and process content from your designated community platforms:

  • Post Content: Post titles, text content, post URLs, post IDs, timestamps, engagement metrics (like counts, comment counts)
  • Comments & Messages: Comment text, reply threads, timestamps
  • Author Information (Anonymized): Author names are automatically pseudonymized to "First Name + Last Initial" (e.g., "John D.") before being sent to our backend. We do NOT collect full names, email addresses, or other personally identifiable information about post authors
  • Community Metadata: Community/group names, community IDs, space IDs, platform-specific identifiers

Privacy Protection:

  • Profile pictures are NOT collected
  • Author names are anonymized to "First Name + Last Initial"
  • We only collect content from your explicitly designated community

1.3 User Activity Data

Network Monitoring & API Interception:

The extension monitors network activity ONLY within your designated community platforms to provide faster content loading and caching:

  • API Requests: We intercept GET requests to platform APIs (Skool, Circle, Mighty Networks) to cache post and comment data locally in your browser
  • HTTP Requests/Responses: Content of API responses is stored in browser sessionStorage
  • URLs/Domains: API endpoint URLs accessed within community platforms
  • Browser Storage: Session cookies and authentication tokens from community platforms

Click & Navigation Monitoring:

  • Click Events: Document-wide click listener detects navigation within community platforms (used to update extension UI when you navigate between pages)
  • Scroll Events: Passive scroll listener for viewport-based content loading optimization
  • Page Navigation: URL changes within your community platform

Limited Use Commitment:

  • User activity data is used ONLY for user-facing features (Review Dashboard, post caching, navigation detection)
  • We do NOT use activity data for advertising, analytics, or behavioral tracking
  • We do NOT track mouse position, keystroke logging, or general web browsing
  • Click/scroll/navigation data is processed locally and NOT sent to our backend

1.4 Technical Data

  • Extension Data: Extension version, installation ID
  • Browser Data: Browser type, version, user agent
  • Error Logs: Crash reports and debugging information (currently DISABLED for privacy - errors only logged to console)
  • Local Storage: Cached posts, user preferences, draft content stored locally in your browser

1.5 Data We Do NOT Collect

  • NO Personally Identifiable Information: We do NOT collect full names, email addresses, phone numbers, physical addresses, or identification numbers
  • NO Web Browsing History: We only monitor navigation within your designated community platforms, not general web browsing
  • NO Financial Information: We do NOT collect payment information, credit card data, or financial statements
  • NO Keystroke Logging: We do NOT record or monitor your keyboard input or passwords
  • NO Mouse Tracking: We do NOT track mouse position or movement patterns
  • NO File Access: We do NOT access your files, downloads, or personal documents
  • NO Data Selling: We do NOT sell your personal information to third parties
  • NO Profile Pictures: We do NOT collect or store user avatar images

2. How We Use Your Information

2.1 Primary Purposes (User-Facing Features Only)

We use the collected information EXCLUSIVELY to provide user-facing features:

  • Review Dashboard: Display posts and comments from your community for management and review
  • Post Actions: Enable Flag, Swipe File, and Digest buttons for organizing and categorizing content
  • Quick Response: AI-powered comment drafting and response tools
  • Shared Notes: Team collaboration features for community management
  • Content Caching: Cache API responses locally for faster loading and offline access
  • Navigation Detection: Update extension UI when you navigate between pages in your community
  • Authentication: Maintain secure sessions with community platforms and StickyHive backend

Chrome Web Store Limited Use Compliance:

In accordance with Chrome Web Store User Data Policy, we certify that:

  • Allowed Use: All user data is used ONLY for user-facing features described above
  • Allowed Transfer: Data is transferred to our backend (stickyhive.ai) ONLY to provide extension functionality. No data is sold or transferred to third parties
  • Prohibited Advertising: We do NOT use user data for personalized, re-targeted, or interest-based advertising
  • Prohibited Human Interaction: Human access to user data is limited to explicit user actions (e.g., when you save posts to Review Dashboard)

2.2 Legal Basis (GDPR Compliance)

We process your data based on:

  • Consent: You explicitly consent by installing and using the extension
  • Contract Performance: Processing is necessary to provide the services you requested
  • Legitimate Interests: Improving our service, preventing fraud, ensuring security

3. How We Share Your Information

3.1 Data Transfers

StickyHive Backend API (stickyhive.ai)

  • Data Transferred:
    • Authentication tokens from community platforms
    • Post and comment content (with anonymized author names)
    • Community metadata (IDs, names)
    • Screenshots (optional, when you use Swipe File/Digest features)
  • Purpose: Store and process your community data, enable Review Dashboard, facilitate team collaboration, enable backend API access on your behalf
  • Security: All transmissions use HTTPS encryption
  • Justification: Transfer is necessary to provide the single purpose of the extension (community management tools)

Error Tracking (DISABLED)

  • Status: Error tracking via Sentry is currently DISABLED for privacy
  • What This Means: Errors are only logged to your browser console, not sent to external services

3.2 We Do NOT

  • Sell your personal information to advertisers or data brokers
  • Share your data with marketing companies
  • Use your data for targeted advertising
  • Provide your information to third parties for their own use

3.3 Legal Requirements

We may disclose your information if required by law, such as:

  • Complying with court orders, subpoenas, or legal processes
  • Protecting our rights, property, or safety
  • Investigating fraud or security issues
  • Enforcing our Terms of Service

4. Data Storage and Security

4.1 Where We Store Data

  • Local Storage: Post cache, user preferences, and draft content are stored locally in your browser using Chrome's storage API
  • Session Storage: Temporary session data that expires when you close your browser
  • Backend Servers: User account data, authentication tokens, and community data are stored on our secure servers

4.2 Security Measures

We implement industry-standard security practices:

  • Encryption: All data transmitted between the extension and our servers uses HTTPS/TLS encryption
  • Token Security: OAuth tokens are stored securely using Chrome's encrypted storage
  • Access Controls: Strict access controls limit who can access user data on our backend
  • Regular Audits: We regularly review our security practices and update them as needed
  • Secure Authentication: OAuth 2.0 with Google for secure user authentication

4.3 Data Retention

  • Authentication Tokens: Stored until you log out or revoke access
  • Cached Posts: Stored locally indefinitely until you clear browser data or uninstall the extension
  • Account Data: Retained as long as your account is active

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

  • Access Your Data: Request a copy of all personal data we hold about you
  • Correct Your Data: Update or correct inaccurate information
  • Delete Your Data: Request deletion of your account and associated data
  • Export Your Data: Download your data in a portable format
  • Withdraw Consent: Uninstall the extension at any time to stop data collection

5.2 How to Exercise Your Rights

To exercise any of these rights:

We will respond to your request within 30 days.

5.3 Cookie Controls

You can manage cookies through:

  • Chrome browser settings → Privacy and Security → Cookies
  • Clearing site data for stickyhive.ai domain
  • Using Chrome's incognito mode (note: the extension may have limited functionality)

6. Chrome Extension Permissions Explained

StickyHive Chrome Extension requests the following permissions:

Permission Why We Need It
storage Store user preferences, cached posts, and draft content locally
scripting Inject content scripts and features into community platform pages, extract CSRF tokens and authentication data, execute API calls in page context
tabs Monitor tab loads for auth capture, detect which community platform you're visiting, take screenshots for Swipe File feature, communicate with content scripts
windows Open custom domain permission popup, manage extension windows
cookies Capture authentication cookies from community platforms (Circle, Mighty Networks, Skool) and send to backend for API access
contextMenus Add right-click menu options for quick actions
downloads Allow you to export community data and reports
offscreen Run background processes for data processing
activeTab Access the current page you're viewing in supported communities
webNavigation Monitor navigation events on Circle and Mighty Networks to detect auth token rotation, inject content scripts on custom domains
Host Permissions (*.skool.com, *.circle.so, *.mightynetworks.com, *.mn.co) Access specific community platform domains to provide extension features
Optional <all_urls> Support communities on custom domains (e.g., community.yourcompany.com). This permission is OPTIONAL and only requested when you explicitly add a custom domain community. You can revoke it anytime.

Privacy-First Permissions

Host Permissions:

  • We request specific host permissions ONLY for known community platforms (Skool, Circle, Mighty Networks)
  • <all_urls> is OPTIONAL and only requested when you add a custom domain community
  • You will be explicitly prompted before granting custom domain access
  • We do NOT track or collect data from non-community websites

Minimum Permission Policy:

We comply with Chrome's minimum permission policy by requesting only the narrowest set of permissions necessary for existing functionality. Features are scoped to your designated community only.

7. Children's Privacy

StickyHive is not intended for use by individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it.

8. International Data Transfers

If you are located outside the United States, please note that:

  • Your data may be transferred to and processed in countries with different privacy laws
  • We ensure appropriate safeguards are in place for international transfers
  • For EU users, we comply with GDPR requirements for international data transfers

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal or regulatory updates, or new features.

When we make significant changes:

  • We will update the "Last Updated" date at the top
  • We will notify you via email (if you've provided one)
  • We will display a notice in the extension
  • You will be prompted to review and accept the new policy

Your continued use of the extension after changes constitutes acceptance of the updated policy.

10. Additional Information for EU Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights:

Your Legal Rights Include:

  • Right to Access: Obtain confirmation of data processing and access to your data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

Data Protection Authority: If you believe we have not addressed your concerns, you may contact your local data protection authority. For a list of EU data protection authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of exercising your privacy rights

To exercise these rights, contact us at support@stickyhive.ai

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: support@stickyhive.ai

Website: https://stickyhive.ai/contact

Summary

What we collect:

  • ✅ Authentication tokens from community platforms
  • ✅ Post and comment content (with anonymized author names)
  • ✅ User activity within community platforms (network monitoring, clicks, scroll)
  • ❌ NO personally identifiable information (names anonymized, no emails/passwords)
  • ❌ NO web browsing history outside community platforms
  • ❌ NO profile pictures or full author names

Why we collect it: To provide user-facing community management features (Review Dashboard, post actions, AI responses) - NOT for advertising or analytics

Who we share with: Only our backend (stickyhive.ai) to provide extension functionality. No third-party sharing or data selling.

Chrome Web Store Compliance: We comply with Limited Use requirements - data used ONLY for user-facing features, NOT for advertising or behavioral tracking

Your choices: Access, correct, delete your data; uninstall extension anytime; revoke custom domain permissions

Questions: Contact support@stickyhive.ai

By using StickyHive, you acknowledge that you have read and understood this Privacy Policy.