IT & Security Compliance Guide
This page is for IT teams evaluating Hives. It covers hosting, data protection, authentication, encryption, integrations, and compliance. No marketing language, just the technical details you need.
Hosting and Data Residency
Hives is hosted on Amazon Web Services (AWS) in the EU-Central-1 region (Frankfurt, Germany). All customer data is stored and processed within the EU. No data is transferred outside the European Economic Area. The infrastructure uses AWS managed services with automatic failover and redundancy across multiple availability zones.
Data Protection and GDPR
Hives is fully GDPR compliant. We provide a standard Data Processing Agreement (DPA) that covers all processing activities. Personal data collected through the platform is limited to what is necessary for the service: name, email, and organizational role. Users can export or delete their data at any time. Data retention follows your organization's policies, and all data is permanently deleted within 30 days of contract termination.
Authentication and Access Control
Hives supports Single Sign-On (SSO) via SAML 2.0 and Azure Active Directory. This means your users authenticate through your existing identity provider with no separate passwords to manage. Role-based access control (RBAC) lets you define who can submit ideas, who can evaluate them, and who has admin access. User provisioning can be managed through your IdP.
Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Database backups are encrypted using the same standards. Encryption keys are managed through AWS Key Management Service (KMS) with automatic key rotation.
Integrations
Hives integrates with Microsoft Teams and Slack for idea submission and notifications. These integrations use official APIs and OAuth 2.0 authentication. A REST API is available on the Enterprise plan for custom integrations with internal systems. Webhook support is available for event-driven workflows. All API communication is encrypted via TLS.
Implementation and Architecture
Hives is a fully managed SaaS platform. There is no on-premise installation, no custom development, and no infrastructure to maintain on your side. Implementation typically takes one to two weeks, including SSO configuration and initial setup. The platform runs on a multi-tenant architecture with logical data separation between customers.
Uptime and Reliability
Hives targets 99.9% uptime with an SLA available on Enterprise plans. The infrastructure is designed for high availability with automatic failover. Planned maintenance windows are communicated in advance and scheduled outside business hours. A status page is available for real-time service monitoring.
Security Audits and Compliance
Hives undergoes regular security assessments including vulnerability scanning and penetration testing. The platform follows OWASP security guidelines. We are happy to share our latest security assessment report under NDA. AWS infrastructure compliance covers SOC 2, ISO 27001, and other industry standards.
Data Exit and Portability
You own your data. At any point during or after the contract, you can export all data in standard formats (CSV, JSON). Upon contract termination, all customer data is permanently deleted from production systems within 30 days and from backups within 90 days. There is no vendor lock-in and no exit fees.
Questions?
If you need additional technical documentation, a security questionnaire completed, or want to schedule a call with our technical team, contact us at hello@hives.co. We are happy to provide whatever you need for your review.
