Privacy Policy

Last updated: April 1, 2026 · Hive Finance (self-hosted personal finance platform)

1. Overview

Hive Finance is a self-hosted, single-user personal finance platform. It is operated exclusively by and for the individual who deployed this instance on their own infrastructure. No data is shared with any third party except as necessary to operate the service (e.g., Plaid for bank connectivity, Anthropic/Ollama for AI features).

Because this is a single-user deployment on private infrastructure, the “operator” and “user” are the same individual. This policy describes how data flows through the platform and your rights over that data.

2. Data We Collect

Financial data via Plaid: Transaction history, account balances, institution names, and account identifiers retrieved from your linked bank and credit card accounts. Plaid access tokens are stored encrypted at rest using AES-256 (Fernet).

Account credentials: Your Hive login username and bcrypt-hashed password. Plaintext passwords are never stored.

Authentication events: An audit log of login attempts, MFA events, and administrative actions, including IP address and timestamp.

AI chat history: Messages sent to the AI chat interface are processed by Anthropic Claude or a local Ollama model. Anthropic may process these according to their privacy policy. Local Ollama processing stays entirely on-device.

3. How Data Is Used

  • Displaying your transaction history, spending analytics, and account balances
  • Computing budget vs. actual spend, points earned, and net worth over time
  • ML-based anomaly detection on transaction patterns (processed locally)
  • Answering natural language questions about your finances via AI chat
  • Generating spending forecasts using historical transaction data

Data is never used for advertising, profiling, or sold to third parties.

4. Data Retention

Transaction data is retained for 24 months by default, after which it may be automatically purged via the data retention policy. Budget and points history is retained indefinitely to support trend analysis. Audit logs are retained for 12 months.

You may request deletion of all financial data at any time from the Security Settings page. Deletion is immediate and irreversible.

5. Data Security

  • All network traffic encrypted via TLS 1.2+ (Tailscale + nginx)
  • Access restricted to Tailscale VPN — no public internet exposure
  • Plaid access tokens encrypted at rest with AES-256 (Fernet)
  • Application login protected by bcrypt-hashed passwords and optional TOTP MFA
  • PostgreSQL password-protected; Redis password-protected
  • JWT session tokens with 12-hour expiry
  • Role-based access control (RBAC) enforced on all API endpoints

6. Third-Party Services

Plaid Technologies, Inc.

Used for bank account connectivity. Plaid's privacy policy governs their data handling: plaid.com/legal/privacy-policy

Anthropic, PBC

Used for AI chat features when Claude is selected. Only active chat messages are sent; no financial transaction data is transmitted. Governed by Anthropic's privacy policy.

Ollama (local)

Local AI model processing. All data stays on-device. No external transmission.

7. Your Rights

  • Access: All your data is visible within the Hive interface
  • Deletion: Delete all financial data at any time from Security Settings
  • Portability: Transaction data can be exported from the Transactions page
  • Correction: Transaction categories can be manually corrected inline
  • Disconnect: Any linked bank account can be unlinked at any time from Connect

8. Contact

This is a self-hosted personal deployment. The data controller is the individual operating this instance. For questions about this privacy policy, refer to the system administrator of this Hive instance.