Hyvery, Inc. (“Hyvery,” “we,” “us“) provides a software‑as‑a‑service platform for facility and operations management (the “Service“). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, interact with us, or use the Service.
Role Clarification
• For website visitors, prospects, and our own account administration, Hyvery acts as a controller.
• For Customer Data processed in the Service (e.g., your end users’ records), Hyvery acts as a processor/service provider to the Customer. The Data Processing Addendum (DPA) governs processor‑level obligations and takes precedence for Customer Data.
This Policy applies to: hyvery.com domains, the Hyvery web and mobile apps, support channels, and communications. It does not apply to third‑party websites or services linked from our sites.
We collect information in three ways: (a) directly from you; (b) automatically through the Service; and (c) from third parties (e.g., identity providers or integration partners you choose).
2.1 Information you provide
Account & Contact Data (name, email, phone, company, role).
Credentials (hashed passwords where applicable, SSO identifiers).
Customer Support Content (tickets, messages, attachments).
Billing Details (billing contact, address; we do not store full payment card numbers in our systems).
Content You Upload to the Service (e.g., locations, floor plans, tickets, work orders, invoices, programs/campaigns, assessments, events) — typically business information.
2.2 Information collected automatically
Usage & Device Data (IP address, approximate location derived from IP, browser type/version, device identifiers, language, timestamps, referring/exit pages).
Log & Telemetry Data (request metadata, event logs, error reports).
Cookies/SDKs for session management, security, and analytics. See §8 (Cookies & Tracking).
2.3 Information from third parties
Identity/Access Providers (e.g., SSO/IdP attributes you authorize).
Integration Partners you connect (e.g., messaging, mapping).
Lead & Marketing Partners (subject to applicable law and your preferences).
Sensitive Data
The Service is not intended to store protected health information (PHI), payment card PAN, government IDs, or precise geolocation. Do not upload such data unless expressly permitted by written agreement and configured safeguards.
Provide and operate the Service (authentication, hosting, workflows, search, storage).
Secure the Service (fraud/abuse detection, incident response, logging).
Support (troubleshoot, answer requests, provide training).
Improve and develop features, quality, and performance.
Communicate about updates, security, and service/marketing messages (you can opt out of non‑essential marketing).
Comply with laws, contracts, and enforce terms.
Legal Bases (EEA/UK/Swiss): performance of a contract; legitimate interests (security, product improvement, communications); consent (where required); legal obligations.
We may share personal information with:
Sub‑processors/Service Providers that host, process payments, send email/notifications, monitor performance, provide support tooling, or supply infrastructure. We bind them to confidentiality and security obligations. A current list or categories is available on our trust page and/or by request.
Your Integrations that you enable (e.g., identity providers, messaging gateways). Data flows are controlled by you.
Professional Advisors (legal, accounting) under duty of confidentiality.
Corporate Transactions (merger, acquisition, financing, sale of assets).
Legal/Compliance when required by law, regulation, subpoena, or to protect rights, safety, and security.
We do not sell personal information. We do not share personal information for cross‑context behavioral advertising.
We retain personal information for as long as necessary to provide the Service and fulfill the purposes above, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention examples: account metadata and support records for the life of the account + up to 3 years; security logs 12–24 months; backups per our retention schedule. Customer administrators can export Customer Data; see the DPA and ToS for data return and deletion after termination.
We maintain administrative, technical, and physical safeguards aligned with industry standards (e.g., access control with MFA and RBAC, encryption in transit and at rest, network segmentation, vulnerability management, monitoring and audit logs, and encrypted isolated backups). No system is perfectly secure; we cannot guarantee absolute security. If we learn of a breach, we will notify you consistent with applicable law and our incident response policies.
Hyvery primarily processes data in the United States, with limited operations in Canada as disclosed. Where required, international transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses, UK Addendum, Swiss Addendum). Additional terms for Customer Data are in the DPA.
We use:
Strictly Necessary Cookies (authentication, session management, security).
Functional Cookies (preferences).
Analytics (to understand feature adoption and improve performance).
Where required by law, we obtain consent via a banner and provide controls. You can adjust browser settings to block cookies; the Service may not function properly without essential cookies. We do not respond to “Do Not Track” signals at this time.
9.1 EEA/UK/Swiss residents
You may have rights to access, correct, delete, restrict, object to processing, and data portability. Where processing is based on consent, you can withdraw consent at any time. You may lodge a complaint with your supervisory authority.
9.2 U.S. State Privacy Laws (e.g., CA/VA/CO/CT/UT)
Depending on your state, you may have rights to know/access, correct, delete, data portability, and to opt out of certain processing (sale/share/targeted advertising). Hyvery does not sell or share personal information for cross‑context behavioral advertising. You may also have a right to appeal a decision regarding your request.
How to Exercise Rights: Email privacy@hyvery.com with your name, email, relationship to Hyvery, request type, and jurisdiction. We will verify your identity and respond within the timelines required by law. You may use an authorized agent where permitted.
| Category (CPRA) | Examples | Purpose | Sold/Shared |
|---|---|---|---|
| Identifiers | Name, email, phone, IP address | Account setup, security, support, communications | No |
| Customer Records | Business contact, account profile | Service delivery, billing | No |
| Internet/Network Activity | Usage logs, device/browser info | Security, analytics, improvement | No |
| Geolocation (approx.) | Derived from IP | Localization, security | No |
| Professional/Employment | Role, organization | Account administration | No |
| Inferences | Product interest segments | Product improvement/communications | No (limited internal use) |
| Sensitive PI (limited) | Account credentials | Authentication/security | No |
Retention: See §5. Right to Limit Sensitive PI: Not applicable; Hyvery does not use Sensitive PI to infer characteristics about you.
The Service is not directed to children under 16 and we do not knowingly collect their personal information. If you believe a child has provided personal information, contact privacy@hyvery.com and we will take appropriate steps.
Our sites may contain links to third‑party websites or services. Their privacy practices are governed by their own policies; we are not responsible for them.
We may update this Policy from time to time. The “Last Updated” date will reflect changes. If changes materially affect your rights, we will provide additional notice (e.g., email or in‑app) and, where required, obtain consent.
Hyvery, Inc.
4004 Sunburst View Cir., Kissimmee, FL 34746, USA
Email: privacy@hyvery.com
Support: support@hyvery.com
Toll‑free: 1‑833‑HYVERY‑0
Controller context: Hyvery website, sales/marketing, account owner billing/administration.
Processor context: Customer Data inside the Service as defined in the DPA. Customer is responsible for notice/consent to its end users and configuring the Service (e.g., RBAC, retention).