Data Requests

If you have a hivi account, every right below is available as a one-click action from a single page:

Open my privacy controls →

You'll be asked to sign in if you aren't already. Every action on that page is recorded in our internal audit log so we can prove the request was honoured.

• Access — download a copy of your data. Clicking Download My Data on the privacy page assembles your profile, persons, clients, checklists, documents, and voice recordings into a single JSON file and downloads it to your browser. Sensitive fields that are encrypted in our database are decrypted into the export so you can read them.
• Portability — structured export. The Export Data action produces a machine-readable copy in your choice of JSON, CSV, or XML.
• Correction. Most profile fields you can edit yourself in /account. For corrections you cannot make from the UI, the Request Data Correction form on the privacy page submits a correction request to our team.
• Deletion. The Request Account Deletion flow creates a deletion request in a pending state. While it is pending you can cancel it yourself from the same page. After our team approves the request it is scheduled 30 days out and then processed by a daily job; once a request is approved, cancellation has to go through support@hivi.ca.
• Withdraw consent. The Withdraw Consent control lets you withdraw consent for data collection, data processing, marketing communications, or all of the above. Withdrawing all consent disables the account, because we can no longer process the data needed to sign you in; the UI confirms this before proceeding.
• Complain to a regulator. You can contact the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, or your local EU supervisory authority if you believe we have mishandled your data. You don't need to go through us first.

Use email if you cannot sign in (locked out, lost access, the account is closed, or you're a regulator or representative acting on someone's behalf):

support@hivi.ca with the subject line Data Request.

To help us route the request quickly, please include:

• The email address on the hivi account in question.
• The type of request (access, correction, deletion, export, withdraw consent).
• Enough detail for us to confirm you are the account holder or an authorised representative. We will reply from our system before releasing or deleting any data.

You do not need to give a reason. You can submit a request on behalf of someone else only if you have documented legal authority to do so (for example, a parent for a minor, or a representative under a power of attorney).

PIPEDA and Quebec Law 25 require a response within 30 days of receiving a request, with a possible extension of up to 30 additional days for unusually complex requests. We hold ourselves to the same standard. In-app actions (download, export, withdraw consent, request deletion) take effect immediately or within the cycle described above for deletions.

Honouring access, correction, and deletion requests is free of charge. We may charge a reasonable fee only for clearly excessive or repetitive requests, and will tell you before doing so.

A small set of data must be retained even after account deletion, either to comply with law or to protect other users:

• Stripe billing records — Stripe retains transaction history on its side as required by Canadian tax and payment regulation. We cannot delete records Stripe is legally required to keep. We do delete our internal copy of the Stripe customer ID and subscription metadata when we delete the account.
• Encrypted backups — deleted records may persist in encrypted backup snapshots for up to 30 days before the snapshots are rotated out.
• Privacy-action audit log — minimal records of the data request itself (who requested what, when) are retained so we can prove the request was processed. These do not contain the profile data being deleted.
• Content shared with another user — if you shared a document with another hivi user, the copy in their account belongs to them and is not removed by your deletion request.

hivi is not directed at children under 13 (under 16 in jurisdictions where that is the digital-consent age). If you believe a child has created an account, email us and we will delete it.

Privacy questions, data requests, sub-processor questions, and reports of suspected incidents: support@hivi.ca.

See also our Privacy Policy and Trust & Security pages.