The Owl Hive

Privacy Policy

Last Updated: 16 April 2026
Effective Date: 16 April 2026
Website: https://theowlhive.com
Contact: contact@theowlhive.com

1. Introduction

We respect your privacy and are committed to transparent, minimal data collection. This Privacy Policy explains how we collect, use, store, and protect information when you visit https://theowlhive.com.

Key facts about our site:

  • We do not require user accounts, logins, or registrations.
  • We do not allow or host user comments.
  • We do not use advertising networks, tracking pixels, fingerprinting, or third-party analytics.
  • Our only analytics tool is Umami, a self-hosted, privacy-focused platform.

This policy is designed to comply with privacy laws across the European Union, United Kingdom, United States (federal and state), Australia, New Zealand, Japan, and South Korea.

2. Information We Collect

2.1 Analytics Data (Umami)

We use a self-hosted instance of Umami to understand site traffic and improve content. By design, Umami:

  • It does not use cookies
  • It does not collect or store any personally identifiable information
  • It does not track you across different websites
  • It does not build advertising profiles
  • It collects only anonymised, aggregated statistics such as: page views, general geographic region (country level only, derived from a hashed and discarded IP address), browser type, operating system, screen size, and referring website
  • Data is processed by Umami Software, Inc. under their own privacy policy.

2.2 Contact Form Submissions

When you use our contact form, you voluntarily provide:

  • Name, email address, message content, and any optional fields you choose to fill out.
  • You are never required to submit the contact form. Providing this information is entirely your choice.

2.3 Server & Hosting Logs

Like virtually all websites, our hosting provider automatically records certain technical information each time you visit. This may include:

  • Your IP address (used briefly for routing; typically not retained long-term by us)
  • Browser type and version
  • Pages visited and time of visit
  • Referring URL

Server log data is used only for security monitoring, fault diagnosis, and abuse prevention. We do not use it for profiling or marketing.

3. How We Use Your Information

We process data only for the following purposes:

  • Site Operation & Improvement: Understanding traffic patterns, fixing errors, and optimizing content delivery.
  • Communication: Responding to inquiries submitted via the contact form.
  • Security & Compliance: Detecting abuse, preventing fraud, and complying with applicable laws.

We do not sell, rent, trade, or share your personal information with advertisers, data brokers, or marketing partners. We do not engage in automated decision-making or profiling.

4. Legal Basis for Processing (EU/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases under Article 6 of the GDPR / UK GDPR:

  • Contact form data: Legitimate interests (Article 6(1)(f)) — to respond to your enquiry. You initiate the communication and reasonably expect a response.
  • Server logs: Legitimate interests (Article 6(1)(f)) — to maintain site security and diagnose technical issues.

We do not process any special categories of personal data (Article 9 GDPR). We do not use automated decision-making or profiling that produces legal or similarly significant effects.

    5. Data Sharing & Third Parties

    We share data only with essential service providers necessary to operate this site.

    All processors are bound by data processing agreements or equivalent contractual safeguards. We do not transfer data to third parties for marketing, advertising, or data brokerage purposes.

    6. Data Retention

    We retain information only as long as necessary for the purposes outlined above:

    • Umami Analytics: Aggregated and anonymised; not subject to personal data retention periods.
    • Contact Submissions: Retained only until your inquiry is resolved, typically deleted within 90 days after final response.
    • Server Logs: Retained per our hosting provider’s security policy, typically 12 months.

    You may request earlier deletion where technically feasible and legally permissible.

    7. Your Privacy Rights

    Depending on where you are located, you have various rights relating to your personal data. We honour all of these rights regardless of your location, because we believe privacy is a universal value.

    To exercise any right listed below, please contact us at contact@theowlhive.com. We will respond within the timeframe required by your applicable law (typically 30 days). We will not charge a fee for reasonable requests.

    7.1 Rights Under EU GDPR and UK GDPR

    If you are located in the European Economic Area or the United Kingdom, you have the right to:

    • Access: Obtain a copy of the personal data we hold about you.
    • Rectification: Have inaccurate or incomplete data corrected.
    • Erasure (“Right to be Forgotten”): Request deletion of your personal data, where we have no overriding legal obligation to keep it.
    • Restriction: Ask us to pause processing your data while a dispute is resolved.
    • Portability: Receive a machine-readable copy of your data (where processing is based on consent or contract).
    • Objection: Object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
    • Lodge a complaint: You have the right to complain to your national supervisory authority. For the EU, find your authority at edpb.europa.eu. For the UK, contact the Information Commissioner’s Office (ico.org.uk).

    7.2 Rights Under New Zealand Law (Privacy Act 2020)

    If you are located in New Zealand, under the Privacy Act 2020 and Information Privacy Principles (IPPs) you have the right to:

    • Access: Request access to personal information we hold about you (IPP 6).
    • Correction: Request correction of your personal information (IPP 7).
    • Lodge a complaint: If we do not resolve your complaint, you may contact the Office of the Privacy Commissioner (privacy.org.nz).

    7.3 Rights Under Australian Law (Privacy Act 1988)

    If you are located in Australia, under the Australian Privacy Principles (APPs) you have the right to:

    • Access: Request access to the personal information we hold about you (APP 12).
    • Correction: Request correction of inaccurate, out-of-date, incomplete, or misleading information (APP 13).
    • Anonymity: Where practicable, deal with us without identifying yourself (APP 2). For general site browsing, this is already the case.
    • Lodge a complaint: If we do not resolve your complaint satisfactorily, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

    7.4 Rights Under Japanese Law (APPI)

    If you are located in Japan, under the Act on the Protection of Personal Information (APPI) as amended in 2022, you have the right to:
    • Disclosure: Request disclosure of retained personal data we hold about you.
    • Correction: Request correction, addition, or deletion of retained personal data that is factually inaccurate.
    • Cessation of use or deletion: Request that we stop using or delete your retained personal data if it was obtained unlawfully or is no longer necessary for its stated purpose.
    • Cessation of third-party provision: Request that we stop providing your data to third parties where this is occurring unlawfully.

    Please submit requests in writing (email is acceptable) to contact@theowlhive.com. We will respond within the period required by law.

    7.5 Rights Under South Korean Law (PIPA)

    If you are located in South Korea, under the Personal Information Protection Act (PIPA), you have the right to:

    • Consent withdrawal: Withdraw consent given for the collection and use of personal information.
    • Access: Request to view personal information we process about you.
    • Correction or deletion: Request correction or deletion of inaccurate personal information.
    • Suspension of processing: Request suspension of the processing of your personal information.
    • Lodge a complaint: File a complaint with the Personal Information Protection Commission (PIPC) or the Korea Internet & Security Agency (KISA).

    7.6 Rights Under Canadian Law (PIPEDA and Quebec Law 25)

    Canada has two main frameworks you should be aware of.

    Federal — PIPEDA

    The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private-sector organisations that collect, use, or disclose personal information in the course of commercial activities. Under PIPEDA and its ten Fair Information Principles, you have the right to:

    • Access: Request access to personal information we hold about you and an account of how it has been or may be used.
    • Correction: Challenge the accuracy and completeness of your personal information and have it corrected or annotated where appropriate.
    • Withdraw consent: Where processing is based on consent, withdraw that consent, subject to legal or contractual restrictions and reasonable notice.
    • Lodge a complaint: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca if you believe your privacy rights have been violated.

    We collect personal information only for the purposes identified in this policy, and we obtain consent (express or implied, depending on the sensitivity of the information) before or at the time of collection. We do not use or disclose your information for purposes other than those for which it was collected, except with your consent or as required by law.

    Quebec — Law 25 (Act Respecting the Protection of Personal Information in the Private Sector)

    Quebec’s Law 25 (fully in force as of September 2023) imposes obligations stricter than federal PIPEDA in several respects. If you are located in Quebec, you have the following additional or enhanced rights:

    • Right to de-indexation: Request that hyperlinks attaching your name to information be de-indexed if publication causes you harm or the information is no longer current — essentially a right to be forgotten in a search context.
    • Right to data portability: Request that personal information you provided to us be communicated to you or transferred to another organisation in a commonly used technological format (where technically feasible).
    • Automated decision-making: Be informed if a decision based solely on automated processing of your personal information is made about you, and request a review by a human.
    • Withdrawal of consent: Withdraw consent at any time with reasonable notice.

    Quebec’s Law 25 also requires organisations to appoint a privacy officer, conduct privacy impact assessments for new projects involving personal information, and report confidentiality incidents to the Commission d’accès à l’information (CAI) where there is a risk of serious harm. We take these obligations seriously.

    To exercise any of your Canadian privacy rights, contact us at contact@theowlhive.com. We will respond within 30 days of receiving your written request. If you are not satisfied with our response, you may contact:

    • Federal: Office of the Privacy Commissioner of Canada — priv.gc.ca
    • Quebec: Commission d’accès à l’information — cai.quebec.ca

    7.7 Rights Under United States Law

    The United States does not currently have a single comprehensive federal privacy law, but the following apply:

    Federal Considerations

    We do not knowingly collect data from children under 13, in compliance with the Children’s Online Privacy Protection Act (COPPA). See Section 11.

    California Residents — CCPA / CPRA

    Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the right to:

    • Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties we share it with.
    • Delete: Request deletion of personal information we hold about you, subject to certain exceptions.
    • Correct: Request correction of inaccurate personal information.
    • Opt-out of sale or sharing: We do not sell or share your personal information for cross-context behavioural advertising. No opt-out is required, but we disclose this for transparency.
    • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

    To submit a CCPA request, contact us at [YOUR EMAIL ADDRESS]. We will respond within 45 days (extendable by a further 45 days with notice).

    We do not sell personal information. We do not share personal information for cross-context behavioural advertising. We do not use sensitive personal information for purposes beyond those described in this policy.

    Other US State Laws

    Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with enacted consumer privacy laws have similar rights to access, correct, delete, and opt out of the sale of their personal data, as well as the right to appeal a denial of a rights request. Because we do not sell data and collect minimal personal information, most of these rights are already satisfied by default. Contact us at [YOUR EMAIL ADDRESS] to make any request.

    8. Security Measures

    We implement industry-standard technical and organizational safeguards:

    • HTTPS/TLS encryption for all data in transit
    • Regular WordPress core, theme, and plugin updates
    • Server-side firewalls, brute-force protection, and automated backups
    • Access controls limiting who can access the website administration area
    • Umami configured for privacy-by-design (cookie-less, IP-anonymized, self-hosted)

    While we strive to protect your data, no internet transmission or storage system is 100% secure. We cannot guarantee absolute security.

    9. International Data Transfers

    This website is operated from New Zealand. If you access it from outside that country, be aware that your data may be processed in a country with different data protection laws.

    We take steps to ensure that any transfers of personal data are conducted in accordance with applicable law. For EU/UK residents, where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions.

    Because we collect minimal personal data and do not use third-party tracking services, the risk associated with international transfers is low for most visitors.

      10. Children’s Privacy

      This site is not directed to individuals under the age of 16 (or 13 in the US under COPPA). We do not knowingly collect personal information from children. If we become aware of such data, we will delete it promptly.

      11. Cookies & Tracking Technologies

      We do not use advertising cookies, tracking pixels, or third-party analytics.

      • Umami runs self-hosted and does not require cookies.
      • You may configure your browser to block or delete cookies. The site remains fully functional without non-essential tracking.

      12. Changes to This Policy

      We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the “Last Updated” date at the top of this page.

      For significant changes, we will make reasonable efforts to notify visitors (for example, by a notice on the website). We encourage you to review this policy periodically.