Security

At Hive, security is our number one priority. We have taken comprehensive steps to guarantee that your messages, actions, and files are secure inside the Hive application. This standard for security is true across our application, user, network, data center, and network layers.

We are SOC2 certified.

Download our full security white paper here.

Application Security

Validated access control – Hive uses industry-leading password and authentication techniques to validate access to all data based on a user’s privileges. Unauthorized access will cause an error and send flagged reports to our security team. Repeated unauthorized attempts are rate-limited and blocked after a short threshold.
Progressive user authentication – Hive employs rigorous user authentication which is used with every request to the application. Every network request in Hive is only allowed after the system confirms that the user is who they claim they are and has the privileges to perform the action.
User request tracking – The Hive security team maintains audit logs of all actions performed on behalf of every user. Any irregularities are flagged and alert our security team immediately by email, SMS, and push notifications. In the case of an irregularity, Hive defaults to rate-limiting and blocking of requests.

User Security

Workspace security model – Hive uses separate workspaces as a hierarchy to keep all messages, groups, actions, and files private for your organization. Any attempted access by a user not identified as a member of an organization’s workspace is flagged, requests are blocked and reported to our security team.
Restricting Access – Hive workspaces are not public or discoverable by new users unless the workspace administrator provides access.
Expiring links – Hive uses strict URI expiration so that any resources exposed by the application expire after 60 minutes and are only refreshed just in time for authenticated user access.

Network Security

Across the board SSL security – Hive forces 256-bit Secured Socket Layer security at every network entry-point to encrypt data between the end user and Hive. All data transferred between Hive users, servers and the internet interchange securely.
Hive Application is not indexed by Search Engines – Hive disallows indexing of all application information by search engines or robots. This means no external random internet access of your workspaces, groups, messages, actions, and files. All data structures are encrypted before being sent to our servers and encoded once they arrive.

Data Center & Hosting Security

Physical Access Control – Hive hosts its servers at multiple geographically separated, enterprise-grade data centers. All data is stored and encoded on a secure internal storage cluster behind an enterprise-grade firewall. We store local snapshots of data and we backup all data hourly.
Assurance and Accreditation – All Hive hosting is ISO 27001 accredited. We have developed a security assurance program using global privacy and data protection best practices in order to help customers establish, operate and leverage our security control environment.
Fault Tolerance – Our data storage cluster provides N+1 fault tolerance; single node faults still maintain 100% data integrity.

Security Vulnerability Disclosure Program

Hive maintains a Vulnerability Disclosure Program (VDP) which security vulnerabilities and bugs related to Hive web application (app.stg-hiveinc-staging.kinsta.cloud), mobile application, and desktop application can be submitted. The Hive security team pays bounties for reports based on level of severity. To report a vulnerability, please submit this form with a description of the vulnerability and, if possible, clear steps to reproduce.