Privacy Policy

Last updated: February 18, 2026

1. Overview

Honeycomb is a family AI assistant operated by Microserv.io B.V., a company registered in the Netherlands. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service at gethoneycomb.app.

We are committed to minimal data collection, transparency, and full compliance with the General Data Protection Regulation (GDPR). We do not sell your data, do not serve advertising, and do not use your information for purposes beyond providing and improving the service.

2. Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you join or create a family group, we store your family membership and role (owner or member), as well as your subscription status.

Conversation Data

Your conversation history — including your messages, AI responses, and conversation metadata such as titles and timestamps — is stored encrypted at rest in our database. This data is retained until you delete the conversation or your account.

Conversations are processed via our managed AI infrastructure (Anthropic Claude). AI usage is billed through honey credits included in your subscription. We do not control or access Anthropic's data retention policies. Please review Anthropic's terms and privacy policy.

Integration Credentials

When you connect third-party services (such as Gmail, Microsoft Outlook, Google Calendar, or smart home devices), we use secure OAuth 2.0 sign-in — you authorize access directly with the service, and we never see or store your passwords. We store only OAuth tokens, encrypted with AES-256-GCM. Personal integration credentials are isolated per family member and are never accessible to other members. All integrations can be revoked at any time through your account settings.

Usage and Analytics Data

We use Google Analytics 4 (GA4) on our landing page (gethoneycomb.app) to track pageviews and waitlist conversions. We do not use analytics inside the Honeycomb app itself. No conversation content is ever sent to analytics services.

3. Google API Data Disclosure

Honeycomb offers optional Gmail integration that allows the AI assistant to read, compose, and send email on your behalf through natural conversation. This section specifically addresses how we handle data received from Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

What Gmail Data We Access

When you connect your Gmail account, Honeycomb accesses:

• Email messages and their content (subject, body, attachments metadata)
• Email labels and folder structure
• The ability to send email on your behalf

How Gmail Data Is Used

Gmail data is used solely to enable the AI assistant to interact with your email during conversations. For example, you might ask Honeycomb to summarize recent emails, draft a reply, or send a message. Email content is processed in real-time during your conversation and is not stored by Honeycomb. Only OAuth refresh tokens are stored (encrypted with AES-256-GCM) to maintain your connection.

Limited Use Compliance

Honeycomb's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Gmail data to provide and improve the email features you interact with
• We do not use Gmail data for advertising or marketing purposes
• We do not sell, rent, or share Gmail data with third parties
• We do not use Gmail data to train machine learning or AI models
• We do not allow humans to read your Gmail data, except with your explicit consent, for security purposes, to comply with applicable law, or when the data is aggregated and anonymized for internal operations

Revoking Gmail Access

You can disconnect your Gmail integration at any time through your Honeycomb account settings. You may also revoke access from your Google Account permissions page. Upon revocation, we immediately delete your stored OAuth tokens.

4. Microsoft API Data Disclosure

Honeycomb offers optional Microsoft Outlook integration that allows the AI assistant to read, compose, and send email on your behalf through natural conversation. This integration uses Microsoft's OAuth 2.0 authorization and complies with the Microsoft APIs Terms of Use.

What Outlook Data We Access

When you connect your Microsoft account, Honeycomb accesses:

• Email messages and their content (subject, body, attachments metadata)
• Email folders and categories
• The ability to send email on your behalf

How Outlook Data Is Used

Outlook data is used solely to enable the AI assistant to interact with your email during conversations. Email content is processed in real-time and is not stored by Honeycomb. Only OAuth refresh tokens are stored (encrypted with AES-256-GCM) to maintain your connection.

• We only use Outlook data to provide the email features you interact with
• We do not use Outlook data for advertising or marketing purposes
• We do not sell, rent, or share Outlook data with third parties
• We do not use Outlook data to train machine learning or AI models

Revoking Outlook Access

You can disconnect your Outlook integration at any time through your Honeycomb account settings. You may also revoke access from your Microsoft account permissions page. Upon revocation, we immediately delete your stored OAuth tokens.

5. How We Use Your Information

We use your information exclusively to:

• Provide and maintain the Honeycomb service
• Process your subscription payments
• Send you important service updates and security notifications
• Respond to your support requests
• Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising. We do not use your conversation content or integration data to train AI models.

6. Data Storage and Security

All data we control is stored in the European Union (Google Cloud, europe-west4, Netherlands). Our infrastructure includes:

• Encryption in transit (TLS) and at rest for all stored data
• AES-256-GCM encryption for integration credentials and API keys
• Per-user credential isolation for personal integrations
• DNS and CDN via Cloudflare (global edge, origin servers in the EU)

AI processing is handled by Anthropic (our managed AI provider), which may process data outside the EU. Please review Anthropic's data processing locations and policies.

7. Third-Party Data Sharing

We share data with third parties only as necessary to provide the service:

• AI provider (Anthropic) — Your conversations are processed by Anthropic via our managed infrastructure. Usage is metered through honey credits.
• Payment processor (Stripe) — Handles subscription billing. We do not store your payment card details.
• Infrastructure providers (Google Cloud, Cloudflare) — Host and deliver the service under data processing agreements.

We do not share data with advertising networks, data brokers, or any other third parties.

8. Data Retention

We retain your data only as long as needed to provide the service:

• Account data — Retained until you delete your account
• Conversation data — Retained until you delete the conversation or your account
• Integration credentials — Retained until you revoke the integration
• Honey balance data — Retained until credits expire or account is deleted

When you delete your account, all associated data (conversations, credentials, family membership) is permanently removed from our systems.

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access — Request a copy of all personal data we hold about you
• Right to rectification — Correct inaccurate or incomplete personal data
• Right to erasure — Request deletion of your personal data and account
• Right to data portability — Receive your data in a machine-readable format (JSON)
• Right to object — Object to processing based on legitimate interest
• Right to restriction — Request that we pause processing of your data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Our lawful bases for processing are: contract (providing the service), consent (marketing communications), and legitimate interest (service improvement and security). You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

10. Children's Privacy

Honeycomb is designed for family use, but account creation requires you to be at least 18 years old. Family members under 18 may use the service under the supervision and consent of a parent or legal guardian who holds the family account.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through the service. Your continued use of Honeycomb after such changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Privacy inquiries: [email protected]
• Security issues: [email protected]
• Company: Microserv.io B.V., Netherlands