Data dictionary
Every category of data, defined precisely
Trust pages tend to describe data in the language that flatters the vendor. This page does the opposite. It names every category of data the system touches, says plainly who holds it and where it lives, and is explicit about the one category HiveSilo does hold. The terms are defined the way a privacy reviewer needs them defined, not the way marketing would prefer.
How to read this page
This is a plain-English summary intended to make diligence faster, not a substitute for the contractual documents. Where this page and the executed Data Processing Agreement, Master Services Agreement, or formal privacy notice differ, those documents govern. The categorisation below is maintained alongside those documents and is reviewed by counsel before commercial reliance. If you are evaluating HiveSilo under a privacy or security review, request the full data-flow matrix and DPA through the Trust Center.
The dictionary
What each category is, who holds it, and whether HiveSilo can read it
Read the final column first. It is the one that matters: for client identities, the answer is no, by architecture rather than by promise.
| Category | What it is | Who holds it / where it lives | Can HiveSilo read it? |
|---|---|---|---|
| First-party behavioral signals | Patterns of on-site behaviour from your own visitors, carrying no name, email, or account identifier. These are the inputs the intelligence layer scores. | Computed from your own first-party traffic; the scored result is sealed into your enclave. | Yes, as signals. HiveSilo evaluates these patterns. They are designed to carry no direct identifier of the person. |
| Anonymous data | Data that cannot be linked back to an individual by any reasonable means, by anyone. | Treated as aggregate; not tied to a person. | Yes, where genuinely anonymous. Anonymous data is outside most data-protection regimes. |
| Pseudonymous identifiers | Values that do not name a person directly but could re-identify one if combined with other data. Under GDPR and similar laws these remain personal data. | Where any signal could re-identify a person, it is treated as personal data and kept inside your enclave, not in HiveSilo. | No, when re-identifiable. We do not treat pseudonymous as a synonym for non-personal. |
| PII and personal data | Names, emails, phone numbers, addresses, and any other data identifying a person, including form submissions. | Travels directly from your website into your own per-tenant confidential enclave. It does not transit a HiveSilo system. | No. HiveSilo does not receive, store, or hold keys to decrypt it. |
| Hashed identifiers for ad platforms | Hashed values (for example for conversions APIs) used to match audiences on advertising platforms. | Generated and released inside your enclave, under your own keys, only to destinations you authorise. | No. This dispatch runs inside your enclave; HiveSilo does not perform it from a copy of its own. |
| Technical metadata (IP, device, browser) | Technical signals such as IP address and user-agent, which may be processed to compute behavioural patterns and to filter invalid and bot traffic. Some of these are personal data in some jurisdictions. | Processed transiently for scoring and invalid-traffic filtering; not assembled into a HiveSilo-side identity profile of your clients. | Processed, not retained as identity. Handled under your instructions and the DPA; treated as personal data where the law requires. |
| Control-plane, billing, and operational metadata | Account, configuration, usage, and billing records needed to operate the service and invoice for it. This is the one category HiveSilo does hold. | Held by HiveSilo as the service operator, like any B2B software provider. | Yes. This is operational data about your account and usage, not your clients' identities. |
| Data received by your CRMs and ad platforms | The data your own authorised CRM and advertising tools receive in the ordinary course of your business. | Held by the destinations you have chosen and authorised, under your existing relationships with them. | This is your existing data flow, not new HiveSilo custody. HiveSilo does not add itself as a holder of it. |
The single most important row is personal data. HiveSilo is designed so that the identities of your clients have no route into a system you would otherwise have to audit us on.
Terminology, used carefully
Anonymous, pseudonymous, and personal are not interchangeable
It is common, and legally unsafe, to use these words as if they meant the same thing. We try not to.
Anonymous
Cannot be linked back to a person by any reasonable means. Genuinely anonymous data falls outside most data-protection regimes. We reserve the word for data that meets that bar.
Pseudonymous
Looks de-identified but can be re-identified by someone with the additional key or context. Under GDPR and comparable laws this is still personal data. We do not present pseudonymous data as if it were non-personal.
Personal data / PII
Identifies a person, directly or in combination with other data. The whole architecture exists to keep this category out of HiveSilo and inside the enclave you control.
Why this matters for your review
A vendor that blurs these terms is usually hiding a re-identification risk inside the word "anonymous." Naming them separately is the honest way to let your privacy team assess us, and it is the standard your own clients' discretion deserves.
What we claim, and what we do not
What "a high-value buyer" means here
There are three different propositions that marketing copy often collapses into one. We hold to the first, are careful about the second, and do not claim the third.
High purchase intent
HiveSilo infers the likelihood that a visitor is a serious, high-value buyer for your specific offering, from first-party behavioural signals. This is the claim we make and the one the product is built to deliver.
Likely commercial capacity
Signals can indicate that a visitor is likely to have the capacity for a high-value transaction. We treat this as a probabilistic read, not a verified fact, and we say so.
Verified identity or net worth
HiveSilo does not establish that an unidentified visitor is a specific, named ultra-high-net-worth individual, and does not determine anyone's actual net worth. We infer intent; we do not unmask people.
The scoring methodology that turns signals into a ranked buyer-intent read is proprietary and is not published. The point of this section is not the method, but the honest boundary of the claim.
Diligence
Bring this to your privacy and security review
A briefing walks your General Counsel, CPO, and security team through this dictionary applied to your stack, with the full data-flow matrix and the DPA, grounded in what is live today.
The current verification status is published at the Trust Center. Enterprise pricing on inquiry.