
Compliant by design.
Hive CPQ is built to meet the regulations and standards your industry runs on, so your processes stay audit-ready all year round.
Safe and sound.
Security runs through every layer of Hive CPQ, from how your team logs in to how we test the platform.
Your data stays yours.
We handle personal and business data with care, and store it securely in line with industry standards.
Ready for anything.
If something does go wrong, we have the plan and the safeguards to put it right fast.
Frequently asked questions
Detailed answers on security, privacy, compliance and reliability. Can’t find your answer below?
Still have questions? Reach us at info@hivecpq.com
How does authentication and multi-factor security work?
Hive CPQ uses SSO and multi-factor authentication, managed through Auth0, a reliable partner that handles MFA and SSO across multiple third-party providers.
As a manufacturer or admin, you create accounts and invite anyone who needs access to your environment. Role-Based Access Control means each user only sees what you allow, and administrative functions stay limited to authorized admins.
What security testing do you perform on Hive CPQ?
We run automated and manual security testing internally, plus yearly penetration testing by an authorised third party.
Where can I find your security policy and standards?
Our application security approach is documented on our documentation portal. Don’t have access yet? Request it.
How do you handle patches, especially security patches?
We update the platform with security patches regularly, daily when needed. Planned maintenance happens only at weekends, and we always tell you in advance. Urgent fixes can happen midweek, but we keep disruption to a minimum. You can check current status on our live status page.
How does Hive CPQ counter malware, spam, and malicious attacks?
We work only with subprocessors and third-party vendors — from email and hosting to authentication and invoicing — that meet strict security standards and protocols, as required by our ISO 27001 certification.
How does Hive CPQ handle incidents that could affect service?
With 24/7 monitoring, we detect and respond the moment an issue arises. Automated alerts notify our team, and depending on the incident, your dedicated Hive contact reaches out to you.
Our incident response plan kicks in: we prioritize the fix, keep the status page up to date, and run a post-mortem. Hive CPQ has an average uptime of 99.8% and is available seven days a week.
Do you have a disaster recovery plan?
Yes. Hive CPQ has a disaster recovery plan in place. We run regular backup and recovery tests, identify potential risks proactively, and follow clear procedures in line with ISO 27001.
Where is my data stored and processed?
All data is stored within the European Union, in our data centre in Germany, on secure cloud servers that meet modern security standards. Our headquarters is in Belgium, so your environment is set up and managed from there.
What is your data retention policy?
You stay in control of your data at all times. We retain it only while you actively use Hive CPQ. If you stop using the platform, we permanently delete all your data. If you return later, a full reinstallation and setup is required.
How is my data used to improve Hive CPQ?
We don’t use your data beyond what’s needed for implementation or support. You stay in control and can ask how your data is used, or request its deletion, at any time.
Want to help improve Hive CPQ? Submit feature requests, share feedback with our consultants, or report bugs through our support system.
What audits and controls are in place?
Hive CPQ is ISO 27001 certified. To maintain certification, we undergo annual surveillance audits and a full recertification every three years by independent security organization Kiwa. You can download the certificate.
How do you keep customer data separated?
Each customer’s data is stored separately, so only the people you invite to your environment can access it, based on the roles you assign them.
How do you cover GDPR implications?
Our ISO 27001 certification also covers GDPR. Because all our data is stored in Europe, European regulations apply. You can contact us anytime to ask how your data is used, where it’s stored, or to request its deletion.






