NEW Hero Image Trust Center 1

Trust center

You want a CPQ solution that you can trust. That’s why Hive focuses on security, reliability, and transparency in everything we do. Our platform is ISO certified, GDPR compliant, and built to keep your data safe. Count on us as a reliable partner.

Compliance

We help you stay compliant. Hive CPQ is designed to meet key industry regulations and global laws, so you can trust your processes are always audit-ready.

ISO 27001 certified

The ISO 27001 standard helps ensure your records are protected against loss, unauthorized access, or tampering. We undergo yearly audits and full recertification every three years by Kiwa, an independent security organization. Download our certificate here.

GDPR compliant

Hive CPQ meets all GDPR requirements. We make sure to keep our data protection processes sharp and up-to-date.

NEW Compliance

Security

Access controls

  • Single Sign-On allows your users to log in easily and securely using their existing company credentials.
  • Multi-factor authentication ensures only verified users get access.
  • Role-Based Access Control ensures users only see what they need to see, according to their permissions.
3 Security Access controls

Thorough testing

  • By regularly security testing our platform, we detect and address security risks before they become problems.

  • Our team keeps the platform up to date with regular software updates and patches.

  • Hive CPQ is tested by independent security specialists to check and strengthen our security setup.

  • We perform yearly external pen testing (based on OWASP standards) to identify and fix vulnerabilities proactively.

  • We have intrusion detection and prevention systems in place as additional security measures.

4 Security Thorough testing

Privacy and data

We handle personal and business data with care, and store it securely in line with industry standards.

  • All data is encrypted (both in transit and at rest) for full protection.

  • Your Hive CPQ environment is hosted in the cloud, allowing for strong security and high availability.

  • All data is stored in our data center in Germany, meaning European privacy laws like the GDPR apply.

  • We work with a limited number of carefully selected subprocessors.


Data Processing Agreement

Want more details on how we process and protect your data?

Availability

You want a CPQ platform you can count on. Hive CPQ is built for stability, with continuous monitoring and proactive maintenance so your environment is live, 24/7.

  • With an average uptime of 99,8%, Hive CPQ is available 7 days a week.

  • On our live status page, you can check platform status in real time.

  • With our 24/7 monitoring, we can detect and respond to issues the moment they arise.

6 Availability

Reliability

  • In the unlikely event something goes wrong, our incident response plan kicks in: we prioritize fixing the issue, update the status page and conduct a post-mortem. 

  • We take active data loss prevention measures, to prevent accidental or malicious data leaks.

  • We make frequent backups to ensure quick data recovery if needed.

  • Planned maintenance only occurs during weekends, and we’ll always inform you in advance. In our release notes, you can always see what’s new.

  • Urgent fixes can happen during the week, but we limit disruptions to a minimum.

  • Our employees regularly receive security training to stay informed about the latest security practices.

7 Reliability

Want to see how Hive CPQ puts reliability into practice?

Still in need of help? Our support team is available whenever you need us. Simply get in touch if you have any more questions regarding security, privacy, compliance or reliability.

Frequently Asked Questions: Access controls

What does the authentication process and multi factor security look like?

We offer SSO and multi-factor authentication. Our secure authentication process is managed by Auth0, a reliable partner that handles multi-factor authentication and SSO with multiple third-party providers. 

As Manufacturer or Admin, you can create accounts and send out invites to whoever needs access to your CPQ environment. Thanks to our Role-Based Access Control, your users will only see what they need to see, based on which permissions you grant them. Access to administrative functions is strictly limited to authorized admin users.

FAQ: Security features & testing

What security testing is performed on the base configuration of Hive CPQ?

We do automated and manual security testing internally, as well as yearly pen testing by an authorized third party.

Do you have a security policy which defines your security framework and standards?

Our application security approach can be found on our documentation portal. Don’t have access yet? Request your access here.

What is your approach to releasing patches, especially security patches?

We regularly update the application with security patches. They can happen daily if necessary. Planned maintenance only occurs during weekends, and we’ll always inform you in advance. Urgent fixes can happen during the week, but we do our best to limit disruptions to a minimum. You can always view our current status on our platform status page.

FAQ: Threat protection

How does Hive CPQ counter malware, spam & malicious attacks?

We only work with subprocessors and third party vendors – from email providers to hosting, authentication and invoicing – who meet strict security standards and protocols, as required by our ISO27001 certification.

How does Hive CPQ handle security incidents which may impact service?

With our 24/7 monitoring, we can detect and respond to issues the moment they arise: we have automated notifications in case something happens, and depending on the incident, your Hive point of contact will reach out to you. In the unlikely event something goes wrong, our incident response plan kicks in: we prioritize fixing the issue, keeping the status page up-to-date and conducting a post-mortem. Hive CPQ has an average uptime of 99,8%. Hive CPQ is available 7 days a week.

Do you have a disaster recovery plan?

Yes, Hive CPQ has a disaster recovery plan in place. We perform regular backup and recovery tests, proactively identify potential risks and follow clear procedures to keep everything under control, all in line with ISO27001 standards.

FAQ: Data management and compliance

Where is the data stored and processed?

All data is stored within the European Union, on secure cloud servers that meet modern security standards. Our headquarters is based in Belgium, so your CPQ environment is set up and managed from there as well.

What is your data retention policy?

You stay in control of your data at all times. We only retain your data while you’re actively using Hive CPQ. If you choose to stop using the platform, all your data will be permanently deleted. Should you decide to return later, a full reinstallation and setup is required.

How is my data used to improve the Hive CPQ product?

We don’t use your data beyond what’s needed for implementation or support. You stay in control at all times and can always ask how your data is used or request its deletion whenever you like. Want to help improve Hive CPQ? You’re always welcome to submit feature requests and share feedback with our consultants, or report bugs to our support team via our support system.

What general audits or controls do you have in-place?

Hive CPQ is ISO 270001 certified. To maintain our certification, we undergo annual surveillance audits, and a full recertification audit every three years conducted by independent security organization Kiwa. The certificate can be downloaded here.

How do you ensure client data separation and segregation?

All customer data is stored in different locations, so only people that you invite to the CPQ environment have access to your data, according to which roles you assign to them.

How would you cover any GDPR implications?

Our ISO 27001 certification also covers GDPR. As all our data is stored in Europe, European regulations apply. You can contact us at any time to ask how your data is used, where it is stored, or to request its deletion.

Get in touch if you have any questions

Do you have any questions regarding security, privacy, compliance or reliability? Do you need more information, would you like to access or delete your data or would you like to have access to our documentation portal? Contact us here, and we’ll get back to you shortly.