Skip to content

Compliant by design.

Hive CPQ is built to meet the regulations and standards your industry runs on, so your processes stay audit-ready all year round.

Iso test png

ISO 27001 certified.

ISO 27001 is the international standard for information security, protecting your records against loss, unauthorised access and tampering. Kiwa, an independent security organisation, audits us every year and fully recertifies us every three years.

Download our certificate
Gdpr test png

GDPR compliant.

Hive CPQ meets every GDPR requirement, and we keep our data protection processes sharp and up to date. Because all data is stored in Europe, European privacy law applies automatically.

Download our DPA

Safe and sound.

Security runs through every layer of Hive CPQ, from how your team logs in to how we test the platform.

Access controls.

  • Single Sign-On
    One secure login, using existing company credentials.

  • Multi-factor authentication
    Only verified users gain access to your environment.

  • Role-Based Access Control
    Users access only what their permissions allow.

Thorough testing.

  • Continuous security testing
    Regular testing finds risks before they reach you.

  • Regular updates and patches
    Continuous patches keep the platform secure and current.

  • Independent specialists
    External security experts check and strengthen our setup.

  • Yearly penetration testing
    OWASP-based pen tests find and fix vulnerabilities.

  • Intrusion detection and prevention
    These systems add an extra layer of protection.

Always on.

Hive CPQ is built for stability, with continuous monitoring and proactive maintenance that keep your environment live, 24/7.

  • 24/7 monitoring. We detect and respond to issues the moment they arise.

  • Seven days a week. Hive CPQ is available around the clock, every day of the week.

  • Live status page. 99.8% average uptime.

Check platform status in real-time

Ready for anything.

If something does go wrong, we have the plan and the safeguards to put it right fast.

Incident response.

  • We prioritize the fix, update the status and run a post-mortem.

Data loss prevention.

  • Active measures guard against accidental or malicious data leaks.

Frequent backups.

  • Regular backups mean quick data recovery if it is ever needed.

Maintenance.

  • We notify you in advance and log every change in our release notes.

Minimal disruption.

  • We deploy urgent fixes midweek, with minimal disruption.

Security training.

  • Our team receives regular training to stay current on best practices.

Frequently asked questions

Detailed answers on security, privacy, compliance and reliability. Can’t find your answer below?

Still have questions? Reach us at info@​hivecpq.​com

How does authentication and multi-factor security work?

Hive CPQ uses SSO and multi-factor authentication, managed through Auth0, a reliable partner that handles MFA and SSO across multiple third-party providers. 

As a manufacturer or admin, you create accounts and invite anyone who needs access to your environment. Role-Based Access Control means each user only sees what you allow, and administrative functions stay limited to authorized admins.

What security testing do you perform on Hive CPQ?

We run automated and manual security testing internally, plus yearly penetration testing by an authorised third party.

Where can I find your security policy and standards?

Our application security approach is documented on our documentation portal. Don’t have access yet? Request it.

How do you handle patches, especially security patches?

We update the platform with security patches regularly, daily when needed. Planned maintenance happens only at weekends, and we always tell you in advance. Urgent fixes can happen midweek, but we keep disruption to a minimum. You can check current status on our live status page.

How does Hive CPQ counter malware, spam, and malicious attacks?

We work only with subprocessors and third-party vendors — from email and hosting to authentication and invoicing — that meet strict security standards and protocols, as required by our ISO 27001 certification.

How does Hive CPQ handle incidents that could affect service?

With 24/7 monitoring, we detect and respond the moment an issue arises. Automated alerts notify our team, and depending on the incident, your dedicated Hive contact reaches out to you. 

Our incident response plan kicks in: we prioritize the fix, keep the status page up to date, and run a post-mortem. Hive CPQ has an average uptime of 99.8% and is available seven days a week.

Do you have a disaster recovery plan?

Yes. Hive CPQ has a disaster recovery plan in place. We run regular backup and recovery tests, identify potential risks proactively, and follow clear procedures in line with ISO 27001.

Where is my data stored and processed?

All data is stored within the European Union, in our data centre in Germany, on secure cloud servers that meet modern security standards. Our headquarters is in Belgium, so your environment is set up and managed from there.

What is your data retention policy?

You stay in control of your data at all times. We retain it only while you actively use Hive CPQ. If you stop using the platform, we permanently delete all your data. If you return later, a full reinstallation and setup is required.

How is my data used to improve Hive CPQ?

We don’t use your data beyond what’s needed for implementation or support. You stay in control and can ask how your data is used, or request its deletion, at any time. 

Want to help improve Hive CPQ? Submit feature requests, share feedback with our consultants, or report bugs through our support system.

What audits and controls are in place?

Hive CPQ is ISO 27001 certified. To maintain certification, we undergo annual surveillance audits and a full recertification every three years by independent security organization Kiwa. You can download the certificate.

How do you keep customer data separated?

Each customer’s data is stored separately, so only the people you invite to your environment can access it, based on the roles you assign them.

How do you cover GDPR implications?

Our ISO 27001 certification also covers GDPR. Because all our data is stored in Europe, European regulations apply. You can contact us anytime to ask how your data is used, where it’s stored, or to request its deletion.

Hive logo

The right choice.

Excited to see what your new CPQ can really do? Explore the ins and outs of Hive CPQ in a 30-day free trial.