Overview
This article covers everything you need to know about how Hive keeps your data safe — from the network permissions it needs on your computer, to how your account is protected, to how your video and audio streams are encrypted in transit.
Whether you're an owner managing a team, a producer running a live session, or a viewer watching a feed, Hive enforces strict access controls so that only the right people can see and do the right things.
What you need
A Hive account (email or Google sign-in)
The Hive desktop application installed (for firewall/network permission features)
An internet connection
Network Permissions and Firewall Setup
What this does
When you first launch Hive on your desktop, the app needs permission to communicate over your local network. This is how Hive discovers and connects to cameras, encoders, and other devices on your network.
On Windows, Hive configures your Windows Firewall to allow its components to send and receive network traffic. On macOS, the operating system handles network permissions differently — Hive does not need to modify firewall rules, so you won't see a firewall prompt.
How to grant network permission
When you first open Hive, a permissions setup modal appears with the title "Let's get your Studio setup!"
You'll see a list of permissions Hive needs: Network, Camera, Microphone, and Application Startup.
Next to Network, click the Allow button.
On Windows, a system prompt (User Account Control) may appear asking you to confirm the firewall changes. Click Yes to proceed.
Once allowed, a checkmark icon appears next to Network.
Click Continue to finish setup.
What you'll see
State | What it looks like |
Not yet granted | An Allow button appears next to "Network" |
Granted | A checkmark icon replaces the Allow button |
Denied / Failed | A red error callout appears: "Permission is required. Please press allow again to accept." |
Network permission is required — you cannot skip it. Camera and Microphone permissions must be interacted with but can be denied. Application Startup is optional and can be ignored entirely.
Re-prompting behavior
If you've already seen the permissions modal once and your core permissions (Camera, Microphone, Network) are all granted, Hive will not show the modal again on subsequent launches. If any core permission is missing, the modal may reappear — but you can skip it after the first time.
Account Security
Sign-in methods
Hive supports two ways to sign in:
Email and password — standard email-based login
Google sign-in — uses Google OAuth2
Both methods go through a secure, industry-standard authentication flow. Your credentials are never stored directly by Hive; authentication is handled by a trusted third-party identity provider.
Session management
When you sign in, Hive stores a secure access token on your device. This token automatically refreshes in the background so you stay signed in. If the token expires and cannot be refreshed (for example, if your refresh token has been revoked), you'll be signed out and returned to the login screen.
Session states you may experience:
Authenticated — You're signed in and ready to use Hive.
Pending — Hive is verifying your credentials (e.g., refreshing an expired token). You'll see a loading screen briefly.
Unauthenticated — You need to sign in. This happens on a fresh install, after logging out, or if your session has expired beyond recovery.
Two-Factor Authentication (2FA / MFA)
You can add an extra layer of security to your account by enabling two-factor authentication.
To enable 2FA:
Go to your Account Settings.
Find the Security section.
Click Enable 2FA.
You'll be redirected to a setup page in your browser where you can enroll an authenticator app or other supported method.
Once enrolled, your account will require a second factor at sign-in.
To disable 2FA:
Go to your Account Settings.
In the Security section, click Disable 2FA.
All enrolled authentication methods will be removed.
Your 2FA status is visible in your account profile.
Roles and Access Control
Hive uses a role-based permission system. Every user who accesses a room or organization is assigned a role that determines what they can and cannot do.
Available roles
Role | Description |
Owner | Full control. Can manage billing, delete rooms/organizations, and do everything an Admin can. |
Admin | Can control all sources, invite users, manage memberships, edit room and organization settings. |
Producer | Can control sources and publish media, but cannot invite users, manage memberships, or change settings. |
Viewer | Can view media streams but cannot control sources, invite users, or change any settings. |
What each role can do in a room
Action | Owner | Admin | Producer | Viewer |
View room info | Yes | Yes | Yes | Yes |
View media streams | Yes | Yes | Yes | Yes |
Control sources | Yes | Yes | Yes | No |
Publish media | Yes | Yes | Yes | No |
Edit room settings | Yes | Yes | No | No |
Delete room | Yes | Yes | No | No |
Invite users | Yes | Yes | No | No |
Manage members | Yes | Yes | No | No |
Link devices | Yes | Yes | No | No |
Change billing | Yes | Yes | No | No |
Account isolation
Each user's account is fully isolated. You can only access your own account data — no user can view or modify another user's profile, email, or security settings. Device-scoped tokens (used by Hive hardware) are also restricted and cannot perform account-level actions like changing passwords or accessing refresh tokens.
Sharing and Invitations
Inviting by email
Owners and Admins can invite others to a room by entering their email address. You choose a role (Admin, Producer, or Viewer) for each invitee. The invitee receives an email with a link to join.
Inviting by link
Owners and Admins can also create a shareable invite link. Anyone with the link can join the room at the role you specify. You can:
Copy the link to share it
Change the role associated with the link
Delete the link to permanently disable it — users will no longer be able to join using that link
Collaborator limits
The number of collaborators you can invite to a room may be limited by your plan. When you reach the limit, the invite input is disabled and you'll see a message: "You've reached the maximum number of collaborators."
Encryption and Data Protection
Connections
All connections between Hive and its cloud services use TLS (Transport Layer Security) with a minimum version of TLS 1.2. This means your data is encrypted in transit and protected from eavesdropping.
Media streams
Video and audio streams are protected using SRTP (Secure Real-time Transport Protocol) with AES-GCM encryption. This is the industry standard for securing real-time media.
End-to-end encryption (E2EE)
Hive supports end-to-end encryption for media streams. When E2EE is enabled, audio and video frames are encrypted on the sender's device and can only be decrypted by authorized recipients. Even the server cannot read the media content. E2EE uses AES-GCM encryption with key ratcheting for forward secrecy.
What happens if…
…you close the Hive app without logging out?
Your session remains active. The next time you open Hive, you'll be signed back in automatically (assuming your token hasn't expired).
…your internet connection drops?
Hive will attempt to reconnect. Local device connections may continue to work. Cloud features (remote viewing, invitations) will be unavailable until your connection is restored.
…you deny the Network permission on Windows?
Hive will not be able to discover or connect to local devices. You'll see an error callout prompting you to press "Allow" again. You can re-trigger the permission from the setup flow.
…someone tries to access your account?
Each account is isolated. No other user can view or modify your account data. Enabling 2FA adds an additional barrier against unauthorized access.
…an invite link is shared with someone you didn't intend?
You can delete the invite link at any time. Once deleted, it is permanently disabled and no one can use it to join.
…you're a Viewer and try to control a source?
You won't see the controls. The permission system prevents Viewers from performing actions like controlling sources, publishing media, or changing settings.
Troubleshooting
Symptom | Likely cause | Fix |
"Permission is required" error for Network | Firewall permission was not granted or was denied | Click Allow again in the permissions modal. On Windows, accept the system prompt. |
Can't discover local devices | Network permission not granted, or devices are on a different network | Ensure Network permission is allowed and that your devices are on the same local network as your computer. |
Signed out unexpectedly | Session token expired and could not be refreshed | Sign in again. If this happens frequently, check your internet connection. |
"Failed to enroll MFA" error | Network issue or authentication problem | Try again. Ensure you're connected to the internet and signed in. |
"Can't add more collaborators" | You've reached your plan's collaborator limit | Upgrade your plan or remove existing collaborators to make room. |
Camera or Microphone permission denied | Permission was denied at the OS level | Go to your system's Privacy & Security settings and enable Camera/Microphone access for Hive. |
FAQ
Q: Does Hive store my password?
A: No. Authentication is handled by a secure third-party identity provider. Hive only stores session tokens locally on your device.
Q: Is my video encrypted?
A: Yes. All media streams are encrypted using SRTP (AES-GCM). Hive also supports end-to-end encryption (E2EE) where even the server cannot access your media content.
Q: What roles can I assign when inviting someone?
A: You can assign Admin, Producer, or Viewer. Only Owners and Admins can send invitations.
Q: Can I change someone's role after inviting them?
A: Yes. Owners and Admins can update a collaborator's role or remove them from the room.
Q: Do I need to configure my firewall manually?
A: No. On Windows, Hive automatically configures the necessary firewall rules when you click "Allow" during setup. On macOS, no firewall configuration is needed.
Q: What is two-factor authentication and should I enable it?
A: Two-factor authentication (2FA) adds a second verification step when you sign in — typically a code from an authenticator app. It's strongly recommended for added security.
Q: Can a Producer invite other users?
A: No. Only Owners and Admins can invite users or create invite links.
Q: What happens if I delete an invite link?
A: The link is permanently disabled. Anyone who tries to use it will no longer be able to join.
Q: Does Hive work behind a corporate firewall or VPN?
A: Hive requires outbound internet access for cloud features. If your organization uses a restrictive firewall or proxy, you may need to allow Hive's network traffic. Contact your IT administrator if you experience connectivity issues.
Q: Is my account data visible to other users?
A: No. Account data is fully isolated. Other users cannot see your email, profile, or security settings.