Privacy Policy

Last Updated: April 2, 2026
Effective Date: April 2, 2026

Hypeon AI ("Hypeon," "we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy provides a comprehensive explanation of how we collect, use, process, store, share, and safeguard your information when you access our website, use our products, or interact with our services.

This Privacy Policy has been drafted to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant privacy regulations.

By accessing or using our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, you must discontinue use of our services immediately.

1. About Us

Legal Entity: HYPEON INC

Registered Address:
28 Geary St, Ste 650, Suite #167
San Francisco, CA 94108
United States

Data Protection Contact: info@hypeon.ai

For the purposes of the GDPR and other applicable data protection laws, Hypeon AI acts as the Data Controller for personal data collected through our website and services, unless otherwise specified in a separate data processing agreement.

2. Definitions

To ensure clarity, the following terms are used throughout this policy:

  • "Personal Data" means any information that identifies, relates to, describes, or could reasonably be linked to a particular individual or household.
  • "Processing" means any operation performed on Personal Data, including collection, recording, storage, modification, retrieval, use, disclosure, or deletion.
  • "Data Subject" means any identified or identifiable natural person whose Personal Data is processed.
  • "Services" means our website, platform, products, tools, APIs, dashboards, and all related features.
  • "Third Party" means any entity other than the Data Subject, the Data Controller, or authorized Data Processors.

3. Scope of This Policy

This Privacy Policy applies to:

  • Our website located at hypeon.ai and any subdomains
  • All Hypeon AI products, platforms, tools, and APIs
  • AI-powered features, analytics dashboards, and reporting tools
  • Marketing, sales, customer support, and onboarding communications
  • Data collected through forms, surveys, events, and integrations

This policy does not apply to:

  • Third-party websites, applications, or services linked from our platform
  • Data collected by third-party integrations you connect independently
  • Information collected by partners or vendors under their own privacy policies

We encourage you to review the privacy policies of all third parties you interact with through or alongside our Services.

4. Information We Collect

4.1 Information You Provide Directly

When you register for an account, subscribe to a plan, make a purchase, submit a form, or communicate with us, you may voluntarily provide:

  • Identity Data: Full name, username, or similar identifier
  • Contact Data: Email address, phone number, mailing address
  • Professional Data: Company name, job title, department, industry
  • Financial Data: Billing address, payment card details, bank account information (processed through secure third-party payment processors)
  • Account Data: Login credentials, account preferences, and settings
  • Communication Data: Messages, inquiries, feedback, support tickets, and survey responses
  • Content Data: Files, documents, or data you upload to our platform

4.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain technical and usage data, including:

  • Network Data: IP address, internet service provider, and general geolocation (city/region level)
  • Device Data: Device type, model, unique device identifiers, operating system, and screen resolution
  • Browser Data: Browser type, version, language preference, and plug-in details
  • Usage Data: Pages visited, features accessed, actions taken, click paths, session duration, frequency of use, and timestamps
  • Referral Data: Referring URLs, search terms, and exit pages
  • Performance Data: Page load times, errors encountered, and diagnostic data

4.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies to collect information and enhance your experience. Our tracking technologies fall into the following categories:

  • Strictly Necessary Cookies: Essential for the operation of our website. These cannot be disabled without breaking core functionality. They enable services such as authentication, security, and session management.
  • Performance and Analytics Cookies: Help us understand how visitors interact with our platform by collecting aggregated, anonymized usage data. We use tools such as Google Analytics and similar services.
  • Functional Cookies: Remember your preferences, settings, and choices (such as language or region) to provide a more personalized experience.
  • Marketing and Advertising Cookies: Used to deliver relevant advertisements and track the effectiveness of marketing campaigns. These may be set by us or third-party advertising partners.

Managing Cookies: You can manage your cookie preferences through your browser settings or through any cookie consent banner we provide. Please note that disabling certain cookies may limit the functionality of our platform. For more information on specific cookies we use, contact us at info@hypeon.ai.

4.4 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Business partners, resellers, and referral programs
  • Marketing and analytics providers
  • Publicly available databases and directories
  • Social media platforms (when you interact with our profiles or use social login)

We combine this information with data we collect directly to improve the accuracy and relevance of our Services.

5. Legal Bases for Processing (GDPR)

Where the GDPR applies, we process your Personal Data on one or more of the following legal bases:

  • Consent: You have given clear, informed consent for specific processing activities (e.g., marketing emails, optional analytics).
  • Contractual Necessity: Processing is necessary to perform or enter into a contract with you (e.g., account creation, service delivery, billing).
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms (e.g., platform improvement, fraud prevention, security monitoring).
  • Legal Obligation: Processing is necessary to comply with applicable laws, regulations, or legal proceedings.

You may withdraw your consent at any time by contacting us at info@hypeon.ai. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

6. How We Use Your Information

We use the information we collect for the following purposes:

6.1 Service Delivery and Operations

  • Providing, operating, and maintaining our platform and Services
  • Creating and managing your user account
  • Processing transactions, subscriptions, and billing
  • Delivering AI-driven insights, analytics, reports, and recommendations
  • Providing customer support and responding to inquiries

6.2 Improvement and Development

  • Analyzing usage patterns to improve platform performance, features, and user experience
  • Conducting research and development for new products and capabilities
  • Testing and debugging our software and infrastructure
  • Training and improving our AI models using aggregated, anonymized data

6.3 Communication

  • Sending transactional messages (account confirmations, password resets, billing receipts)
  • Providing product updates, feature announcements, and service notifications
  • Sending marketing and promotional communications (only where you have opted in or where permitted by law)
  • Requesting feedback through surveys or user research

6.4 Security and Compliance

  • Detecting, investigating, and preventing fraud, abuse, unauthorized access, and security threats
  • Enforcing our Terms of Service and other agreements
  • Complying with applicable laws, regulations, tax requirements, and legal processes
  • Responding to lawful requests from government authorities

We do not sell your Personal Data to any third party, and we never will.

7. AI and Data Processing

Hypeon AI uses artificial intelligence and machine learning technologies to analyze structured and aggregated data, generating insights related to products, keywords, pricing trends, and advertising performance.

7.1 How AI Processes Your Data

  • Our AI models analyze aggregated datasets to identify patterns, trends, and opportunities.
  • Customer-specific data is logically isolated within our systems and is not shared across customer accounts.
  • AI outputs (such as insights and recommendations) are generated based on patterns in data, not by exposing raw Personal Data.

7.2 Model Training Practices

  • We do not use personally identifiable information to train our AI models without your explicit, informed consent.
  • Where applicable, data used for model training is anonymized or aggregated to remove personally identifying characteristics.
  • We conduct regular audits of our AI systems for accuracy, bias, and privacy compliance.

7.3 Third-Party AI Services

  • Any third-party AI models or services we use operate under strict contractual agreements, including data processing agreements (DPAs) that enforce confidentiality, security, and data protection standards.
  • Third-party AI providers are prohibited from using your data for their own purposes, including training their own models, unless explicitly disclosed and authorized.

7.4 Automated Decision-Making

  • Our platform may use automated processing to deliver insights and recommendations.
  • We do not engage in fully automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards and the right to human review.
  • If you have concerns about automated processing, you may contact us to request human review of any decision.

8. Data Sharing and Disclosure

We do not sell, rent, or lease your Personal Data. We share your information only in the following limited circumstances:

8.1 Service Providers and Processors

We engage trusted third-party vendors to help us operate and improve our Services, including providers of cloud hosting, payment processing, email delivery, analytics, customer support tools, and security monitoring. These providers act as Data Processors under contractual obligations that require them to protect your data, process it only as instructed, and delete it upon termination of the relationship.

8.2 Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to comply with applicable laws, regulations, legal processes, subpoenas, court orders, or enforceable government requests.

8.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred as part of that transaction. We will notify you of any such change and ensure the receiving entity is bound by the terms of this Privacy Policy or an equally protective one.

8.4 Protection of Rights

We may disclose information where we believe it is necessary to protect the rights, property, or safety of Hypeon AI, our users, or the public — including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

8.5 With Your Consent

We may share your information with specific third parties when you have provided explicit, informed consent to do so.

9. Data Security

We implement comprehensive technical and organizational security measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Safeguards

  • Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 or equivalent standards.
  • Access Controls: Role-based access control (RBAC) ensures that only authorized personnel with a legitimate need can access Personal Data.
  • Authentication: Multi-factor authentication (MFA) is enforced for all internal systems and administrative access.
  • Infrastructure: Our platform is hosted on secure, SOC 2-compliant cloud infrastructure with redundancy and failover capabilities.

9.2 Organizational Safeguards

  • All employees and contractors with access to Personal Data are bound by confidentiality agreements.
  • We conduct regular security awareness training for our team.
  • We perform periodic risk assessments, vulnerability scans, and penetration tests.
  • We maintain an incident response plan to address data breaches promptly and effectively.

9.3 Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours (where required by the GDPR) and notify affected individuals without undue delay, providing information about the nature of the breach, the data affected, and the steps we are taking to address it.

Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You acknowledge and accept this inherent risk when using our Services.

10. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes described in this policy, subject to the following principles:

  • Active Accounts: We retain your data for the duration of your active account or business relationship with us.
  • Post-Termination: After account closure, we may retain certain data for a reasonable period to comply with legal obligations, resolve disputes, enforce agreements, and maintain business records.

Specific Retention Periods:

  • Account and identity data: retained for the duration of the account plus 3 years after closure
  • Financial and billing records: retained for 7 years to comply with tax and accounting obligations
  • Usage and analytics data: retained in anonymized form for up to 3 years
  • Marketing preferences: retained until you withdraw consent or unsubscribe
  • Support communications: retained for 2 years after resolution

Once data is no longer required, we securely delete or irreversibly anonymize it. You may request early deletion at any time, subject to applicable legal requirements.

11. Your Privacy Rights

11.1 Rights Under GDPR (European Economic Area, United Kingdom, and Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

  • Right of Access: Request a copy of the Personal Data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): Request deletion of your Personal Data, subject to legal exceptions.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

11.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

  • Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected about you, the sources, the purposes, and the third parties with whom we have shared it.
  • Right to Delete: Request deletion of your Personal Data, subject to legal exceptions.
  • Right to Correct: Request correction of inaccurate Personal Data.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share your Personal Data for cross-context behavioral advertising. If this practice changes, we will provide a clear opt-out mechanism.
  • Right to Limit Use of Sensitive Personal Information: Request limitations on how we use sensitive data categories.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Categories of Personal Information Collected (preceding 12 months): Identifiers, commercial information, internet/electronic activity, professional information, and inferences drawn from the above.

Categories of Personal Information Sold or Shared: None.

11.3 Exercising Your Rights

To exercise any of the above rights, contact us at info@hypeon.ai. We will verify your identity before processing your request. We aim to respond within 30 days (or within the timeframe required by applicable law). If we need additional time, we will notify you of the delay and the reason.

You may also designate an authorized agent to make requests on your behalf, provided you supply written authorization and we can verify your identity.

12. International Data Transfers

Hypeon AI is based in the United States. Your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

Where we transfer Personal Data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreements (IDTAs) where applicable
  • Data Processing Agreements (DPAs) with all sub-processors
  • Adequacy decisions where the destination country has been recognized as providing adequate protection

If you have questions about the specific mechanisms we use to safeguard international transfers, please contact us at info@hypeon.ai.

13. Children's Privacy

Our Services are not directed at or intended for individuals under the age of 18. We do not knowingly collect, solicit, or process Personal Data from children.

If we become aware that we have collected Personal Data from a child without verified parental or guardian consent, we will take immediate steps to delete that data from our systems.

If you believe that a child has provided us with Personal Data, please contact us immediately at info@hypeon.ai.

14. Third-Party Links and Integrations

Our platform may contain links to third-party websites, plugins, applications, or services that are not operated or controlled by Hypeon AI. We are not responsible for the privacy practices, security, or content of these third parties.

When you leave our platform or interact with third-party services, this Privacy Policy no longer applies. We strongly recommend reviewing the privacy policies of any third-party services before providing them with your Personal Data.

15. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) feature that sends a signal to websites you visit indicating that you do not wish to be tracked. There is currently no universally accepted standard for how companies should respond to DNT signals.

At this time, our Services do not respond to DNT signals. However, you can manage your tracking preferences through our cookie settings or your browser configuration.

16. Email and Marketing Communications

We may send you promotional or marketing communications if you have opted in or where permitted by applicable law. Every marketing email we send includes an unsubscribe link. You may opt out at any time by clicking that link or by contacting us at info@hypeon.ai.

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages (such as account confirmations, security alerts, and billing notifications).

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make material changes, we will:

  • Revise the "Last Updated" date at the top of this page
  • Post the updated policy on our website
  • Where required by law, notify you via email or an in-platform notification before the changes take effect

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acceptance of the revised policy.

18. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@hypeon.ai

Mail:
HYPEON INC
28 Geary St, Ste 650, Suite #167
San Francisco, CA 94108
United States

We aim to respond to all inquiries within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.