Privacy Policy
Effective: July 18, 2026 · Draft for early-access period
The short version: we are a custodian, not a data broker. We store your social data because you told us to, we show it only to you, we never sell it or train AI on it, and you can export or erase all of it whenever you choose.
1. What we collect
Data you give us directly
- Account details: email address, and password hash or OAuth identity.
- Waitlist and reservation details: email, optionally a social handle and plan preference.
- Billing details are processed by our payment provider; we never see full card numbers.
Data we preserve at your direction
- Content from social accounts you connect: posts, replies, media, and profile information.
- Statistics for those accounts: follower counts, views, and engagement, captured as periodic snapshots.
- Interaction context: which accounts engaged with your content (handle, display name, interaction counts, and timing). We deliberately collect the minimum needed to show you your own audience — no emails, no phone numbers, no private messages.
Data we collect automatically
- Basic logs and device information needed to run and secure the service. We use privacy-respecting analytics and no advertising trackers.
2. Why we process it (legal bases)
- Performing our contract with you — preserving the data you connect is the service itself (GDPR Art. 6(1)(b)).
- Legitimate interests — limited processing of third-party interaction data (e.g., a commenter's handle) so you can see your own audience history. We have assessed this interest against those users' rights and minimize what we store (GDPR Art. 6(1)(f)).
- Consent — for anything optional, which you can withdraw at any time.
3. What we never do
- We never sell your data or share it with advertisers.
- We never use the contents of your vault to train AI models.
- We never post, message, or act on your social accounts.
- We never ask for your social media passwords.
4. Storage, security, and international transfers
- Vault data is encrypted in transit and at rest, and hosted with reputable cloud providers whose servers may be located in the United States and other countries. By using the service you acknowledge this cross-border storage; where GDPR or similar laws apply, we rely on standard contractual clauses or equivalent safeguards.
- Access to production data is restricted, logged, and limited to what operating the service requires.
5. Retention and deletion
- Your vault is kept for as long as your account is active.
- If you disconnect a social account or delete your Hypekept account, the associated vault data is deleted permanently within 30 days.
- After a subscription ends, vault data remains exportable for 90 days and is then deleted.
- When a platform notifies us that you deleted content or revoked access (deletion callbacks), we honor the platform's data-deletion requirements for that data. Content you authored and asked us to preserve remains in your vault, consistent with your instruction to us as your archive service.
6. Your rights
Depending on where you live (GDPR, UK GDPR, CCPA, Korea's PIPA, and similar laws), you have the right to access, correct, export, restrict, object to, or delete your personal data. You can exercise most of these directly in the product — export and delete are one click — or by emailing us.
If you are not a Hypekept user but believe your public interactions (such as a comment handle) appear in someone's vault, contact us at privacy@hypekept.com and we will review and, where required, remove that data.
7. Cookies
We use only essential cookies for login sessions and security. No advertising or cross-site tracking cookies.
8. Children
The service is not directed at children under 16, and we do not knowingly collect their data.
9. Changes and contact
If we make material changes, we'll email you at least 14 days in advance. Questions or requests: privacy@hypekept.com
Hypekept is not affiliated with Meta Platforms, Inc. Platform names are used only to describe compatibility.
