Skip to main content

Privacy Policy

Last updated: June 8, 2026

Effective for all accounts created on or after May 7, 2026. The meeting-transcription disclosures in Sections 4 and 6 are effective May 31, 2026. The payment, escrow, and identity-verification disclosures are effective June 8, 2026.

1. Who We Are

Hypear AI is operated by Alun Creative LLC, a Florida limited liability company d/b/a Hypear ("Hypear AI," "Hypear," "we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and share information about you when you use hypear.ai (the "Platform"). If you have questions, contact us at support@hypear.ai.

2. Information We Collect

Information you provide directly

  • Account data: email address, password (stored as a bcrypt hash — never in plaintext), name, and username.
  • Creator profile: biography, location, country, social media handles (Instagram, Pinterest, Higgsfield, LinkedIn, X, TikTok, website), specializations, industries, collaboration preferences, and availability status.
  • Portfolio content: images, videos, campaign metadata, and any optional captions or descriptions you upload.
  • Brand profile: company name, website URL, and brief descriptions of your creative needs.
  • Messages and applications: free-text pitch messages and direct messages exchanged between brands and creators on the Platform.
  • AI agent conversations: chat messages you send to and receive from the Hypear AI Agent.
  • Meeting transcripts: when you schedule or join a video meeting through the Platform and consent to transcription, we generate and store a written transcript of the call. We do not retain the meeting audio or video. See Section 6.

Information collected automatically

  • Usage data: pages visited, features used, clicks, and session timing, collected by PostHog (see Section 4).
  • Device and network data: IP address (used for rate-limiting and fraud prevention), browser type, and operating system.
  • Authentication cookies: session tokens used to keep you signed in. We do not use advertising cookies.

Information from third parties

  • Google OAuth: if you sign in with Google we receive your name, email address, and profile picture from Google. We do not receive your Google password.
  • Kajabi community data: for the purpose of verifying that creator applicants are members of the Alun Creative AI Creators Hub, we maintain a read-only mirror of Kajabi community member names and email addresses in our database. This data is sourced from the Alun Creative Kajabi site and is refreshed periodically by an internal sync process.

Payment, identity, and transaction data

When you transact on the Platform, our licensed third-party payment and escrow processor collects information needed to process payments, verify identity, and meet legal obligations. For creators receiving payouts, this includes identity-verification ("Know Your Customer") information such as legal name, date of birth, address, government-issued identification, and tax-onboarding information (for example, a W-9 or W-8 and a taxpayer identification number) and payout/bank account details. For brands funding projects, this includes billing and payment-instrument information. This information is collected and held by the payment processor; Hypear receives only the limited transaction and status information needed to administer the marketplace.

Transaction and escrow data: project identifiers, Project Price and Platform Fee amounts, escrow funding and release events, acceptance/approval timestamps, refunds, and dispute records.

3. How We Use Your Information

  • Operate, maintain, and improve the Platform and its features.
  • Match creators with brand opportunities and display creator profiles to potential brand partners.
  • Verify your identity and, for creators, confirm membership in the Alun Creative AI Creators Hub.
  • Send transactional and service emails (account verification, password reset, new brief notifications, application updates, and direct message alerts).
  • Power the AI Agent features described in Section 5, including generating and storing personalized "memories" from your conversations.
  • Generate internal transcripts of consented Platform meetings to improve brand–creator matching and the quality of the Platform, as described in Section 6.
  • Process project payments, hold and release escrow funds, and pay creators.
  • Verify identity, prevent fraud and money laundering, and meet "Know Your Customer" obligations through our payment processor.
  • Prepare and file tax information (for example, IRS Form 1099) and otherwise comply with tax and financial-record laws.
  • Detect and prevent fraud, abuse, and security incidents, and enforce our Terms of Service.
  • Comply with legal obligations and respond to lawful requests from public authorities.
  • Produce anonymized and aggregated analytics about Platform usage. These datasets do not identify individuals.

4. Third-Party Processors

We share data with the following third-party service providers solely as required to operate the Platform. Each is bound by contractual data-processing obligations.

Payment & Escrow Processor (Payments, Escrow & Identity Verification)

When you transact on the Platform, we use a licensed third-party payment processor to charge brands, hold project funds in escrow, perform identity and tax verification of creators, and pay out creators. The processor collects and processes the payment, identity-verification (KYC), and tax-onboarding information described in Section 2 directly from you, and shares limited transaction and status data with us. Its handling of your information is also governed by its own privacy policy, which is presented to you at the time you provide payment or payout details.

OpenAI (AI Agent)

When you use the Hypear AI Agent, your chat messages (and any images you attach) are transmitted to OpenAI, LLC for processing via their API. OpenAI uses this data to generate responses and, under our API agreement, does not use API inputs to train its public models. Chat history and extracted memories (see Section 5) are stored in our database, not by OpenAI.

OpenAI Privacy Policy

Recall.ai (Meeting Transcription)

When you schedule a meeting through the Platform and the participants consent to transcription, we use Recall.ai, Inc. to dispatch a meeting bot (named "Hypear Bot") that joins the call and produces a written transcript. Recall.ai processes the meeting audio and video to generate the transcript text. We retain only the resulting text; the audio/video recording is deleted after the transcript is captured. Transcripts are stored in our infrastructure for internal use (see Section 6) and are not shown to the meeting participants.

Recall.ai Privacy Policy

Resend (Transactional Email)

We use Resend, Inc. to deliver transactional emails. Resend receives your email address, your name (where included in the email body), and email metadata (subject, timestamp, delivery status). Resend does not use your data for marketing or profiling.

Resend Privacy Policy

Cloudflare R2 (File Storage)

Portfolio images, videos, and avatar photos you upload are stored in Cloudflare, Inc.'s R2 object storage. Files are served via a Cloudflare CDN. Cloudflare receives the file content and associated metadata (file size, content type, upload timestamp). Public portfolio items are accessible at a predictable URL; private items require a time-limited signed URL generated server-side.

Cloudflare Privacy Policy

PostHog (Product Analytics)

We use PostHog, Inc. for product analytics. PostHog collects pseudonymous event data — which features you use, which pages you visit, and timing metadata. We link events to an internal user ID (not your email) once you are signed in. We do not send raw email addresses or passwords to PostHog. IP addresses are used for geolocation and then discarded; PostHog is configured to respect the "Do Not Track" browser signal.

PostHog Privacy Policy

Upstash (Rate Limiting)

We use Upstash, Inc.'s Redis service to enforce rate limits on authentication and sensitive actions. Upstash stores a hashed representation of your IP address and a sliding-window counter. No personally identifiable information beyond IP address is sent to Upstash; counters expire automatically within minutes.

Railway (Cloud Hosting)

The Platform is hosted on Railway Corp. servers in the us-west-1 region. All application data, including the PostgreSQL database, is stored on Railway infrastructure. Railway provides encryption in transit (TLS) and at rest.

5. AI Agent Memories

When you use the Hypear AI Agent, we run an automated process that reads your conversation and extracts structured facts — for example, the types of projects you specialize in, your preferred collaboration style, or gaps in your profile. These extracted facts ("memories") are stored in our database and injected into the system context of future agent conversations so the Agent can provide more relevant assistance.

This constitutes automated processing of personal data for the purpose of personalisation. The processing happens server-side; we do not share the extracted memories with any third party except as described in the OpenAI section above (the memory-extraction call is made to the OpenAI API). Memories are linked to your user account and are deleted when your account is deleted.

You may request deletion of your AI memories at any time without deleting your account by emailing support@hypear.ai. Deleting memories does not affect your conversations or your profile data.

Before your first Agent session, the Platform will present a clear consent screen explaining this processing and giving you the option to proceed or decline. You may withdraw consent at any time by contacting support.

6. Meeting Transcripts

The Platform lets a brand and a creator schedule a video meeting from within a conversation by pasting a third-party meeting link (Zoom, Google Meet, or Microsoft Teams). When a meeting is scheduled, we dispatch an automated participant — visibly named "Hypear Bot" in the meeting's participant list — that joins the call and generates a written transcript using Recall.ai (see Section 4).

Consent. Before the meeting opens, each participant is shown a consent screen that explains the bot and the transcription and must affirmatively agree before joining. We record the time consent was given. If you do not agree, the bot is not dispatched and no transcript is created. Because recording or transcribing a conversation is regulated in some jurisdictions — including ones that require every participant to consent — you are responsible for ensuring anyone you invite to a meeting is informed.

What we keep. We retain the text transcript only. The meeting audio and video is deleted after the transcript is captured and is never stored by us.

How we use it and who sees it. Meeting transcripts are used internally by Hypear AI to improve brand–creator matching and to operate and improve the Platform. A transcript is never shown to the other party in your conversation and is not displayed back to you inside the Platform; access is restricted to authorized Hypear AI personnel. Our legal basis for this processing is your consent, recorded at the consent screen; where applicable law also recognizes legitimate interests, we rely on our legitimate interest in operating and improving the matching service.

Transcripts are linked to the meeting and are deleted when the associated conversation or your account is deleted. You may request deletion of a meeting transcript at any time by emailing support@hypear.ai.

7. Portfolio Content and Public Profiles

Portfolio items you mark as Public are displayed on your creator profile page, which is indexed by search engines and accessible to anyone — including visitors who are not Hypear AI users. Items you mark as Private are stored but not shown on your public profile or in brand-facing search results. You can change the visibility of any item at any time from your portfolio management page.

8. Kajabi Community Data

We maintain a mirror of Alun Creative's AI Creators Hub member list (name and email) sourced from Kajabi. This data is used solely to verify that creator applicants are Hub members before allowing account creation. We do not display this data to third parties or use it for marketing. Hub member email addresses are compared against applicant-provided emails using case-insensitive matching; no other analysis is performed.

If you are a Kajabi community member and wish to have your data removed from this mirror, contact us at support@hypear.ai.

9. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that inaccurate data be corrected.
  • Deletion: request that your personal data be deleted, subject to legal retention requirements. Some data cannot be deleted on request — in particular transaction, escrow, payment, identity-verification, and tax records, which we and our payment processor are legally required to retain.
  • Portability: request your data in a structured, machine-readable format.
  • Withdrawal of consent: where we process your data on the basis of consent (e.g., AI Agent memories), you may withdraw that consent at any time.
  • Opt-out of analytics: you can opt out of PostHog analytics by enabling the "Do Not Track" setting in your browser.

To exercise any of these rights, email support@hypear.ai. We will respond within 30 days.

10. Data Retention

We retain your personal data for as long as your account is active. When you delete your account we remove your personal data from our primary database within 30 days. Encrypted database backups are retained for up to 90 days before expiring. Some data may be retained longer where required by law or for legitimate fraud-prevention purposes. Aggregated and anonymized analytics data is not subject to deletion requests because it cannot reasonably be linked back to an individual. Transaction, escrow, payment, identity-verification, and tax records are retained for as long as required by applicable financial-record and tax laws (generally up to seven years), even after account deletion.

11. Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest for databases and file storage, bcrypt hashing for passwords, SHA-256 hashing for sensitive tokens (password reset, email verification), and authentication guards on all data-mutation endpoints. Access to production systems is restricted to Hypear AI team members on a need-to-know basis.

No security system is perfectly secure. If you believe your account or data has been compromised, contact us immediately at support@hypear.ai.

12. Children

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Platform before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

14. Contact

Questions or requests about this Privacy Policy? Email us at support@hypear.ai. Alun Creative LLC, Parkland, Florida, USA.