Hypedata/ Legal/ Privacy Policy

Privacy policy.

This Policy explains what personal data HypeLabs, LLC collects when you visit hypedata.io or use the Hypedata API, how we use and protect that data, and the rights you can exercise under the GDPR, UK GDPR, and CCPA/CPRA.

Versionv2.4 · 2026.04
EffectiveApril 20, 2026
ControllerHypeLabs, LLC
Contactprivacy@hypelabs.llc

01Overview

HypeLabs, LLC operates Hypedata, a web data extraction service. We take privacy seriously: we collect the minimum data necessary to provide the Service, we do not sell personal data, and we support the rights granted to you by the GDPR (EU), UK GDPR, California’s CCPA/CPRA, Brazil’s LGPD, Canada’s PIPEDA, and equivalent laws worldwide.

This Policy covers two distinct roles we play:

  • As controller, when we process personal data of our website visitors, account holders, billing contacts, and prospects.
  • As processor, when Customers use the Service to process personal data they have chosen to extract. In that case the Customer is the controller, and our obligations are set out in the Data Processing Agreement.

02Who we are

The data controller is:

Entity
HypeLabs, LLC (Wyoming LLC)
Registered office
30 North Gould Street, Sheridan, WY 82801, USA
EIN
35-2851293
Privacy contact
privacy@hypelabs.llc
EU representative
Appointed upon request for EU-resident data subjects pursuant to Art. 27 GDPR

03Data we collect

3.1 — Account data

When you create an account we collect your name, business email address, company name, country, and role. If you use single-sign-on, we receive your provider identifier and the email associated with it.

3.2 — Billing data

For paid plans we collect a billing address, VAT/tax ID where applicable, and partial payment method data (last four digits, card brand, expiration). Full card data is handled by our PCI-DSS compliant payment processor and never reaches our servers.

3.3 — Usage & technical data

When you interact with the Service, we collect: API request metadata (timestamps, endpoint, response code, proxy type used, target hostname, credit cost), IP address of the calling machine, SDK version, dashboard clicks, and session identifiers. We use these to operate, secure, and improve the Service.

3.4 — Website data

When you visit hypedata.io we collect standard server logs (IP, user-agent, referrer, pages visited, timestamp) and privacy-friendly analytics that do not rely on cross-site tracking cookies.

3.5 — Communications

Emails you send to us, chat transcripts, and call records related to support or sales.

A note on scraped content

Content returned by the Service (the target website’s HTML, JSON, or parsed data) is not stored by us beyond the response life-cycle, unless you explicitly enable caching or snapshot features. When such content contains personal data, we act as processor under the DPA, not as controller.

04How we use data

  • Provide the Service — authenticate you, route requests, bill usage, deliver support.
  • Secure the Service — detect abuse, mitigate fraud, prevent credential stuffing and account takeover.
  • Communicate — transactional emails (receipts, security alerts, material changes) and, with consent, product updates and educational content.
  • Improve the Service — analyse aggregate usage, debug performance issues, tune anti-bot strategies.
  • Comply with law — keep accounting records, respond to lawful legal process, meet export-control and sanctions obligations.

We do not use personal data to train third-party foundation models. We do not sell personal data. We do not share personal data for cross-context behavioural advertising within the meaning of the CPRA.

05Legal bases (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

ProcessingBasis
Creating and operating your accountContract (Art. 6(1)(b))
Billing and accounting recordsLegal obligation (Art. 6(1)(c))
Security, fraud prevention, product analyticsLegitimate interests (Art. 6(1)(f))
Marketing emailsConsent (Art. 6(1)(a))
Responses to law enforcement requestsLegal obligation

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You may request a copy of the balancing test by contacting privacy@hypelabs.llc.

06Sharing & disclosure

We share personal data only in the following circumstances:

  • Sub-processors we rely on to operate the Service (cloud infrastructure, proxy providers, payment processor, email delivery, customer support tooling, analytics). The current list is maintained at hypedata.io/legal/sub-processors.
  • Professional advisors — lawyers, auditors, accountants — under duties of confidentiality.
  • Law enforcement or regulators where we are legally compelled, and only to the minimum extent required. We publish an annual transparency report.
  • Business transfers — in connection with a merger, acquisition, or asset sale, subject to equivalent protection.

07International transfers

HypeLabs is based in the United States, and certain sub-processors operate globally. When we transfer personal data outside the European Economic Area, the UK, or Switzerland, we rely on:

  • the European Commission’s Standard Contractual Clauses (2021/914) and the UK IDTA or Addendum, supplemented by technical and organizational measures commensurate with the risk;
  • adequacy decisions, where available;
  • your explicit consent, where no other basis applies.

A copy of the SCCs or equivalent transfer instrument is available on request.

08Retention

CategoryRetention
Account profileDuration of contract + 90 days
Billing & invoices7 years (US federal & state tax)
API request metadata & logs90 days
Security & audit logs12 months
Scraped content (responses)Not retained (processed in memory, streamed to Customer)
Support correspondence3 years from last message
Marketing contact listsUntil consent is withdrawn

09Your rights

Subject to applicable law, you have the right to:

  • Access your personal data and receive a copy of it.
  • Rectify inaccurate or incomplete data.
  • Erase data (subject to legal retention obligations).
  • Restrict or object to processing based on legitimate interests.
  • Port your data to another controller in a commonly used format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Not be subject to solely-automated decisions with legal or similarly significant effects. Hypedata does not make such decisions.

To exercise any right, email privacy@hypelabs.llc. We will respond within thirty (30) days. If you are unhappy with our response, you may lodge a complaint with your supervisory authority (e.g. the CNIL in France, the ICO in the UK, the LfDI in Germany).

California residents have additional rights under the CCPA/CPRA, including the right to know categories of data collected, the right to delete, the right to correct, and the right to limit the use of sensitive personal information. We do not sell or share personal data as defined under the CPRA.

10Cookies & similar technologies

Hypedata uses a minimal cookie set:

CookiePurposeLifetime
hd_sessionAuthentication & sessionSession
hd_csrfCSRF protectionSession
hd_prefDashboard preferences180 days
PlausiblePrivacy-first analytics (no cross-site tracking)N/A

We do not use advertising or cross-site tracking cookies. A consent banner appears where required by law.

11Children

The Service is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@hypelabs.llc and we will delete it.

12Security

We protect personal data with technical and organizational measures described in our Security Statement, including encryption at rest (AES-256) and in transit (TLS 1.3), least-privilege access controls, MFA for all staff, continuous vulnerability scanning, and incident response procedures. No system is perfectly secure; where a breach affecting your personal data occurs, we will notify affected users and regulators as required by law.

13Changes to this Policy

We may update this Policy as our practices or legal obligations evolve. We will post the revised version with an updated “Effective” date. Material changes will be notified by email at least 30 days before they take effect.

14Contact

For any privacy question, request, or complaint:

Data controller
HypeLabs, LLC
30 North Gould Street
Sheridan, WY 82801 · United States
privacy@hypelabs.llc
Supervisory authorities
CNIL · ICO
EIN
35-2851293
Related legal documents
Terms of Service
Contract & acceptable use
Privacy Policy
→ You’re reading it
Data Processing Agreement
GDPR processor terms
Security
How we protect data