Privacy Policy

Hypermass ("Hypermass," "we," "our") operates Hypermass Media Team, accessible at hypermass.media. This policy explains what personal and Instagram-account data we collect, how we use it, and the choices you have. If anything here isn't clear, email privacy@hypermass.ai.

1. Who we are

Hypermass, 9200 Sunset Blvd, West Hollywood, CA 90069, United States. For any privacy request or question, contact privacy@hypermass.ai.

2. What we collect

Account information. Your email address (used for magic-link sign-in via Supabase Auth), your display name, and an optional avatar URL.

Instagram data.When you connect an Instagram Business or Creator account through Meta's OAuth flow, we receive and store: your Instagram user ID, username, display name, profile picture URL, biography, website, follower / following / media counts, and an access token used to pull insights on your behalf. With your authorization we also pull and store: media posts (captions, timestamps, permalinks, thumbnails), media-level insights (reach, views, likes, comments, shares, saves, plays), account-level daily insights (reach, total interactions, breakdowns by type), audience demographics aggregates (age, gender, city, country), hourly online-follower counts, and comments on your posts. We receive real-time webhook notifications when your account is @-mentioned.

Usage data. Standard web server logs (IP address, user-agent, timestamp, request path) retained for security and debugging. No advertising trackers, no third-party analytics.

3. How we use data

We use Instagram data exclusively to provide the service you connected it for: rendering your dashboards, computing trends and recommendations, generating AI-assisted summaries and next-move suggestions, and notifying you of new mentions or reputation events. We process your data with large-language-model services (including Anthropic) to produce these recommendations; your Instagram data is sent to those providers only as needed to produce a specific output and is not used by them to train models (per their enterprise data-use terms).

We do not sell your personal information. We do not use your Instagram data for advertising. We do not share your Instagram data with third parties except the sub-processors listed below.

4. Sub-processors

We rely on a small set of service providers, each under a data processing agreement:

Supabase (database, auth, object storage) · Vercel (application hosting, serverless functions, cron) · Anthropic (LLM inference for AI-assisted summaries) · Meta Platforms (Instagram Graph API — this is the source of the Instagram data, not a downstream recipient) · Resend (transactional email, when enabled).

5. Retention

We retain your data for as long as your workspace is active. When you delete your workspace (via Settings, or by emailing privacy@hypermass.ai), we remove all Instagram-account data, media, comments, audience snapshots, online-follower history, and mention records within 30 days. Workspace backups may persist for up to 30 additional days in Supabase's point-in-time-recovery snapshots before expiring.

6. Your rights

California residents (CCPA/CPRA).You may request access to the personal information we hold about you, request deletion, request correction of inaccuracies, and opt out of any sale or sharing of personal information (we don't do either). Submit requests to privacy@hypermass.ai; we respond within 30 days.

EU / UK residents (GDPR / UK GDPR). You have the same access, deletion, correction, portability, and objection rights. You may also lodge a complaint with your local data protection authority. Same email to submit a request.

7. Data deletion

Self-service: Settings → Workspace → Delete workspace. You can also revoke Hypermass's access to your Instagram account at any time from instagram.com/accounts/manage_access. For full account-wide deletion see our Data Deletion instructions.

8. Children

Hypermass is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe we have, email privacy@hypermass.ai and we will delete it.

9. Cookies

We use strictly-necessary cookies: a session cookie from Supabase Auth to keep you signed in, a cookie storing your selected date range across pages, and a cookie remembering your sidebar collapsed/expanded state. No analytics cookies. No advertising cookies.

10. Security

Data is encrypted in transit (TLS) and at rest (Supabase-managed encryption). Access tokens are stored in our database; access is restricted to the infrastructure that needs them. We will notify affected users within 72 hours of confirming a personal-data breach.

11. Changes

We may update this policy. The effective date at the top of this page will change. Material changes will be announced in-app and by email to the account owner.

12. Contact

Hypermass, 9200 Sunset Blvd, West Hollywood, CA 90069 · privacy@hypermass.ai