1. What we collect

• ·Account information: name, email, password hash when you sign up.
• ·Usage data: which modules you use, generation requests, pipeline activity.
• ·Content you create: Insight reports, Manifest decks, Forge briefs, Craft assets, Amplify posts — stored securely and accessible only to you.
• ·Payment information: processed by Stripe. We never store card numbers.
• ·Device and browser: IP address, browser type, OS — for security and analytics.

2. How we use your data

• ·To provide and improve the Hypnotic platform.
• ·To process payments and manage your subscription.
• ·To send product updates and essential service emails.
• ·To detect and prevent fraud and abuse.
• ·To analyse aggregate usage patterns (never individual-level) for product development.

3. Data sharing

• ·We do not sell your data. Ever.
• ·Supabase: our database and authentication provider (stores your data on secure Postgres).
• ·Stripe: payment processing (see Stripe's privacy policy).
• ·AI providers (Anthropic, OpenAI, fal.ai): your prompts are processed to generate outputs. We do not allow providers to train on your data.
• ·Vercel: our hosting platform (application logs).

4. Your rights

• ·Access: request a copy of all data we hold about you.
• ·Deletion: request deletion of your account and all associated data.
• ·Export: export all your projects, reports, and assets.
• ·Correction: update incorrect information in Settings.
• ·Opt-out: unsubscribe from marketing emails at any time.
• ·To exercise any right, email privacy@hypnotic.ai.

5. Data retention

• ·Active accounts: data retained while account is active.
• ·Deleted accounts: data permanently deleted within 30 days of account deletion request.
• ·AI generation logs: retained for 90 days for abuse prevention.
• ·Billing records: retained for 7 years as required by financial regulations.

6. Security

• ·All data encrypted in transit (TLS 1.3) and at rest (AES-256).
• ·Row-level security on all database tables — you can only access your own data.
• ·API keys stored as environment secrets, never in client code.
• ·OAuth tokens encrypted before database storage.

7. Cookies

• ·We use cookies for authentication session management only.
• ·No advertising cookies. No third-party tracking pixels.
• ·See our Cookie Policy for full details.

8. Contact

• ·Data controller: Hypnotic (privacy@hypnotic.ai)
• ·Questions about this policy? Email privacy@hypnotic.ai