Privacy Policy
What information we collect, how we use it, and the rights you have over it.
1. Scope
This Privacy Policy describes how Hypeify LLC ("Hypeify," "we," "our," or "us") collects, uses, shares, and protects information when you use our website, the Hypeify Host, Hypeify Books, Hypeify Terminal, Hypeify Hospitality, Hypeify Fleet, and Hypeify Outpost products, the Toro cross-product AI layer, and any other Hypeify-branded products and related services (the "Service").
2. Information We Collect
Account information: name, email, phone, password (hashed), profile preferences, and authentication identifiers (including any social-login identifiers you connect).
Business information: business name, location, brand assets, organization role, billing contact, and team member information you add.
Restaurant information (Hypeify Host): menus, items, prices, photos, hours, customer/order data your end customers provide, QR scan analytics, and integration data from connected services (e.g. point-of-sale, delivery platforms).
Bookkeeping information (Hypeify Books): companies, properties, vendors, transactions, splits, uploaded receipts, lease documents, imported bank/transaction data, and report inputs.
Fuel-wholesale information (Hypeify Terminal): customers, vendors, terminals, products, BOLs, rack-pricing inputs, statements, payments, settlements, audit-log entries, and integration data from terminal connectors (e.g. Shell US Fuels).
Hospitality information (Hypeify Hospitality): properties, room/unit inventory, rate plans, market and competitive-set inputs, channel-mix data, reputation and review data, group-pricing requests, and integration data from connected channel managers, OTAs, and PMS systems.
Fleet information (Hypeify Fleet): vehicles, drivers, dispatch records, fuel-card transactions, maintenance records, telemetry, route data, and integration data from connected telematics or fuel-card providers.
Field-inspection information (Hypeify Outpost): customer tenants, sites/locations, schedules, inspection templates, inspection runs (including pass/fail/N/A answers, free-text and numeric answers, photos attached to items, scoring), branded PDF reports, issues and issue activity, document-vault uploads, and inspector roster records.
Toro cross-product data: the prompts, conversations, and reasoning context that Toro reads from the products you have enabled, plus any documents you point Toro at.
Uploaded files and documents: anything you upload through the Service, including receipts, statements, BOLs, lease documents, and other operator-supplied files.
Payment information: handled by our payment processor(s). We receive limited information such as the last four digits of cards, billing region, and transaction status.
Device, log, and analytics data: IP address, browser, device, operating system, language, referring page, pages viewed, actions taken, timestamps, and error reports.
Cookies and similar technologies — see our Cookie Policy for details.
3. How We Use Information
Operate, maintain, secure, and improve the Service.
Authenticate users and protect against fraud, abuse, and unauthorized access.
Provide customer support and respond to inquiries.
Process subscriptions, payments, refunds, and tax collection.
Send transactional and important administrative messages (e.g. receipts, security alerts).
Send product updates and marketing communications where permitted, with the ability to opt out.
Generate aggregate analytics and improve Service performance and reliability.
Provide AI-assisted features — when you use them, your prompts and the relevant workspace context are processed by our AI subprocessors (see the Subprocessors page) solely to generate the requested output.
Comply with legal obligations and enforce our Terms of Service.
5. Data Retention
We retain personal information for as long as necessary to provide the Service, comply with our legal obligations (including tax, accounting, and regulatory requirements), resolve disputes, and enforce our agreements.
While your account is active, we retain the information in your workspace so the Service works. After a verified deletion request or account closure, we delete or de-identify personal information — generally within forty-five (45) days of verification — except where a longer retention period applies below.
Backups: deleted data may persist in encrypted backups for up to approximately thirty-five (35) days until those backups rotate out.
Financial and business records: billing records, invoices, payment and transaction records, and audit logs may be retained for up to seven (7) years (or longer where law requires) for tax, accounting, audit, fraud-prevention, and dispute-resolution purposes.
De-identified and aggregate data that no longer identifies you may be retained and used without restriction.
See our Data Retention and Deletion Policy for the full process and timelines.
6. Security
We use reasonable administrative, technical, and organizational measures designed to protect personal information. See our Security Notice for an overview.
No method of transmission or storage is completely secure. We cannot guarantee absolute security.
7. Your Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to opt out of certain types of processing.
U.S. state-specific rights (where applicable, including under California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Delaware, Iowa, Indiana, Kentucky, Rhode Island, Montana, Tennessee and other states with comprehensive privacy laws): you may have the right to know what categories of personal information we collect, to request access or deletion, to correct inaccuracies, to data portability, and to opt out of targeted advertising, sales, or certain profiling. You may designate an authorized agent and may appeal a denial of a request as required by law.
We do not knowingly process sensitive personal information except as needed to provide a feature you have requested.
8. Submitting a Privacy Request
Use our Privacy Request form at /privacy-request (or email [privacy@hypeify.com]) to submit a request. We may ask you to verify your identity — typically via the email address on your account — to protect against fraudulent requests.
Requests are reviewed and fulfilled manually by our team; the Service does not currently offer instant, self-serve deletion or export of personal information. We aim to acknowledge requests within ten (10) business days and to complete them within forty-five (45) days of verification, with one additional forty-five (45) day extension where permitted by law. We will explain any extensions or denials.
If your personal information lives inside another customer's organization workspace (for example, you are a tenant, end customer, or team member of a business that uses Hypeify), we may direct your request to that organization, or ask it to act on the request, as required by applicable law — business records are controlled by the organization that maintains them.
10. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.
11. International Transfers
Our infrastructure and certain service providers are located in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States and other countries that may have data-protection laws different from those in your jurisdiction.
12. Changes to This Policy
We may update this Policy from time to time. We will revise the version and effective date when we do. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
13. Contact
Questions or requests? Contact us at [privacy@hypeify.com].