Security Notice

We use reasonable administrative, technical, and organizational measures designed to protect the Service and the data we process. Security is an ongoing process; we evaluate and improve our controls over time.

Data in transit between your browser/app and our infrastructure is protected by industry-standard TLS.

Data at rest in our primary database and storage is encrypted using provider-managed encryption.

We support email/password authentication, magic-link sign-in, and (when configured) third-party identity providers such as Apple and Google.

Sessions are protected via signed, http-only cookies. We support multi-factor authentication for accounts where it is enabled.

We use role-based and tenant-isolated access controls so that customer data is segregated by organization. Internal access to production systems is limited to personnel with a business need.

We rely on managed-database snapshots and backups provided by our infrastructure providers.

We log application errors and key security events to detect anomalies and investigate incidents.

We rely on reputable subprocessors to operate parts of the Service (hosting, database, email, payments, analytics, AI, etc.). See the Subprocessors page for the current list.

You are responsible for protecting your account credentials, choosing strong passwords, enabling multi-factor authentication where available, managing team member roles, and reviewing third-party integrations you connect.

You are responsible for the security and lawful use of any data you upload, including obtaining required consents from your customers and employees.

Despite our efforts, no Internet service or storage system can be guaranteed completely secure. We cannot promise that the Service will be free from intrusion, vulnerabilities, or other security incidents.

If you believe you have found a security issue, please report it to [security@hypeify.com]. Please do not disclose the issue publicly until we have had a reasonable opportunity to investigate and respond. A formal vulnerability disclosure program will be published when available.