Privacy Policy
Effective date: February 17, 2026
Last updated: February 17, 2026
1. Introduction
HypeMarket (we, us, our) is operated by Yaroslav Shmarov, an individual based in Warsaw, Poland. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use HypeMarket at hypemarket.ai (the Service).
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
Contact: hello@hypemarket.ai
2. Information we collect
2.1 Account information
When you create an account, we collect:
- Email address
- Password (stored as a cryptographic hash — we never store plaintext passwords)
- Display name (if provided)
- Locale preference
2.2 Social platform data
When you connect a social account via OAuth, we collect read-only data from the respective platform:
- Google / YouTube: your Google profile (name, email, profile picture), YouTube channel information (channel name, subscriber count, video count), and public video metadata (titles, view counts, engagement metrics)
- TikTok: your TikTok profile (display name, avatar, follower count, following count), and video metadata (video list, view counts, like counts, share counts)
This data is used to display your social account statistics, track growth over time, and facilitate matching between creators and brands.
2.3 OAuth tokens
When you authorize a social platform, we receive OAuth access tokens and refresh tokens. These tokens are encrypted at rest in our database and are used solely to fetch updated data from the respective platform APIs on your behalf.
2.4 Payment information
Payments are processed entirely by Stripe. We do not store credit card numbers, bank account numbers, or other sensitive financial data on our servers. Stripe may collect payment details directly. Please refer to Stripe's Privacy Policy for details.
For creators receiving payouts via Stripe Connect, Stripe collects identity and banking information directly. We receive only the status of your Stripe Connect account (whether onboarding is complete, payout status).
2.5 Server logs
Our servers automatically record information when you access the Service, including:
- IP address
- Browser type and version
- Pages visited and timestamps
- Referring URL
Server logs are used for security monitoring and debugging. They are not used for advertising or tracking.
3. How we use your information
We use the information we collect to:
- Provide the Service — create and manage your account, display your social account statistics and analytics
- Facilitate collabs — match creators with brand opportunities based on social account data
- Process payments — handle subscriptions and creator payouts through Stripe
- Send notifications — deliver in-app and email notifications about account activity, collab updates, and submissions
- Maintain security — detect and prevent fraud, abuse, and unauthorized access
- Improve the Service — diagnose technical issues and improve functionality
We do not sell your personal information. We do not use your data for advertising.
4. Third-party services
We share data with the following third-party services, only as necessary to provide the Service:
| Service | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing, creator payouts | Email, payment details (collected by Stripe directly) |
| Google / YouTube API | Social account connection, analytics | OAuth tokens (to fetch your data) |
| TikTok API | Social account connection, analytics | OAuth tokens (to fetch your data) |
| Hetzner Object Storage | File uploads (avatars, attachments) | Uploaded files |
| Postmark | Transactional email delivery | Email address, email content |
Each third-party service is governed by its own privacy policy. We encourage you to review them.
Google API Services
HypeMarket's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Cookies
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
_session_id |
Session management (authentication) | Browser session |
_csrf_token |
Cross-site request forgery protection | Browser session |
locale |
Stores your language preference | 1 year |
remember_me |
Keeps you signed in across sessions | 2 years |
All cookies are set with the Secure and HttpOnly flags where applicable. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.
6. Data storage and security
- Server location: Our servers are hosted by Hetzner in Nuremberg, Germany (European Union)
- Encryption in transit: All connections use HTTPS/TLS
- Encryption at rest: OAuth access tokens and refresh tokens are encrypted in the database
- Password security: Passwords are hashed using bcrypt and never stored in plaintext
- Access control: Database access is restricted to authorized personnel only
While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at hello@hypemarket.ai.
7. Data retention
- Account data is retained for as long as your account is active
- Social account data (statistics, snapshots) is retained while the social account is connected. When you disconnect a social account, its data is deleted
- Server logs are retained for up to 90 days
- Payment records are retained as required by applicable tax and accounting laws
When you delete your account, your personal data is permanently removed from our systems, except where retention is required by law (e.g., financial records).
8. Your rights under GDPR
Because we are based in the European Union, the General Data Protection Regulation (GDPR) applies. You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data (right to be forgotten)
- Restriction — request that we limit how we process your data
- Data portability — request your data in a structured, machine-readable format
- Object — object to processing of your data
- Withdraw consent — withdraw consent at any time where processing is based on consent
How to exercise your rights: You can manage most of your data directly through your account settings. To delete your account, visit your account settings page. To disconnect a social account, visit your social accounts page. For any other requests, email us at hello@hypemarket.ai.
Our legal basis for processing your data is:
- Contract performance — to provide the Service you signed up for
- Legitimate interest — to maintain security and improve the Service
- Consent — for optional features like connecting social accounts
9. Account and data deletion
You can delete your account at any time from your account settings. Account deletion permanently removes:
- Your profile and account information
- Your organization memberships
- Your connected social accounts and their stored data
You can also disconnect individual social accounts at any time from your social accounts page. This removes the stored OAuth tokens and social account data for that platform. We recommend also revoking access from the platform's own settings:
- Google: Google Account Permissions
- TikTok: TikTok app settings → Security & Permissions → Manage app permissions
10. Children's privacy
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at hello@hypemarket.ai and we will delete it.
11. International data transfers
Your data is stored on servers located in Germany (EU). If you access the Service from outside the EU, your data will be transferred to and processed in the EU. The EU provides a high level of data protection under the GDPR.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through an in-app notification. The Last updated date at the top of this page indicates when the policy was last revised.
Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
13. Contact us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:
Email: hello@hypemarket.ai
Location: Warsaw, Poland