Privacy & Data Handling Policy

What this Privacy Policy Covers:

Hypadrive.ai Limited is a New Zealand registered Company that offers a global SaaS service. Hypadrive.ai helps businesses connect with and engage their audiences by providing a web-based platform and suite of digital products and services that allow businesses to structure, automate, track and optimise their communication activities. Hypadrive.ai helps businesses to automate and optimise their customer acquisition and engagement activities.

This Privacy Policy outlines the type of personal data we collect, how we use/protect/and manage it, and your rights and choices.

Trust and integrity are important to Hypadrive.ai. We expect this from you, our users, and therefore we of course expect this from ourselves. We are committed to maintaining transparency regarding how we manage information about you.

As a growing and evolving business, our Privacy Policy and related documents are subject to change, we may update this Policy from time to time as needed and each new iteration of the Policy will become applicable. Because of the evolving nature of our business and for legal, security and competitive reasons, some information - for instance specific third parties we integrate with, technologies and methods we use to secure data etc - is alluded to but not explicitly specified in our document(s).

Importantly, this Privacy Policy also outlines your options regarding how we handle your information. You can always write to our team with privacy related concerns by emailing us at privacy@hypadrive.ai.

Finally, if you find yourself in disagreement with this policy in whole or part thereof, we unfortunately and kindly advise against using or interacting with our products and services or engaging with us in any way.

This Privacy Policy pertains to the data we collect, process and potentially store when you use our products and services, engage with us (such as through communication channels or by participating in our events), or otherwise interact with Hypadrive.ai; unless specified otherwise.

This Privacy Policy aims to provide you with clarity about, and an understanding of:

• What information is collected about you;
• How the information is used;
• The legal basis for collecting & processing the information; and
• Your rights and choices; including how you can access and control your information.

We also outline, for your benefit, details about:

• Service providers that help us manage your data (sub processors);
• How long we store and process/manage the various types of data we collect from you;
• Our use of Cookies (Cookie Policy);
• How we aim to secure your data (Security Policy); 
• Our Data Processing Agreement/Addendum (DPA);
• Links to third-party websites or services;
• How we handle international data transfers;
• Specificities related to certain jurisdictions; and
• Other vital privacy-related details.

Parties whom this Privacy Policy & Related Documents apply to:
There are 4 main parties interacting with Hypadrive.ai that this Privacy Policy governs and relates to. The use of the words “you” or “your” or “User” apply to all, depending on context. These are:

1. Website Visitors: People who merely visit and browse our website(s) but have no interaction with our products and services and whom have not provided any personal information to us about themselves but whose interactions on our websites may be tracked and recorded for us to understand how users are interacting with our presences so we may improve and optimise our offering overtime.
2. Database Contacts: People who merely visit and browse our website(s) but have no interaction with our products and services and whom have not provided any personal information to us about themselves but whose interactions on our websites may be tracked and recorded for us to understand how users are interacting with our presences so we may improve and optimise our offering overtime.
3. Users: Users of Hypadrive.ai products and services and the Businesses they represent / act for.
4. Contacts of Users: Contacts of our Users - people who our Users reach out to and communicate with via our platform.
   ‍

• With regards to this group (contacts who our Users upload into Hypadrive.ai) we do not take any responsibility for the management of these contact records or the communication interactions between our users and the contacts they reach out to via Hypadrive.ai. Hypadrive.ai is a platform/tool that facilitates communication, not the strategic driver or authoriser of the communication (the latter of which is our Users). The responsibility of ensuring privacy responsibilities with regards to contacts our Users upload into Hypadrive.ai lies with the Hypadrive.ai Users who own and make decisions related to those contact records. If you are or believe you are a contact who has been contacted via Hypadrive.ai by a User of the Hypadrive.ai platform, you should contact the individual who reached out to you and discuss your privacy concerns with them directly. If you feel your contact information is being abused by a Hypadrive.ai platform User, please inform us by writing to us at privacy@hypadrive.ai.

Definitions:

The terms "Hypadrive.ai" “us”, “our”, “we” refer to our complete suite of products and services, supporting assets and affiliated companies. Our range of products and services, combined with our platforms, events, and other interactions, are referred to as "services" and “products” within this policy. The terms “you” “users” “your” “business account” “user account” refer to you ‘the user/individual or entity’ interacting with Hypadrive.ai. ‘Essential communication’ refers to communication interactions between us and you which we deem to be important or critical to your experience using our products and services for the benefit of your business. An example of this is, but is not limited to, the email notifications we send you to notify you that you have received a response from a contact who is part of your outreach program(s). Another example is account related communication e.g. security or payment related communications.

Updates to the Privacy Policy:

From time to time we will make updates to our various documents including the Privacy Policy. Updated versions of the Privacy Policy will be uploaded to our web presence for you to review as you wish. We will notify our Users of updates to our documents via email. As an existing user, you are not required to ‘accept’ our updated Privacy Policy information. As an existing user, your continued use of our products and services indicates your acceptance and understanding of our Privacy Policies. New users will by virtue of their sign up to, and interaction with, Hypadrive.ai’s products and services (including our various digital assets) automatically accept our Privacy Policies as outlined in our Privacy Policy; stored and available online through our website(s). Those who are not users, but have through one form or another provided personal information to Hypadrive.ai accept our Privacy Policy by virtue of interacting with our business in any way or form.

User Account vs Business Account - Controlling Your Data:

Non Users:
If you are not a current Hypadrive.ai platform user, but we have captured personal information which we use to communicate with you via our CRM, sales activities or emailing lists and you would like to no longer be contacted, please write to us with your request at privacy@hypadrive.ai. You can always unsubscribe from email communications we send you via the unsubscribe link available at the bottom of our email communications. If you receive written communication from our team and it does not include a opt out/unsubscribe link e.g. Linkedin messages, or 1 to 1 emails between you and our team members, then please write to us with your request not to be contacted further.

Users:
At any point, should you wish to control, modify, or remove your data, you can do so via your User Account or Business Account or you can reach out to us at privacy@hypadrive.ai with details of your request(s).

With regards to Marketing Communications, you can manage these settings/your preferences in the My Account Settings > Communication Preferences section of your User Account. IMPORTANT NOTE: Some communication between us and you is considered by us to be ‘essential communication’. As a user of Hypadrive.ai you cannot opt out of receiving it. This is because we deem it to be essential to the performance of the Hypadrive.ai product/service and our ability to deliver value to you; an example is notifications you receive about new responses your outreach programs have generated. Your interaction with and use of our products and services indicates your acceptance with regards to receiving such ‘essential communication’ as defined by us from time to time. If you take issue with receiving such communication you can let us know via privacy@hypadrive.ai or you can simply stop using and interacting with our products and services.

As a User of Hypadrive.ai’s products and / or services, your ‘data’ is associated with and managed via your Account. As a User, your data relates to your User Account. User Accounts are associated with and part of your Business Account. The Business Account is the ultimate holder of User data and by creating or accepting an invite to create a User Account associated with a Business Account, you ‘the User’ understand and consent to the data related to your account belonging to and being available to the Business Account your User Account is associated with. This is because your actions as a User are designed for the benefit of the Business Account. As a User, if you wish to delete your User Account, you can do so, but you acknowledge and accept that a copy of your User Activity History will be stored and maintained by the Business Account you are part of for the life of the Business Account. There is no way to delete specific User Data from a Business Account because doing so would negatively affect the Business Account by altering/removing key information related to use of the Business Account; information which is critical to the Business Account and those still operating/using it. That being said, as a User associated with a Business Account, you can choose to ‘leave’ the Business Account. The Business Account Administrators are also able to Deactivate your User Seat and prevent you from accessing the Business Account. In either case, your User Seat will no longer be accessible by you. Your User name will remain shown in the Business Account as a historic reference to your User Account and the activity conducted via your User Account whilst part of the Business Account, however, your User Profile / Sender Profile will not be able to be used by the Business Account for outreach programs from the point of deactivation of your User Account.

You are able to, at any time, cancel the services we provide to you and delete your account. With regards to account deletion, you have 3 options:

1. Delete Business Account: If you are the PRIMARY Account Admin user you can choose to delete the entire Business Account that your team operates under. Deleting your Business Account is a permanent action, you will not be able to recover the Business Account if you choose to Permanently Delete it. Any and all information stored in your Business Account will be permanently deleted if you take this action. Hypadrive.ai does maintain a copy of your Business Account’s Account Activity for the purpose of analysing and optimising our service over time. We make every attempt we deem reasonable and appropriate to anonymise and secure such data. By using our products and services you accept this.
   

2. User Self Delete User Account: Any user (except the PRIMARY Account Admin user whilst they are assuming the user role of PRIMARY Account Admin) can choose to Delete their own User Account. Doing so will cancel the User Seat billing paid for by the Business Account and will change the User Status to ‘Inactive’. The Business Account and its associated Users will not be able to use the exiting Users Account or Sender Profile for any communication activity as each Sender must provide authorisation to use their Sender profile for a specific program. A copy of the User Account and its Activity History will be stored in the Business Account as that information relates to the Business Account.
   

3. Business Admin Delete a Users Account: An Admin User of the Business Account may at any time Deactivate the User Account of another user in the team. Doing so will stop the Deactivated User from being able to access their User Account and will stop billing for the User Seat of the Deactivated User. Whilst Deactivated, a Users profile will be shown as Inactive. Again, the User Data associated with the User Account will be available to the Business Account, but the Business Account and its remaining associated Users will not be able to use the User Account for communication without the express authorisation of the User Account owner.
   

1. What Information We Collect About You:

Outlined are the various types of data Hypadrive.ai collects from individuals and businesses who use our products and services or generally interact with us. These evolve from time to time and so anything not yet mentioned must not, and you agree cannot, be used against Hypadrive.ai in any way. You are always able to write to us with specific privacy related inquiries by writing to privacy@hypadrive.ai.

1.1. When you Visit our Website(s)
When you visit any of our website(s), Hypadrive.ai tracks your usage and behaviour which includes statistics such as which pages you visit and how long you look at them. This may include information such as IP address, geolocation information, login and account credentials, browser type and information about the use of our website, including a history of the pages you view. We rely on best in class marketing tools and platforms to provide us with this tracking capability and insights on our websites.

1.2. When you Create a Hypadrive.ai Account
When you create a Hypadrive.ai account, we ask for 2 types of information; 1. Information about you, 2. Information about the business you represent. Such information includes but is not necessarily limited to your email address, your name, your location where you are based, what company you work for, the role you play at the company, specifics about your business like how long it has been operating, what industry it is in, how big your team is and what type of communication activity you intend to use Hypadrive.ai for. We collect this data in order to understand our users and to be able to drive correlations which can be used to help you inform and optimise your communication activity. In some cases, we might ask for a phone number for verification and contact purposes. If you become a paying customer, we will collect your payment card information via our chosen industry best practice 3rd party payment processing provider including but not necessarily limited to: information identifying you (client and order), email address, IP address, phone number, full name, country code, address, company name, card type, last 4 digits of the card number, user agency and browser language data and name of payment processor (we may use this information to prevent fraudulent chargebacks). If you choose to use the sign up with Google option when you create an account, we collect encrypted Gmail authentication tokens obtained from Google LLC; from which we can obtain information about you including your full name, email address and language settings. We further collect information about you and your device automatically including IP address, referral link, registration date, account balance information, language, and browser type. We may also collect some information about your activity on the Platform such as the time you purchased a subscription or renewed your plan, your progress through onboarding and other possible gamification tasks, and any other actions taken while using our services.
 
Personal Identity Verification: Hypadrive.ai is a platform that believes in trust and believes in genuine and authentic users. For such users, we offer our platform to help them structure, track and optimise targeted communications activities. We do not believe in or support fake or unverified senders on our platform. Because of this, we require Users of our platform to verify their identity in order to act as Senders through Hypadrive.ai. This is done to protect recipients and encourage positive sender behaviour via the Hypadrive.ai platform. Hypadrive.ai uses a leading 3rd party GDPR compliant and secure identity verification service to perform User identity verification. Hypadrive.ai does not store your identity data. All identity data is managed via our identity verification service provider who adhere to industry best practices in order to provide a secure service. Please note our chosen identity verification provider is subject to change at our discretion. If you wish for more information about our chosen partner please send us a request for this information via privacy@hypadrive.ai.

1.3. When you use our Products and Services
Whether it is directly on our provided website platforms ‘the Sites’, through the API or via add-ons provided by Hypadrive.ai, we monitor your usage of the Services, and log requests that you make. Those logs can include information such as IP address, geolocation information, login and account credentials, actions taken, information inputted and / or the browser used, how many users you have, whether you are a paid account or not, the type of outreach programs you run and associated metrics like the frequency of your programs, the type of contacts you reach out to, the performance results of your outreach and more. When using our Services, you will provide data inputs in order to achieve certain outcomes and functions such as setting up new outreach programs. All actions you take and information you input, including selections you make inside your account are recorded and stored. This includes contact information you upload into Hypadrive.ai for use in your various outreach activities.

1.4. When you Contact our Support
If you reach out to or engage with our support team via phone, email, chat or any other medium, we may keep conversations and other data you might send during those exchanges. When you delete your account, those conversations are removed after a period of up to 6 months. We may from time to time at our discretion anonymise certain data collected via support interactions for use in improving our products and services for our current and future users; in doing so we may maintain the anonymised information, or parts thereof, indefinitely at our discretion.

1.5. When you Launch Outreach Programs/Campaigns - Connecting and Using Communication Channels
Launching an outreach program involves ‘connecting’ your chosen communication channels to facilitate the execution of touchpoints that use those channels on your behalf through Hypadrive.ai. Connecting means providing authorisation and access credentials and giving Hypadrive.ai permission and the ability to use your accounts for authorised communication configured by you through our platform. For example, to use email as an outreach channel for programs you configure using Hypadrive.ai, you will need to connect an ESP (email service provider) or mailbox account through which the sending of emails is facilitated on your behalf. Configuration of the communication channel for your needs is a task completed by you before or at the time of connecting the channel to Hypadrive.ai; Hypadrive.ai may at times, through the platform or our community of Expert Partners, offer services to help users optimise the setup and configuration of their chosen communication channels. Whenever you connect a communication channel you provide Hypadrive.ai with the ability and authority to, on your behalf; access (including any necessary credentials to do so), analyse, send from and view messages received.
At times, if you do not have certain channels already setup and working, Hypadrive.ai may facilitate the procurement, setup and configuration of communication channels on your behalf; however in doing so we make absolutely clear that the ownership of and decision to authorise and use any channel we setup and configure on your behalf is solely yours ‘our users’; by using Hypadrive.ai and employing any of our related services, you accept and acknowledge this.
With regards to connecting any communication channel you wish to use through Hypadrive.ai, we may offer/facilitate multiple options. For example with email we may offer GMAIL and OUTLOOK as viable email channel options. The options we provide are subject to change from time to time and are available to you solely at our discretion.
In your account, you will have access to reporting information related to the use of each channel you decide to employ for a particular outreach activity/program as well as tools to help you manage replies and ongoing dialogue with contacts who engage with you.
To provide our service to you via our web platform interface, Hypadrive.ai needs to store the communication history between you and your contacts; which includes all details related to you, the contact and the tracked engagement and communication history between the two of you. We do this so we can display the communication to you via our platform as well as execute valuable tasks on your behalf such as classifying responses, where applicable to help you progress conversations, and direct you with appropriate next actions to take to achieve your outreach objectives.
Data collected via your communication channels is not shared with 3rd parties. It stays private to the user and their team where applicable; as well as anyone who you ‘the user’ authorises to be able to access and view your Hypadrive.ai User or Business Account e.g. Hypadrive.ai employees or representatives, Guest Users to your account or Expert Partners you invite to work with you inside your account. NOTE: from time to time, at our discretion, we may anonymise information and data collected via our users accounts in order to use that data to improve our products and services. By using our products and / or services or interacting with Hypadrive.ai in any way you accept and authorise this.

1.6. If and When Hypadrive.ai Collects or Surfaces Publicly Available Web Data
Hypadrive.ai may develop and offer services which interact with public web pages on the internet to collect data related to professional profiles. Only public web pages and publicly available content are processed. On those public pages, Hypadrive.ai may look for business data such as names, professional email addresses, job titles, social network URLs, or professional phone numbers. If Hypadrive.ai comes across private consumer data such as a personal email address or phone number, it does not process it. Hypadrive.ai is not the owner of said data. Such services would simply be a search and display function offered by Hypadrive.ai for the benefit of users who wish to take advantage of such service types.

1.7. Other Data
As a continuously evolving early stage organisation, we may from time to time collect other types of data. We will make every effort we deem appropriate at our discretion to update our documents in order to inform you about these ‘other data types’ as and when it becomes relevant to do so, however we cannot guarantee that we will always be able to update our documents in a timely manner. By using our products and services and interacting with our digital properties/assets or business in any way, you agree to exonerate and absolve Hypadrive.ai of any and all responsibility it has to keep you informed of data collection types; in particular those not mentioned at the time of publicising our Privacy Policy.

1.8. Childrens Data & Privacy
Hypadrive.ai is a Business to Business (B2B) platform/service and is not structured or designed for users under the age of 13. We do not knowingly collect data related to Children. Hypadrive.ai is a Business product/service and has no responsibility to ensure its users are ‘of appropriate age’. However, if we are informed about data from an individual below the age of 13, we will act to remove that user from our platform and stop their interactions with our products and services. By registering on the Platform and entering into the contract with the Company “us” “Hypadrive.ai”, you acknowledge that you have reached the age of 13 and under the laws of your country of residence you have all rights to provide us with your personal data for processing.

2. How We Use The Information We Collect

The data we collect plays a critical role in providing our service to you and enhancing the experience we offer to our users. Below is an overview of how we utilise the collected data.

2.1. To Enhance and Personalise our Products and Service
We seek to offer our users a personalised experience. We use the collected information to understand user activity, preferences and improve their browsing experience by offering tailored recommendations and services. This is particularly relevant for our ability to offer our users optimisation suggestions and insights with regards to how the derived insights can help drive more effective outreach types and outreach performance outcomes. We analyse all the communication activity data on our platform and anonymise it to do so. We use this anonymised information to derive insights that can be used to surface insights and optimisation suggestions to all users on our platform.

2.2. To Develop & Enhance our AI Systems & Capabilities
Our platform uses AI in a variety of ways. All user interactions with our service and content/other data inputted by or received by our users are or can potentially be examined by our AI to refine its capabilities; the IP of which belongs to Hypadrive.ai Limited. This is ultimately done in order to provide our users with a better product/service which delivers better outreach performance and user experience results. This excludes using data from 3rd parties API’s (e.g. Google API), where we must comply with the privacy policies and acceptable use policies of the relevant 3rd party data providers.

2.3. To Store, Analyse, Validate and Draw Insights from Contact Data Records & Related Information
Users upload contact data (contact records) into our platform for use in outreach programs/campaigns. Hypadrive.ai stores these contact records in the users Business Account in order to provide visibility of which contact records the Users / the Business Account as a whole have interacted with through Hypadrive.ai. Hypadrive.ai tracks and stores the specifics of the interaction history between our Users and the Contacts they add to Hypadrive.ai e.g. whether the user responded, what channel the user responded on, what the message the user responded with was etc... Part of this tracking is insight into whether the contact information was valid or not - email for example and whether the email address that was written to bounced or failed to deliver or was identified prior to sending as being a problematic email e.g. a spam trap. Importantly, where contact record information is deemed to be invalid, Hypadrive.ai will keep a general record of the contact information and the issue. The reason for this is that it enables a prevention of other users attempting to contact the same invalid or problematic contact record. Hypadrive.ai is designed to help protect its users from poor sending practices, including invalid or problematic contact information e.g. email addresses which can negatively affect sender reputations. We will not however package and sell your specific contact records to any other party, including other users of the Hypadrive.ai platform. Contact records you upload for outreach via Hypadrive.ai are your property of which you are the controller.

2.4. To Provide Service and Support
We use the information we gather and store to assist in providing our services, including but not limited to providing access to our services via your accounts with us, addressing technical issues, responding to user support requests and communicating product features and updates as well as help centre resources and content. Hypadrive.ai provides customer support via email, phone or chat, to help you take full advantage of our Services or fix problems you encounter. To do so, the customer success specialist(s) will access the information relevant to the issue. It can be account information or activity monitoring; or indeed any other information Hypadrive.ai deems necessary and appropriate in order to support our customers and our team members facilitating the support interactions.

2.5. For Aggregated Data Sharing
In certain scenarios, we might share aggregated and Non-Personal Information about our users with other companies. When doing so, we make every effort we deem reasonable and appropriate to ensure that individual users cannot be identified.

2.6. For External Business Communications
Occasionally, we may contact you regarding offerings from external business partners that align with your interests. When doing so, we make every effort we deem reasonable and appropriate to ensure that individual users cannot be identified.

2.7. For Data Analysis and Website Operations
We use Navigational Information to optimise and improve our services. This might involve the use of cookies, web beacons, and other similar technologies to understand user behaviour and preferences whilst interacting with our platforms, digital assets and services.

Note Regarding Browser Cookies: Users can always choose to accept or decline cookies through their browser settings. While most browsers automatically accept cookies, declining them may affect certain interactive features on our platform.

2.8. For Marketing and Communication
Based on the information we have, we might send information we believe is relevant to our users; provided it conforms with our users communication preference settings managed in the application in the users account. This could range from new features, updates, or third-party offers we think might be of interest. However, we never sell Personal Information to any third party for them to use for any purpose.

2.9. For Business Relationships and Third-party Interactions
Data might occasionally be shared with trusted partners who help in improving our service delivery, such as assisting with marketing, delivery of services through our platform or analysing data. These partners are bound with Hypadrive.ai by agreements, the specific terms of which apply.

2.10. For Payment Processing
If you give us credit card information, we use it solely to collect payment from you for services you consume. Payment information is processed and stored via a best in class 3rd Party Payment Platform provider. Hypadrive.ai does not store or manage credit card information.

2.11. To Fight Fraud
Hypadrive.ai has automated systems in place to fight payment fraud and violation of our Terms of Service. We use various information and signals related to the account activity. In certain cases, this information is reviewed manually.

3. The legal basis for processing your data

For the purposes of the General Data Protection Regulation, we rely upon a number of legal bases to enable our processing of your personal data. We collect and process your personal data or the personal data you provided us with in accordance with the provisions of the GDPR and other applicable laws. GDPR provides an exclusive list of lawful bases allowing us to process the personal data. During the personal data processing, we rely only on the following:

Article 6.1(a): consent

We collect the information you choose to give us, and we process it with your consent. We require the minimum amount of your personal data that is necessary to notify you about our services and products (for example, send you a newsletter or offer). With your consent we also use Cookies as outlined in our Cookie Policy.
You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful.
You may withdraw the consent to the processing of your personal data by sending us an email at privacy@hypadrive.ai, a message via the Site’s online chat form or by contacting us in any other way convenient for you. If you are a Hypadrive.ai account holder, you can also voluntarily manage your communication preferences with us via your account settings. If you receive marketing communications from us you can unsubscribe from these communications at any time directly from the communication via the unsubscribe link included.

Article 6.1(f): legitimate interests

We can process prospect data and business data based on our, your and your potential business partner’s legitimate interests, namely to:

• Contribute to business cooperation between you and your potential business partners;
• Create and assist in discovering new business-targeted marketing and sales opportunities for you and your potential business partners;
• Allow you to expand your database of the potential business partners;
• Develop our platforms capabilities such that it simplifies and facilitates professional interaction between businesses;
• Allow you to use an online platform for businesses that combines sales, CRM, analytics, marketing, communication automation and email service functionality;
• Allow your potential business partners to approach new potential and verified clients or suppliers (the legitimate interest of Hypadrive.ai Users in reaching out to other businesses);
• Allow your potential business partners to commercialise the use of their publicly posted information related to their professional or business interests/occupation.

You may read more about it in Hypadrive.ai’s Joint Controllership Agreement.

We further process your information based on our legitimate interest to assist our users and of offering you a safe, optimum, efficient, and personalised experience, where we carry out processing operations for the following purposes:

• To assist our users, solve any problems and improve the use of our sites and services.
• To personalise, assess, and improve our services, content, and materials (our legitimate interest in learning how the Services are used to improve them).
• To analyse the volume and history of your use of our services.
• To inform you about our services as well as our partners’ services and/or promotional offers (the legitimate interest of Hypadrive.ai in sharing information about its Services. Contractual necessity for some important notifications).
• To sign up to our newsletters, use case studies and marketing material.
• To fight fraud (our legitimate interest in monitoring and detecting fraud to ensure we detect activity that can have harmful effect on the Services).

Article 6.1(b): performance of a contract
To give access to services (a contractual necessity to perform our contractual relationship with Hypadrive.ai Users). When you provide us with the personal data during the registration of the account on the Platform and or insert requested payment information to purchase services; this can be deemed as your request to form a contract or to perform a contract between you and us. Whenever you sign up to our products and services or interact with them in any way, you agree to enter into a contract with us governed by the terms of service/use and our other relevant policies.

Article 6.1(c): legal obligation
We process your personal data to fulfil the applicable legal obligations arising mainly under the GDPR. If you send us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law. We process your information under our legal and regulatory obligations to prevent, detect and investigate any activities that are potentially prohibited, unlawful, contrary to good practices and to ensure compliance with our terms of service/use; as well as to respond to any exercise of rights requests.

PLEASE NOTE:
Information processed on the above basis includes but may not be limited to; usage, name and identity, contact information, subscription plan, billing history, questions asked, user feedback, business information, payment information, professional contact information, job title, social network URLs, collection source URLs, collection dates, IP address & location and account usage. As well as access to the User or Business Accounts data (leads, campaigns etc…) when deemed necessary by our team.

4. Your rights and choices

4.1. Your Rights Under GDPR
If you have any privacy related concerns, we kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. Please email us at privacy@hypadrive.ai. When we act as a joint controller with regard to particular processing of prospect data and business data, you may exercise your rights under the GDPR in respect of and against both our clients (Hypadrive.ai platform / product and service users) and us. If we receive any complaint, claim or request from the data subject which shall be completed by our joint controller, we immediately notify it of such request and inform the data subject of the applied measures and further performance steps regarding serving such complaint/claim/request. Please note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

You have the following rights in relation to the personal data that we hold about you:

• To access your personal data, and some related information as described in the section below "Know if we have information concerning you and what that information is". This means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
• To require any inaccurate personal data to be rectified, completed including by means of providing a supplementary statement. This means that you may ask us to update and correct the false data, missing or incomplete personal data;
• To require us to delete (erasure / to be “forgotten”) the personal data in certain circumstances provided by law. This means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws;

• To require us to restrict or block the processing of your personal data in certain circumstances (when processing is restricted, we can still store your personal data, but may not use it further). This means that you may ask us to restrict processing where:
  

  • your personal data is not correct or is outdated;
  • the processing is unlawful;
• To request portability or obtain from us your personal data, in a structured, commonly used and machine-readable format in certain circumstances. Further, you may have the right to require us to transmit your personal data directly to another person where it is technically feasible to do so. This means that you may ask us to transfer a copy of your personal data to another organisation or to you;
• To object to our use of your personal data for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal data (and require them to be deleted) in some other circumstances. This means that you may raise objections on grounds relating to your particular situation;
• Where we are processing your personal data based on your consent to such processing, to withdraw your consent at any time.
• To lodge a complaint with the supervisory authority pertaining to the processing of your personal data.

Supervisory Authority under GDPR:
In case of any questions regarding data protection, you can apply to the GDPR supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.

Additionally, as Hypadrive.ai operates in various international jurisdictions, each with their own privacy compliance procedures, Hypadrive.ai will also cooperate and comply with privacy policies and procedures in other jurisdictions where the GDPR does not apply.
‍
4.2. How to Update and Delete your Information
If you’re a Hypadrive.ai User, including the User currently assuming control over your team’s Hypadrive.ai Business Account, you can at any time log in to the platform via your User Account to update your information. You can also permanently destroy your account in your settings. Beyond this, we kindly ask you to contact us directly so that we can quickly satisfy your deletion request. You may request Hypadrive.ai to delete all of your personal data by sending a request to Hypadrive.ai via email privacy@hypadrive.ai or through any other available means of communication;

4.3. Know if we have Information Concerning you and what that Information is
In particular, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

• If ’you’re in our database;
• Exactly what data we hold;
• The purposes of the processing;
• How long the data will be kept;
• On what legal bases the data has been processed.

5. Other Information

5.1. LINKS TO THIRD-PARTY WEBSITES OR SERVICES
‍Our Platform may contain links that direct you to other websites or services whose privacy practices may differ from ours. Hypadrive.ai can incorporate links to third-party websites or post YouTube videos with information about Hypadrive.ai’s services within its articles posted on Hypadrive.ai’s Blog, in our Knowledge Base/Help Centre, Glossary or other sections of the Site, or supply you with such links when communicating with you.Please note that if you provide any information to these third-party websites or services, their respective privacy policies, notices, or statements will govern your data, not this Privacy Policy. We encourage you to carefully review the privacy policies, notices, or statements of any website you visit. We have no control over and assume no responsibility for third-party websites or services' content, privacy policies or practices.
‍
‍5.2. INTERNATIONAL DATA TRANSFERS
‍For transfers to countries that do not fall under the requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside Australia. New Zealand and the  EU, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC. We disclose your personal data to the countries outside the EU and the EEA, in compliance with the GDPR in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.
‍
‍5.3. SHARING YOUR DATA WITH OTHER ENTITIES
‍We may share your personal data as a data controller with joint controllers, other controllers, and data processors in accordance with provisions specified hereafter.
‍
‍Third-Party Sharing Consent
‍Sharing your personal information with Hypadrive.ai implies your consent for us to disseminate your data to those whom we deem to be essential third parties to enhance, support, and ameliorate our service–s - including for the purpose of integrating 3rd party functionality into the Hypadrive.ai platform/suite of products and services.
‍
‍Sharing personal data with joint controllers (other controllers)
‍We act as the joint controller while cooperating with Facebook (Meta Platforms Ireland Limited). With respect to this case of personal data processing, we are the party to the Facebook Controller Addendum. Namely, Meta Platforms Ireland Limited and we act as joint controllers with regard to:

• marketing and statistical data collected by Facebook and shared with us via Facebook pixel; and
• emails of the clients we provide Facebook with to customise the advertising of our services.

Likewise, we act as joint controllers during the provision of our services to the clients. You may read more about it in Hypadrive.ai’s Joint Controllership Agreement.

When we act as a joint controller for particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both joint controllers.

Google LLC and we act as independent controllers of personal data across Google LLC’s digital marketing services such as Google DoubleClick Digital Marketing and Google AdWords. To learn more, please visit see cookie policy set out below.


Sharing personal data with data processors (sub processors) that help us manage your data
There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We aim to ensure we choose trusted partners who provide appropriate security measures and safeguards.

Therefore, we may share and disclose your personal data to with our other data processors listed on our website.


We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Hypadrive.ai may adjoin such a data processing agreement. If so, Hypadrive.ai and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.
‍
Hypadrive.ai had adjoined the publicly available data processing agreements of the following Contractors/sub processors: Available on request - please write to us at privacy@hypadrive.ai.

6. Data Security, Integrity and Retention

We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required at our discretion or expressly permitted by law. Our servers are located in various secure geographies to ensure the data that we collect from our Users are safe and protected. If you would like to know more, email us at privacy@hypadrive.ai.

Location of data storage and transfers:
Hypadrive.ai uses AWS to store data related to our platform and users. AWS Servers are provisioned by AWS to suit the geographical needs of our business based on where users are. This information is subject to change but at the time of writing Hypadrive.ai’s data is stored on AWS servers based in the Australia & New Zealand region.

We store:

• Registration Information for the entire period when you use our services and for 1 month after the termination of your account on the Platform.
• Payment Information you have provided us with for the entire period when clients use our services subject to partial deletion and partial anonymization thereafter.
• Cookie Information for the period specified in our Cookie Policy.
• Prospect Information provided to us by you manually or via Email Search services, excluding email addresses, for the entire period when you use our services and 3 months after the deletion of your account on the Platform. In any case, such information can be deleted if we obtain a deletion request from a prospect.
• CRM Data, including personal data contained in the deals and tasks, for 90 days either after the deletion of the specific deal or task where such data has been processed or after the deletion of your account on the platform.
• Email AI Data for 60 days after you have provided this data for us using the Email AI feature. Please note that while our service provider OpenAI states it does not use API data to train OpenAI models or improve OpenAI’s service offering by default, it may store data generated by the service for abuse and monitoring purposes for the period established in OpenAI API data usage policies (for up to 30 days at the moment of updating our Privacy Policy).
• Authentication Token Information, Google User Data, Email Drip Campaigns Data, Integrations API Information for the period established by the third party who provided us with such information.
• Unlimited Email Tracker Data for 60 days after the relevant email was delivered.

NOTE: We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at privacy@hypadrive.ai. Please note that from time to time we may make adjustments to the durations mentioned per business needs and requirements related to our ability to service customers; we aim to update this Policy accordingly but there is a risk that our most recent updates have not yet been reflected in this Policy or other documentation. As someone who interacts with our business in any way, you accept and understand this.

We have implemented what we deem to be appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

7. Google User Data

IMPORTANT: Hypadrive.ai's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
‍
We analyse all new emails in your Inbox using automated algorithms and, in the event, they are received as answer to emails sent via campaigns (called programs inside our platform) we will store them (with all text information, attaches, and images) and record the results of the analysis to provide accurate campaign functioning, campaign statistics, demonstrate the content of the emails to the user, and ensure operability of the follow up features in case the sent email receives no reply.
We may access your Sent emails through your Gmail account; as they relate to your outreach activities run through Hypadrive.ai.
‍
We use access to draft sending in your Gmail account to ensure the operability of the Send Later feature. We may add a tracking pixel to the body of emails sent through our service to track email opens and wrap your links with a tracking domain to track link clicks. We use the data acquired through these tracking methods to maintain email campaign operability and provide campaign reports.
‍
You may revoke Hypadrive.ai’s access to your Gmail account in the Hypadrive.ai Account’s settings page of your Account. If you decide to do so, we will lose access to your Gmail account and will no longer be able to provide you campaign sending services through Gmail API.
‍
We do not use Google Workspace APIs to develop, improve, or train generalised AI and/or ML models.
‍
We delete all data collected from your Gmail account upon request.
‍
Not all Google User Data may contain personal data. Some statistical data will be anonymized.
‍
With regard to the access to Google User Data as specified above, we will:

• only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
• not use this Gmail data for serving advertisements;
• not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the Platform's internal operations - where appropriate and possible, we will aim to aggregate and anonymize data.

8. Cookie Policy

Cookies are small pieces of text (or files), often encrypted, used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. When browsing our sites; cookies, pixels, tags and other trackers (hereafter referred to as ‘cookies’) are installed on your digital device. Each time you visit or return to the site or application, the cookie is retrieved from your browser or device. This ensures that each time you visit the site or application, the browser is recognized. The installation of these cookies is likely to enable us to access your browsing data and/or personal data concerning you.

Hypadrive.ai uses cookies to recognize you when you're using our services and give you the best possible experience as well as learn about those interacting with our products, services and other digital presences. By continuing to visit or use our services, you are agreeing to the use of cookies for the purposes we describe in this policy as well as other purposes we deem required from time to time that may not yet be outlined in our documentation.

8.1 Where do we use cookies?
We may place cookies on your computer or device, and receive information stored in cookies, when you use or visit the website www.hypadrive.ai and its subdomains or other associated TLD domains owned and operated by Hypadrive.ai.

8.2 What types of cookies do we use?
‍
Authentication
If you are signed-in to Hypadrive.ai, cookies help us recognize your device and personalise your experience accordingly.
Example: A cookie is used to keep your session open without asking you to log in every time you access the website.
‍
Research and analytics
We use cookies to better understand how people use Hypadrive.ai so that we can improve our service.
Example: We use Google Analytics which sets a cookie to identify unique users visiting the website.
‍
Features and services
Cookies can be used to personalise some of your features or what your preferences are.
Example: Our payment provider, Stripe, uses a cookie to identify the user, save its preferences and detect abuse.
‍
Fraud prevention
Cookies can be used to analyse risk and prevent fraud.
Example: We use reCAPTCHA that sets a cookie to better assess the risk of abuse on Hypadrive.ai’s website(s).
‍
Advertising
We may install tracking from advertising networks such as Facebook or Google in our services. The data collected by these networks lets us target ads to our users and precisely measure their performance.
Example: We have a Facebook Pixel installed in Hypadrive.ai to be able to display targeted advertising on Facebook to our users.

8.3 Do other parties use cookies in connection with Hypadrive.ai?
Yes, we allow a few trusted partners to use cookies in our services. Here (available upon request) is the current list of the third-parties using cookies on Hypadrive.ai services. Please note: we regularly use or experiment with new and different providers so the list below is subject to change and cannot always be kept up to date in this document in a timely manner. Therefore, if you have any questions about possible other partners who are able to use cookies in our services, then please get in touch with us at privacy@hypadrive.ai.

8.4 How to take control of your cookies?
Cookies can be installed without consent:
Some cookies do not require your consent, such as:

• Technical or functional Cookies that are necessary for the operation of the site;
• Certain Cookies for audience measurement or cookies that enable testing different versions of the site for the purpose of optimising editorial choices.

Acceptance or refusal of cookies subject to your express consent:
All other cookies require your consent. These include advertising cookies, social networking cookies, content personalisation cookies and some audience analysis cookies. You may freely choose to accept or decline the use of these cookies.

You can accept or refuse these cookies the first time you browse the site. Your choices to accept or refuse these cookies will be retained for a period of six (6) months.

You can remove or block certain cookies at any time using the settings in your browser. It is also possible to set your browser to accept or reject certain cookies. If you choose to reject cookies, you may still use our services though your access to some functionality and areas may be restricted.

9. Security Policy

As a provider of a secure and reliable software service, we take the security of the data we manage in relation to the provision of our services very seriously.

To that end, Hypadrive.ai implements what it deems are industry standard security measures to protect personal data from unauthorised disclosure. Hypadrive.ai takes the measures it deems (at its sole discretion) necessary to protect information connected with payments and credit cards.

Moreover, in order to avoid in particular all unauthorised access, to guarantee accuracy and the proper use of the data, Hypadrive.ai has put what it deems to be appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through its services.

Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect you, Hypadrive.ai undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralise the intrusion and minimise the impacts. Should you suffer any loss by reason of the exploitation by a third party of a security breach, Hypadrive.ai undertakes to provide you with the assistance necessary so you are able to assert your rights.

Moreover if, by some exceptional case, the direct loss incurred arose due to fault or gross negligence by Hypadrive.ai, to the maximum extent permitted by law, Hypadrive.ai’s liability is capped at the total applicable fees paid or payable by the User.

You should keep in mind that any user, customer, or hacker who discovers and takes advantage of a breach in security renders him or herself liable to criminal prosecution and that Hypadrive.ai will take all measures, including filing a complaint and/or bringing court action, to preserve the data and the rights of its users and of itself and to limit the impacts.

Here are some of the steps we take to ensure we keep data pertaining to our services safe and protected:
‍
9.1 Data Encryption

• We systematically use HTTPS on hypadrive.ai or any of Hypadrive.ai’s subdomains or other owned and operated domains. Any connection in HTTP gets redirected to it’s secured counterpart.
• We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
• Backups are either encrypted themselves or on encrypted disks.

9.2 Physical Security

• Datacenters selected to host Hypadrive.ai’s services include 24/7 surveillance teams with fencing and strict security procedures.
• Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

9.3 Software

• A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
• A firewall is systematically used on Hypadrive.ai’s servers to prevent access from non-approved IP addresses.
• Critical admin interfaces are protected using at least double-authentication.
• Our software infrastructure is regularly updated using automatic update mechanisms when possible.

9.4 Debit / Credit Card Information

• Hypadrive.ai doesn’t store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
• The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.

9.5 Security Probing
Hypadrive.ai actively looks for security vulnerabilities in our systems. As part of our continuous search for vulnerabilities, we may occasionally at our discretion employ the help of security and related experts to help us identify said security vulnerabilities. Such security professionals and individuals may require access to our systems or may identify access points into our systems which make them privy to data stored in our systems. They are governed by agreements to ensure they maintain the security and confidentiality of any data of our system which they get exposed to in any way and at any time.
‍
9.6 External Security Assessment
Google requires a yearly security assessment to ensure companies requesting access to Gmail accounts meet a high level of security. This audit is named Cloud Application Security Assessment (CASA). CASA has built upon the industry-recognized standards of the OWASP's Application Security Verification Standard (ASVS) to provide a consistent set of requirements to harden security for any application. Further, CASA provides a uniform way to perform trusted assurance assessments of these requirements when such assessments are required for applications with potential access to sensitive data. You can read more about CASA on their official website.

Hypadrive.ai complies with this process. If you have any questions please contact us via privacy@hypadrive.ai.