Privacy Policy
Last updated: February 2026
What We Collect
When you create an account, we collect your name and email address. You may optionally provide your phone number to receive SMS notifications. When you use HypeUp, we store the career data you provide: job history, accomplishments, education, certifications, and generated resumes. We also collect usage analytics to improve the product.
How We Use Your Data
Your career data is used solely to provide the HypeUp service — storing your information, generating resumes, and powering features like accomplishment reminders. If you provide a phone number, we use it to send verification codes and accomplishment reminders via SMS. We do not sell your data. We do not use your career data to train AI models.
Legal Bases for Processing (GDPR)
Under the General Data Protection Regulation, we process your data based on the following legal grounds:
- Contract: Processing necessary to provide the HypeUp service you signed up for, including storing your career data and generating resumes.
- Consent: For optional features like marketing emails. You can withdraw consent at any time.
- Legitimate Interest: For security, fraud prevention, and service improvement, where our interests do not override your rights.
Your Rights by Region
European Union & United Kingdom (GDPR / UK GDPR)
If you are in the EU or UK, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Automated decisions: Not be subject to decisions based solely on automated processing
California (CCPA / CPRA)
If you are a California resident, you have the following rights:
- Right to Know: Learn what personal information we collect, use, and share
- Right to Delete: Request deletion of your personal information
- Right to Correct: Correct inaccurate personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell your data)
- Non-Discrimination: Exercise your rights without discriminatory treatment
All Users
Regardless of location, you can access, export, or delete your data at any time from your account settings.
Cookies
We use the following types of cookies:
- Essential cookies: Required for the service to function (session management, authentication). These cannot be disabled.
- Analytics cookies: Google Analytics to understand how users interact with HypeUp. These are optional and can be disabled via our cookie banner.
We do not use advertising or tracking cookies. For more details, see our Cookie Policy.
Third-Party Services
We use the following third-party services:
- Stripe for payment processing
- OpenAI and Anthropic for AI resume generation (your data is sent to generate resumes but is not used for model training)
- Google Analytics for anonymous usage statistics
- FusionAuth for authentication
- SendGrid for email delivery
- Twilio for SMS delivery
- Sentry for error monitoring
International Data Transfers
HypeUp is operated from the United States. Your data is processed and stored in the US (Google Cloud Platform, us-central1 region).
For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Our subprocessors maintain appropriate safeguards for international data transfers.
Data Retention
We retain your data as follows:
- Account data: For the duration of your account, plus 30 days after deletion
- Billing records: 7 years (legal requirement)
- Server logs: 90 days
- Deleted account data: Permanently removed within 30 days of account deletion
Subprocessors
We use the following subprocessors to deliver our service:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure & hosting | United States |
| Stripe | Payment processing | United States |
| OpenAI | AI resume generation | United States |
| Anthropic | AI resume generation | United States |
| FusionAuth | Authentication | United States |
| SendGrid | Email delivery | United States |
| Twilio | SMS delivery | United States |
| Sentry | Error monitoring | United States |
Data Storage & Security
Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use industry-standard security practices including access controls, regular security reviews, and cloud infrastructure with automatic security updates.
Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by GDPR. We will also notify relevant supervisory authorities where required.
Children's Privacy
HypeUp is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.
Changes to This Policy
We may update this privacy policy from time to time. For material changes, we will notify you via email or a prominent notice in the application at least 30 days before the changes take effect.
Contact
For privacy questions, data requests, or to exercise your rights, contact us at privacy@gethypeup.com.
If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.