Privacy Policy

Last updated: February 2026

What We Collect

When you create an account, we collect your name and email address. You may optionally provide your phone number to receive SMS notifications. When you use HypeUp, we store the career data you provide: job history, accomplishments, education, certifications, and generated resumes. We also collect usage analytics to improve the product.

How We Use Your Data

Your career data is used solely to provide the HypeUp service — storing your information, generating resumes, and powering features like accomplishment reminders. If you provide a phone number, we use it to send verification codes and accomplishment reminders via SMS. We do not sell your data. We do not use your career data to train AI models.

Legal Bases for Processing (GDPR)

Under the General Data Protection Regulation, we process your data based on the following legal grounds:

  • Contract: Processing necessary to provide the HypeUp service you signed up for, including storing your career data and generating resumes.
  • Consent: For optional features like marketing emails. You can withdraw consent at any time.
  • Legitimate Interest: For security, fraud prevention, and service improvement, where our interests do not override your rights.

Your Rights by Region

European Union & United Kingdom (GDPR / UK GDPR)

If you are in the EU or UK, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Automated decisions: Not be subject to decisions based solely on automated processing

California (CCPA / CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Learn what personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not sell your data)
  • Non-Discrimination: Exercise your rights without discriminatory treatment

All Users

Regardless of location, you can access, export, or delete your data at any time from your account settings.

Cookies

We use the following types of cookies:

  • Essential cookies: Required for the service to function (session management, authentication). These cannot be disabled.
  • Analytics cookies: Google Analytics to understand how users interact with HypeUp. These are optional and can be disabled via our cookie banner.

We do not use advertising or tracking cookies. For more details, see our Cookie Policy.

Third-Party Services

We use the following third-party services:

  • Stripe for payment processing
  • OpenAI and Anthropic for AI resume generation (your data is sent to generate resumes but is not used for model training)
  • Google Analytics for anonymous usage statistics
  • FusionAuth for authentication
  • SendGrid for email delivery
  • Twilio for SMS delivery
  • Sentry for error monitoring

International Data Transfers

HypeUp is operated from the United States. Your data is processed and stored in the US (Google Cloud Platform, us-central1 region).

For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Our subprocessors maintain appropriate safeguards for international data transfers.

Data Retention

We retain your data as follows:

  • Account data: For the duration of your account, plus 30 days after deletion
  • Billing records: 7 years (legal requirement)
  • Server logs: 90 days
  • Deleted account data: Permanently removed within 30 days of account deletion

Subprocessors

We use the following subprocessors to deliver our service:

ProviderPurposeLocation
Google Cloud PlatformInfrastructure & hostingUnited States
StripePayment processingUnited States
OpenAIAI resume generationUnited States
AnthropicAI resume generationUnited States
FusionAuthAuthenticationUnited States
SendGridEmail deliveryUnited States
TwilioSMS deliveryUnited States
SentryError monitoringUnited States

Data Storage & Security

Your data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use industry-standard security practices including access controls, regular security reviews, and cloud infrastructure with automatic security updates.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by GDPR. We will also notify relevant supervisory authorities where required.

Children's Privacy

HypeUp is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. For material changes, we will notify you via email or a prominent notice in the application at least 30 days before the changes take effect.

Contact

For privacy questions, data requests, or to exercise your rights, contact us at privacy@gethypeup.com.

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.