Your Privacy Matters at Hyprnote

Our Promise

Hi there, and welcome to Hyprnote—a product by Fastrepl, Inc. (“we,” “us,” or “our”). We are big on privacy! We prioritize your privacy by minimizing data collection and keeping your content completely local by default. You can always opt out of telemetry for full data control in the settings.
By using Hyprnote (the “Services”), you agree to the practices described here. If anything leaves you scratching your head, just email us at help@hyprnote.com. No fuss, no complicated jargon—just straight talk!

Who is Responsible for Your Data?

Fastrepl, Inc., a corporation organized and existing under the laws of the State of California, USA, with its registered office at 2261 Market St, Suite 85492, San Francisco, CA 94114, USA, is the Data Controller for all personal information processed through the Services.
If you have any questions or requests regarding your personal data, you can contact our Data Protection Officer (“DPO”) at help@hyprnote.com or by post at the address above (Attn: DPO).

What We Mean by “Personal Information”

“Personal Information” is any information that, alone or combined with other data, can be used to identify or reasonably infer the identity of a natural person.

What We Collect

We collect only the data necessary to operate Hyprnote, provide the Services, and comply with legal requirements. Depending on how you interact with the Services, we may collect the following:

Hyprnote Desktop App

Important: We never collect, store, or process your recordings, transcripts, notes, or any content you create with Hyprnote. This data remains entirely on your device unless you opt into experimental cloud-based models. The only data we collect from the app is minimal, anonymous usage analytics and crash diagnostics, which you can opt out of at any time.
  • PostHog Analytics
    • Purpose: Understand feature usage & improve the app
    • Data Points: Anonymous session ID, feature usage patterns, event timestamps
    • Opt-Out: Yes — disable “Usage Analytics” in Settings
  • Sentry Error Reporting
    • Purpose: Diagnose crashes & bugs
    • Data Points: Error traces, app version, device model, operating system version, language setting, time zone, IP address at the time of error
    • Opt-Out: Yes — disable “Error Reporting” in Settings

Hyprnote Website (hyprnote.com)

To provide live support, collect feedback, and keep the site running smoothly, the website integrates the following third-party services:
  • PostHog (Website Analytics)
    • Purpose: Understand site traffic & improve user experience
    • Data Points: Anonymous page views, referrer, event timestamps, pseudonymous session ID
    • Opt-Out: Block analytics in your browser or use an ad blocker
  • Intercom Live Chat
    • Purpose: Real-time customer support
    • Data Points: Messages you voluntarily send, your IP address (for routing), browser & OS details, authentication token (if signed in)
    • Opt-Out: Close the chat widget or do not initiate chat
  • Canny (Feedback System)
    • Purpose: Collect user feedback, feature requests, and product improvement suggestions
    • Data Points: User-provided feedback text, optional email, and name for follow-up, voting preferences
    • Opt-Out: Choose not to provide personal information when submitting feedback
For users who upgrade to our paid plans (Individual or Enterprise), we collect the following information to process your subscription:
  • Name: To identify you as the account holder.
  • Email Address: For billing communications and account management.
  • Billing Address: To process payments and comply with tax requirements.
  • Payment Details: Handled securely by our payment processor, Stripe, and not stored by Hyprnote. This data is only collected for paid users. Any additional personal details you voluntarily enter in the app (e.g., name, title) remain local on your device and are not collected or processed by us. We do not link any of the data above to your private notes or recordings, and we never sell, rent, or share personal information for cross-context behavioral advertising.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to enhance your experience, ensure secure access, and support analytics. Below is a breakdown of the cookies we use:
  • Essential Cookies:
    • Purpose: Enable core website functionality and maintain user sessions (e.g., authentication tokens).
    • Data Points: Authentication token to keep you signed in.
    • Duration: Session-based or up to 30 days for persistent login.
    • Opt-Out: Not available, as these are necessary for the website to function.
  • Analytics Cookies (PostHog):
    • Purpose: Track anonymous usage patterns to improve the website.
    • Data Points: Pseudonymous session ID, page views, referrer, event timestamps.
    • Duration: Up to 24 months.
    • Opt-Out: Block cookies in your browser or use an ad blocker.
  • Functional Cookies (Intercom, Canny):
    • Purpose: Enable live chat and feedback features.
    • Data Points: Messages you send, optional email/name, browser/OS details, voting preferences.
    • Duration: Up to 12 months.
    • Opt-Out: Close the chat widget, do not submit feedback, or block cookies.
      You can manage cookie preferences through your browser settings. Note that disabling essential cookies may impair website functionality. For more details, see our Cookie Policy.

How We Use Information

We use the collected data to:
  • Provide, operate, and maintain the Services
  • Analyze usage to improve features and user experience
  • Diagnose and fix technical issues
  • Provide real-time customer support via Intercom
  • Comply with legal obligations (e.g., tax, accounting, enforcement requests)

Sharing with Third Parties

We disclose personal information only in the limited situations described below. We do not sell, rent, or share personal information for cross-context behavioral advertising within the meaning of the California CPRA.
  • Service Providers: We use reputable third-party vendors (e.g., PostHog, Sentry, Intercom, Canny, Stripe) to operate and maintain the Services. These providers receive only the data necessary for their tasks, process it exclusively on our instructions, and are contractually required to apply industry-standard security measures.
  • Legal and Compliance Requests: We may disclose information when required by subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, property, safety, or that of users or the public. We provide only the data that the law strictly requires and challenge over-broad requests where permitted.
  • Business Transfers: If Fastrepl, Inc. is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. The acquiring entity will be required to honor this Privacy Policy or to provide you with advance notice of materially different practices.
  • Stripe (Payment Processing): For paid plans, we use Stripe, a PCI DSS-compliant payment processor, to handle payment details (e.g., credit card information). Stripe collects and processes this data directly on our behalf, and Hyprnote does not store or access it. You can opt out of providing payment details by not subscribing to a paid plan.

How Hyprnote Works

  1. Completely Local Processing (Desktop App)
    • Your recordings, transcripts, and notes stay on your device.
    • All AI processing happens locally by default.
    • We have no servers that receive, store, or process your content.
  2. Experimental Cloud-Based Models (Optional)
    • You may switch from local AI models to optional cloud models.
    • When enabled, we track only the number of API calls and cost data—never your content.
    • Disabled by default; you can switch back any time.
  3. Website Interactions Visiting hyprnote.com may load Intercom and Canny scripts, which collect the limited data outlined above.
  4. Open-Source Licensing
    We are proud to make the core Hyprnote app open-source under the GNU Affero General Public License (AGPLv3), which means you can view and audit our code on GitHub for full transparency. This open-source approach ensures you can trust how Hyprnote manages your data locally. For our Enterprise Plan, some features may use a custom license, but rest assured, this does not change our commitment to your data privacy; your recordings, transcripts, and notes stay on your device, and we never access them, as outlined in this Privacy Policy.
  5. AI Processing
    Hyprnote uses AI to power features like meeting transcription, summarization, and chat-based querying, all happening right on your device. We use our own proprietary model (HyprLLM) and trusted third-party models like Llama 3B (Meta) for text processing and Whisper (OpenAI) for speech-to-text, ensuring your data stays local and private. No user data is ever used to train our AI models or sent to our servers. If you choose to connect to a third-party API (e.g., OpenAI GPT API) for enhanced summaries, you control that connection, and we do not access or retain any data sent to those APIs. Be sure to review the third-party provider’s privacy policy for their data practices.

Keeping It Safe

  • Local-Only Content: Your recordings and transcripts never leave your device unless you choose otherwise.
  • Minimal Analytics: Only basic usage data (PostHog), crash diagnostics (Sentry), chat messages (Intercom), and feedback data (Canny) are collected.
  • Security Measures: We use industry-standard encryption for data in transit (e.g., HTTPS for website interactions) and ensure third-party vendors apply equivalent protections. Our vendors are contractually obligated to maintain robust security standards.
  • Full Data Control: You can disable PostHog and Sentry in the app settings, and you can avoid Intercom or Canny by not using the chat widget, not submitting feedback, or blocking third-party scripts/cookies.
  • Sensitive Data: Please avoid sharing sensitive data, such as Personal Information (PI), Personally Identifiable Information (PII), or Protected Health Information (PHI), in public or shared channels like our Discord community or Intercom support chats. These platforms are not designed to handle sensitive data securely. For enterprise customers, our agreements may include terms prohibiting the upload of sensitive data to such channels to ensure compliance and security. If you need to share sensitive details for support, please contact us directly at help@hyprnote.com using secure methods.

California and U.S. State Privacy Laws

If you are a resident of California or another U.S. state with applicable privacy laws (e.g., Virginia, Colorado, Connecticut, or Utah), you have specific rights under laws such as the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
  • Right to Know: You can request details about the categories of personal information we collect, the purposes for collection, and whether it is shared with third parties.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions (e.g., legal obligations).
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising, as defined by the CCPA/CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights (e.g., by denying services or charging different prices).
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information (e.g., social security numbers, biometric data) as defined by the CCPA/CPRA.
    To exercise these rights, contact our DPO at help@hyprnote.com or submit a request via https://hyprnote.com/privacy-requests. We will verify your identity (e.g., via email confirmation) and respond within the timeframes required by law (e.g., 45 days for CCPA requests, with possible extensions).
    We do not knowingly collect personal information from California residents under 16 without verifiable parental consent, as required by the CCPA.

EU/EEA and GDPR Compliance

If you are accessing our Services from the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws grant you specific rights and impose obligations on us as the Data Controller.
  • Legal Basis for Processing: We process personal data based on:
    • Consent: For optional analytics (PostHog), live chat (Intercom), and feedback (Canny), where you actively opt in or can opt out.
    • Contract: To provide the Services (e.g., authentication tokens for website access).
    • Legitimate Interests: For error reporting (Sentry) and improving user experience, where our interests are not overridden by your rights.
    • Legal Obligation: To comply with tax, accounting, or law enforcement requests.
  • Your GDPR Rights:
    • Access: Request a copy of your personal data.
    • Rectification: Correct inaccurate or incomplete data.
    • Erasure: Request deletion of your data, subject to legal exceptions.
    • Restriction: Request restriction of processing in certain cases (e.g., while a data accuracy dispute is resolved).
    • Portability: Receive your data in a structured, machine-readable format.
    • Objection: Object to processing based on legitimate interests (e.g., analytics).
    • Withdraw Consent: Withdraw consent for optional data processing at any time (e.g., via app settings).
  • Exercising Your Rights: Contact our DPO at help@hyprnote.com or submit a request via https://hyprnote.com/privacy-requests. We will respond within one month, with possible extensions for complex requests.
  • Data Transfers: Data may be transferred to the U.S. or other countries outside the EEA. We use Standard Contractual Clauses (SCCs) and other approved safeguards to ensure GDPR-compliant transfers. Our third-party providers (PostHog, Sentry, Intercom, Canny, Stripe) are certified under applicable data protection frameworks (e.g., EU-U.S. Data Privacy Framework).
  • Consent Banners: For EEA users, we display consent banners for non-essential cookies in compliance with GDPR and ePrivacy Directive.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK) if you believe we have not complied with GDPR.

International Transfers

We are headquartered in the United States, and data may be processed in the U.S. or other countries that may not have data protection laws equivalent to those in your jurisdiction. To ensure compliance with applicable regulations, we implement the following safeguards:
  • Standard Contractual Clauses (SCCs): For transfers to countries outside the EEA, UK, or Switzerland, we use SCCs approved by the European Commission to ensure adequate protection of personal data.
  • Data Protection Frameworks: Our third-party providers (PostHog, Sentry, Intercom, Canny, Stripe) are certified under frameworks such as the EU-U.S. Data Privacy Framework (DPF) or equivalent mechanisms, ensuring compliance with international data transfer requirements.
  • Data Minimization: We limit transfers to only the data necessary for the purposes outlined in this Privacy Policy (e.g., analytics, support).
  • Risk Assessments: We conduct regular Transfer Impact Assessments (TIAs) to evaluate the risks of data transfers and ensure compliance with GDPR and other applicable laws.
  • User Control: You can opt out of non-essential data transfers (e.g., analytics) via app settings or browser settings. If you have concerns about international data transfers, contact our DPO at help@hyprnote.com for further information or to exercise your rights.

Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal obligations. Anonymous analytics data (e.g., PostHog) is retained for up to 24 months for performance analysis. Support messages (e.g., Intercom, Canny) are retained for up to 12 months unless you request deletion. You can contact our DPO to request deletion of your personal data.

Your Rights

You have the following rights regarding your personal information:
  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal obligations.
  • Opt-Out: Opt out of analytics (PostHog, Sentry) or marketing communications (Intercom, Canny) as described above.
  • GDPR-Specific Rights (EEA Users): Request restriction of processing, data portability, or object to processing where applicable. To exercise these rights, contact our DPO at help@hyprnote.com or submit a request via https://hyprnote.com/privacy-requests.

Children’s Privacy

Hyprnote is not directed to children under 16 years of age, or the higher age threshold that may apply in your jurisdiction (e.g., 16 under GDPR for EEA users, 13 under COPPA in the U.S.). We do not knowingly collect personal information from children below the applicable age threshold without verifiable parental consent, as required by applicable laws such as the U.S. Children’s Online Privacy Protection Act (COPPA), GDPR, or other regional regulations. If you believe a child has provided us with personal data without the necessary consent, please contact our DPO at help@hyprnote.com, and we will promptly delete the information.

Changes to This Policy

We might occasionally update this Privacy Policy. If the changes are significant, we will notify you in the app or on our website. The “Last Updated” date at the top helps you keep track.

Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of the State of California, USA, without regard to its conflict of law principles, except where preempted by other applicable laws, such as the General Data Protection Regulation (GDPR) for residents of the European Economic Area (EEA), United Kingdom, or Switzerland.
  • General Disputes: Any disputes arising under this Privacy Policy will be resolved through good-faith negotiation. If negotiation fails, disputes will be resolved in the state or federal courts located in San Francisco, California, unless otherwise required by applicable law.
  • GDPR-Specific Disputes: For EEA, UK, or Swiss residents, you may lodge a complaint with your local data protection authority if you believe we have not complied with GDPR. You may also seek judicial remedies in the courts of your country of residence. We will cooperate fully with supervisory authorities and comply with their decisions.
  • Alternative Dispute Resolution: For GDPR-related disputes, we encourage alternative dispute resolution mechanisms, such as mediation, where appropriate. Contact our DPO at help@hyprnote.com to initiate such processes.
    By using the Services, you consent to the jurisdiction of San Francisco courts for non-GDPR matters, subject to your mandatory statutory rights under applicable local laws.

Entire Agreement

This Privacy Policy, together with our Terms and Conditions and, where applicable, our Data Processing Agreement for users engaging with optional cloud-based models, constitutes the entire agreement between you and Fastrepl, Inc. regarding the collection, use, and protection of your personal information. In the event of any conflict between this Privacy Policy and the Terms and Conditions or Data Processing Agreement, this Privacy Policy will prevail with respect to privacy matters.

Let’s Chat

Questions, suggestions, or concerns about privacy? Reach out!

Thanks for Trusting Hyprnote!

We are dedicated to providing a privacy-focused experience. Our local-first approach with minimal analytics means you keep control of your content while we continue improving the application. Remember, you can always opt out of telemetry for full data control in the settings. Enjoy Hyprnote with peace of mind!