Hypeehypee Back to Home

Privacy Policy

Last Updated: May 16, 2026  ·  Effective Date: May 10, 2025

1. Introduction

Welcome to Hypee ("we," "our," or "us"). Hypee is a creator business platform that helps Indian Instagram creators build media kits, manage leads, and connect with brands — and will soon enable DM automation (coming soon, pending Meta API approval). We are committed to protecting your personal information and being transparent about how we use it.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your data. By using Hypee, you agree to the practices described in this policy.

Company Details:
Hypee Technologies Pvt. Ltd.
Registered Address: Bengaluru, Karnataka, India
Email: support@hypee.co.in
Country of Operation: India
Applicable Law: Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (DPDP Act)

2. Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Password (stored encrypted, never in plain text)
  • Account type (Creator or Brand)
  • Profile picture (optional)

2.2 Instagram Data (via Meta Graph API)

When you connect your Instagram account to Hypee using the "Connect with Instagram" button, we access the Instagram Business Login API on your behalf. You must have a Business or Creator Instagram account to connect. We access the following data:

Profile Information:

  • Instagram username and User ID
  • Profile picture URL
  • Follower count and following count
  • Account type (Business or Creator)

For DM Automation (Coming Soon — pending Meta API approval):

  • Comment events on Instagram posts you configure for automation (received via Meta Webhooks in real time)
  • We will send Direct Messages on your behalf to commenters who match your configured keywords
  • DMs will ONLY send when you have explicitly created and activated an automation with a specific post and keyword
  • The same commenter will receive at most 1 DM per 24 hours from your automation

Note: DM Automation is not yet active. We are awaiting official Meta API approval before this feature goes live. When approved, data collection for automation will begin only from the moment you create an active automation.

If you do not connect Instagram via OAuth, you may optionally enter your username and follower count manually — this self-reported data is not verified by Meta and will be shown with a "Self-reported" label.

What We Will Never Access: Your Instagram password · Private message history · Stories or story viewers · Data from accounts you don't own · Your followers' private information · Financial or location data from Instagram

2.3 Data You Provide

  • Automation messages you write
  • Media kit content (bio, rates, past collaborations)
  • Notes you add to leads
  • Campaign briefs (for brand accounts)

2.4 Usage Data

  • Pages you visit on Hypee
  • Features you use and how often
  • Error logs (for debugging)
  • Device type, browser type, operating system
  • IP address (used for security, not for tracking)

2.5 Payment Information

When you upgrade to a paid plan, payments are processed by Razorpay. We do not store your payment card details. Razorpay handles all payment data under their own privacy policy and PCI DSS compliance.

3. How We Use Your Information

3.1 To Provide Core Features

DM Automation (Coming Soon): Once Meta approves our API permissions, we will use your Instagram access token and comment data to monitor comments on posts you configure, detect keywords you specify, and send automated Direct Messages to commenters on your behalf. This is the primary reason we request instagram_business_manage_messages and instagram_business_manage_comments permissions. This feature is not yet active — no DMs are sent automatically until Meta's approval is received and you create an active automation.

Media Kit Generation: We use your Instagram profile data (followers, bio, profile picture) to auto-populate your media kit.

Lead CRM: When our automation sends a DM on your behalf, we save the commenter's Instagram username as a "lead" in your CRM.

Brand Marketplace: If you opt into the marketplace (default: on), we display your public Instagram stats to brand accounts. You can opt out at any time in Settings.

3.2 To Improve the Platform

  • Analyze usage patterns to improve features
  • Fix bugs and technical issues
  • Develop new features based on usage

3.3 To Communicate with You

  • Send transactional emails (account confirmation, password reset)
  • Send notification emails (new lead captured, brand inquiry)
  • Send weekly performance summary emails (you can opt out)
  • Respond to your support requests

3.4 Legal Compliance

  • Comply with Indian law (IT Act 2000, DPDP Act 2023)
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service
  • Protect against fraud and abuse

4. Meta Platform Data — Specific Disclosures

Hypee uses Meta's Instagram Business Login API (Graph API v22.0) to power Instagram connectivity for creators. Below is a full disclosure of the permissions we request and exactly how each is used. We only request permissions that are actively used in the product.

instagram_business_basic

To read your Instagram Business or Creator account profile — username, user ID, profile picture, follower count, and account type. Used to auto-populate your Hypee creator profile and media kit, and to display your verified stats in the creator marketplace (only with your consent — you can opt out in Settings at any time).

instagram_business_manage_comments

To receive real-time comment events on your Instagram posts via Meta Webhooks. When you create an automation and configure a specific post and trigger keyword, we listen for new comments on that post. If a comment contains your keyword, we trigger the DM automation. We do not store the full text of comments — only the comment ID is used for deduplication.

instagram_business_manage_messages

To send Instagram Direct Messages on your behalf when your automation triggers. DMs are sent only when: (1) you have created an active automation, (2) a commenter uses your configured keyword, (3) that commenter has not already received a DM from this automation in the past 24 hours. You can disable or delete any automation at any time from your dashboard.

pages_messaging

Required for Instagram Business accounts connected to Facebook Pages to send and receive messages through the Messenger Platform. Used alongside instagram_business_manage_messages to ensure complete messaging coverage for creators whose Instagram accounts are linked to a Facebook Page.

instagram_manage_insights

To read detailed analytics data for your Instagram account — including impressions, reach, and engagement metrics. Will be used to display your engagement rate and content performance in your Hypee media kit and analytics dashboard, giving brands accurate, API-verified statistics. Note: this permission is currently awaiting Meta API approval — analytics insights are not yet active.

instagram_insights

To read aggregate account-level insights including follower growth, profile views, and content reach. Will be used to populate your Hypee analytics dashboard with real-time data and to display verified engagement rates in the creator marketplace. Note: this permission is currently awaiting Meta API approval — analytics insights are not yet active.

pages_read_user_content

To read public content (comments and posts) on Facebook Pages connected to your Instagram Business account. Used to support comment-trigger automation for content that has been shared or posted across both Instagram and a connected Facebook Page.

Data Retention

  • Instagram access tokens: Stored encrypted using AES-256-GCM. Valid for 60 days. Deleted immediately on disconnect or account deletion.
  • Comment data: Processed in real time via webhook. Full text NOT stored — only comment ID for deduplication.
  • DM logs: Recipient username, status, timestamp — stored for 12 months, then permanently deleted.
  • Profile data (name, email, avatar, bio, rates): Retained for the life of your account. Deleted within 30 days of account deletion.
  • Media kit data (niche, rates, past collabs, template): Retained for the life of your account. Deleted within 30 days of account deletion.
  • Campaign data (applications, briefs, brand messages): Retained for 24 months to support dispute resolution, then permanently deleted.
  • Analytics data (kit views, lead counts): Aggregated and retained for 12 months, then deleted.
  • Payment invoices: Retained for 7 years as required by Indian GST law.

5. Data Sharing

We do NOT sell your personal data. Ever.

5.1 Service Providers

SupabaseDatabase and authenticationAccount data, usage data
VercelWebsite hostingServer logs
RazorpayPayment processingName, email, plan
ResendTransactional emailsEmail address, name
Meta (Instagram)Instagram APIAccess tokens, API calls

5.2 Brand Marketplace

If you are a creator and opt into our marketplace, brand accounts can see your Instagram username, follower count, engagement rate, niche categories, collaboration rates, and past brand collaborations. This data is only visible to registered brand accounts, not to the general public.

5.3 Legal Requirements

We may disclose your information if required by Indian law, court order, or government authority. We will notify you where legally permitted.

6. Data Security

  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Encryption at rest: Database encryption via Supabase
  • Token encryption: Instagram access tokens encrypted using AES-256
  • Access controls: Row Level Security — users can only access their own data
  • No plain-text passwords: Passwords hashed using bcrypt via Supabase Auth

If we discover a data breach that affects your personal information, we will notify you within 72 hours as required by applicable law.

7. Your Rights

7.1 Access Your Data

Request a copy of all personal data we hold about you. Email support@hypee.co.in with subject "Data Access Request."

7.2 Correct Your Data

Update incorrect information directly in your Hypee account settings, or email us.

7.3 Delete Your Data

Go to Settings → Account → Delete Account. When you delete your account, we permanently delete within 30 days: your account and profile, all automations and DM logs, all leads, all media kits, your Instagram connection and stored access token, and all campaign data. We retain invoices for 7 years as required by Indian tax law.

7.4 Revoke Instagram Access

Disconnect anytime from: Hypee Settings → Instagram → Disconnect, or via Instagram: Settings → Apps and Websites → Remove Hypee. When disconnected, we immediately delete your stored access token and stop all automations.

7.5 Meta Data Deletion Request

Email support@hypee.co.in with subject: "Meta Data Deletion Request". We will delete all Instagram data within 30 days and confirm via email.

Data Deletion Status URL: Check the status of your deletion request at hypee.co.in/privacy#data-deletion or email support@hypee.co.in with your confirmation code.

8. Cookies

We use essential cookies only: a session cookie to keep you logged in, and a theme preference cookie for dark/light mode. We do NOT use advertising cookies, third-party tracking cookies, or analytics cookies.

9. Children's Privacy

Hypee is not intended for users under 18 years of age. We do not knowingly collect data from minors. Contact support@hypee.co.in if you believe a minor has created an account.

10. Changes to This Policy

When we make significant changes, we update the "Last Updated" date, notify you by email if you have an account, and show a notice on the Hypee dashboard. Continued use of Hypee after changes means you accept the updated policy.

11. Contact Us

Email: support@hypee.co.in

Subject for privacy requests: "Privacy Request — [Your Name]"

Response time: Within 7 business days

For Meta/Instagram data: "Meta Data Request — [Your Instagram Username]"