Privacy Policy

Hyperistic (“we,” “us,” or “our”) operates the website hyperistic.pics and the services available through it (collectively, the “Service”). This Privacy Policy describes what information we collect, how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Information We Collect

1.1 Account Information

• Email address (required to create an account)
• Name or display name (optional)
• Authentication credentials managed via Supabase Auth

1.2 Payment Information

Payments are processed by Stripe, Inc. We do not store your full card number, CVV, or bank details on our servers. We receive only a tokenised reference and basic billing metadata (last 4 digits, card brand, expiry) from Stripe.

1.3 Images You Upload

When you use the Service you upload photos for AI enhancement. These images are transmitted securely to our processing infrastructure and to Supabase Storage. See Section 4 for full details on how images are handled and deleted.

1.4 Usage & Technical Data

• Pages visited, features used, and time spent on the Service
• IP address, browser type, operating system, and device identifiers
• Referring URLs and search terms
• Error logs and performance metrics

1.5 Communications

If you contact us by email or through our contact form, we retain the content of your messages and your contact details to respond and to improve our support.

2. How We Use Your Information

We process your information to:

• Create and manage your account and subscription
• Provide, operate, and improve the AI photo-enhancement Service
• Process payments and send receipts
• Send transactional emails (account confirmation, payment receipts, password resets)
• Respond to support requests and inquiries
• Detect and prevent fraud, abuse, and security incidents
• Analyse aggregate usage patterns to improve the Service
• Comply with applicable legal obligations

We do not use your uploaded images for marketing, public display, or to train AI models.

3. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

• Contract performance — to provide the Service you signed up for
• Legitimate interests — security, fraud prevention, and Service improvement
• Legal obligation — tax records, law-enforcement requests
• Consent — marketing emails (you can withdraw at any time)

4. Image Processing & Storage

5. Sharing & Disclosure

We share your information only in the following circumstances:

• Service providers — Supabase (database & storage), Stripe (payments), AI processing APIs, and Vercel (hosting). Each provider is bound by data processing agreements and may only use your data to provide their services to us.
• Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Hyperistic, our users, or others.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, with advance notice to you.
• With your consent — in any other circumstances where you have given explicit permission.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

6. Data Security

We implement industry-standard technical and organisational safeguards, including:

• TLS encryption for all data in transit
• Encryption at rest for stored data via Supabase
• Row-level security so users can only access their own data
• PCI DSS-compliant payment processing via Stripe
• Access controls limiting who on our team can access production data

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights:

• Access — request a copy of the data we hold about you
• Correction — ask us to correct inaccurate or incomplete data
• Deletion — request deletion of your account and personal data
• Portability — receive your data in a structured, machine-readable format
• Objection / restriction — object to or restrict certain processing
• Withdraw consent — opt out of marketing emails at any time
• California residents (CCPA) — right to know, right to delete, and right to opt out of the “sale” of personal information (we do not sell personal information)

To exercise any of these rights, email studio@hyperistic.pics. We respond within 30 days.

8. Cookies & Tracking

• Essential cookies — required for login and session management
• Analytics — aggregate, anonymised statistics to improve the Service
• Preferences — remembering your settings

You can control or disable cookies through your browser settings. Disabling essential cookies may affect your ability to log in.

9. International Data Transfers

Our infrastructure may be located in the United States or other countries. If you are located outside the US, your information may be transferred to and processed in the US. We take appropriate safeguards, such as contractual protections, to ensure such transfers comply with applicable privacy laws.

10. Children’s Privacy

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact studio@hyperistic.pics and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact Us

For privacy-related questions or to exercise your rights, please contact: