HypeeHypee Back to Home

Privacy Policy

Last Updated: May 10, 2025  ·  Effective Date: May 10, 2025

1. Introduction

Welcome to Hypee ("we," "our," or "us"). Hypee is a creator business platform that helps Indian Instagram creators automate DMs, build media kits, manage leads, and connect with brands. We are committed to protecting your personal information and being transparent about how we use it.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your data. By using Hypee, you agree to the practices described in this policy.

Company Details:
Hypee
Email: support@hypee.in
Country of Operation: India
Applicable Law: Information Technology Act, 2000 and Digital Personal Data Protection Act, 2023 (DPDP Act)

2. Information We Collect

2.1 Account Information

  • Full name
  • Email address
  • Password (stored encrypted, never in plain text)
  • Account type (Creator or Brand)
  • Profile picture (optional)

2.2 Instagram Data

Currently (manual entry): Instagram details such as your username and follower count are entered manually by you. We store this to display on your profile and media kit. No direct Instagram API access is active at this time.

Coming soon (via Meta Graph API): When we receive approval from Meta, we will connect directly to Instagram's official Graph API to fetch verified profile data. At that point, we will update this policy and notify you. The data we plan to access includes:

Profile Information (future):

  • Instagram username and User ID
  • Profile picture URL
  • Follower count and following count
  • Account type (Business or Creator)

For DM Automation (future, pending Meta approval):

  • Comments on posts you configure for automation (to detect trigger keywords)
  • Ability to send Direct Messages on your behalf when keywords are detected
  • DMs will ONLY send when you have explicitly configured an active automation
What We Will Never Access: Your Instagram password · Private message history · Stories or story viewers · Data from accounts you don't own · Your followers' private information · Financial or location data from Instagram

2.3 Data You Provide

  • Automation messages you write
  • Media kit content (bio, rates, past collaborations)
  • Notes you add to leads
  • Campaign briefs (for brand accounts)

2.4 Usage Data

  • Pages you visit on Hypee
  • Features you use and how often
  • Error logs (for debugging)
  • Device type, browser type, operating system
  • IP address (used for security, not for tracking)

2.5 Payment Information

When you upgrade to a paid plan, payments are processed by Razorpay. We do not store your payment card details. Razorpay handles all payment data under their own privacy policy and PCI DSS compliance.

3. How We Use Your Information

3.1 To Provide Core Features

DM Automation: We use your Instagram access token and comment data to monitor comments on posts you configure, detect keywords you specify, and send automated Direct Messages to commenters on your behalf. This is the primary reason we request instagram_manage_messages and instagram_manage_comments permissions.

Media Kit Generation: We use your Instagram profile data (followers, bio, profile picture) to auto-populate your media kit.

Lead CRM: When our automation sends a DM on your behalf, we save the commenter's Instagram username as a "lead" in your CRM.

Brand Marketplace: If you opt into the marketplace (default: on), we display your public Instagram stats to brand accounts. You can opt out at any time in Settings.

3.2 To Improve the Platform

  • Analyze usage patterns to improve features
  • Fix bugs and technical issues
  • Develop new features based on usage

3.3 To Communicate with You

  • Send transactional emails (account confirmation, password reset)
  • Send notification emails (new lead captured, brand inquiry)
  • Send weekly performance summary emails (you can opt out)
  • Respond to your support requests

3.4 Legal Compliance

  • Comply with Indian law (IT Act 2000, DPDP Act 2023)
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service
  • Protect against fraud and abuse

4. Meta Platform Data — Specific Disclosures

Note: Direct Instagram API integration is not yet active. We have applied for Meta's approval and will update this section when it goes live. The permissions below describe what we will request and why.

When approved, we will use Meta's Graph API under the following permissions. Here is exactly why we need each one:

instagram_basic

To read your Instagram profile information including username, follower count, following count, profile picture, and bio. Used to auto-populate your Hypee profile and media kit, and to display your stats in the creator marketplace (with your consent).

instagram_manage_comments

To read comments on your Instagram posts in real time (via webhook). This is the core of our automation — we monitor comments on posts you configure and detect when specific keywords appear. Without this permission, comment-triggered DM automation cannot work.

instagram_manage_messages

To send Direct Messages on your behalf to users who comment on your posts and trigger your automation. We ONLY send DMs when: (1) you have created an active automation, (2) a user comments the keyword you specified, (3) that user has not been DMed by this automation in the last 24 hours, (4) you have not exceeded your monthly DM limit.

pages_show_list

Instagram Business and Creator accounts are linked to Facebook Pages. This permission allows us to identify the Page connected to the user's Instagram account, which is required by the Graph API to enable Instagram messaging capabilities. We do not use your Pages for any other purpose.

pages_messaging

Sending Instagram DMs through the Graph API requires pages_messaging in addition to instagram_manage_messages. This is a Meta API requirement for the DM sending capability to function. We use it solely for automated DMs as described above.

Data Retention from Meta

  • Instagram access tokens: Stored encrypted. Long-lived tokens valid for 60 days, refreshed automatically.
  • Comment data: Processed in real time. We do NOT store the full text of all comments — only log when a keyword match triggers an automation.
  • DM logs: Stored for 12 months, then permanently deleted.

5. Data Sharing

We do NOT sell your personal data. Ever.

5.1 Service Providers

SupabaseDatabase and authenticationAccount data, usage data
VercelWebsite hostingServer logs
RazorpayPayment processingName, email, plan
ResendTransactional emailsEmail address, name
Meta (Instagram)Instagram APIAccess tokens, API calls

5.2 Brand Marketplace

If you are a creator and opt into our marketplace, brand accounts can see your Instagram username, follower count, engagement rate, niche categories, collaboration rates, and past brand collaborations. This data is only visible to registered brand accounts, not to the general public.

5.3 Legal Requirements

We may disclose your information if required by Indian law, court order, or government authority. We will notify you where legally permitted.

6. Data Security

  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Encryption at rest: Database encryption via Supabase
  • Token encryption: Instagram access tokens encrypted using AES-256
  • Access controls: Row Level Security — users can only access their own data
  • No plain-text passwords: Passwords hashed using bcrypt via Supabase Auth

If we discover a data breach that affects your personal information, we will notify you within 72 hours as required by applicable law.

7. Your Rights

7.1 Access Your Data

Request a copy of all personal data we hold about you. Email support@hypee.in with subject "Data Access Request."

7.2 Correct Your Data

Update incorrect information directly in your Hypee account settings, or email us.

7.3 Delete Your Data

Go to Settings → Account → Delete Account. When you delete your account, we permanently delete within 30 days: your account and profile, all automations and DM logs, all leads, all media kits, your Instagram connection and stored access token, and all campaign data. We retain invoices for 7 years as required by Indian tax law.

7.4 Revoke Instagram Access

Disconnect anytime from: Hypee Settings → Instagram → Disconnect, or via Instagram: Settings → Apps and Websites → Remove Hypee. When disconnected, we immediately delete your stored access token and stop all automations.

7.5 Meta Data Deletion Request

Email support@hypee.in with subject: "Meta Data Deletion Request". We will delete all Instagram data within 30 days and confirm via email.

Data Deletion Status URL: Check the status of your deletion request at hypee.in/privacy#data-deletion or email support@hypee.in with your confirmation code.

8. Cookies

We use essential cookies only: a session cookie to keep you logged in, and a theme preference cookie for dark/light mode. We do NOT use advertising cookies, third-party tracking cookies, or analytics cookies.

9. Children's Privacy

Hypee is not intended for users under 18 years of age. We do not knowingly collect data from minors. Contact support@hypee.in if you believe a minor has created an account.

10. Changes to This Policy

When we make significant changes, we update the "Last Updated" date, notify you by email if you have an account, and show a notice on the Hypee dashboard. Continued use of Hypee after changes means you accept the updated policy.

11. Contact Us

Email: support@hypee.in

Subject for privacy requests: "Privacy Request — [Your Name]"

Response time: Within 7 business days

For Meta/Instagram data: "Meta Data Request — [Your Instagram Username]"