Privacy Policy

1. Who we are

Hypereel (“Hypereel”, “we”, “us”, “our”) is a business registered in Australia. We operate the website at https://hypereel.ai and the connected AI ad-cloning and video-generation tools accessible through it (the “Service”).

This Privacy Policy describes how we collect, use, disclose, store and secure personal information when you visit the website or use the Service. It is written to align with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

This Privacy Policy is incorporated into our Terms of Use at https://hypereel.ai/terms.

2. The personal information we collect

2.1 Information you provide to us

Account information

Your email address, password (stored as a salted hash, never in plaintext), display name, organisation name and time zone.

Billing information

A Stripe customer ID, the plan you subscribe to, your invoice history and the country you provided to Stripe at checkout. Full payment-card details are collected and stored by Stripe; we never see or store them.

Project content you upload

Brand assets (logos, brand guidelines), product images and product descriptions, character reference photos, voice recordings used for voice cloning, source-ad URLs, and any prompts, scripts or notes you type into the Service. We treat this content as personal information when it identifies, or could reasonably identify, an individual (including you, your colleagues, or a person depicted in a photograph or voice recording).

Generated content

Outputs the Service produces from your inputs — generated images, video clips, transcripts of source-ad audio, prompt plans, and analytical metadata about your projects.

Communications with us

The content of any email, support request, feedback or chat message you send us, plus the metadata of those communications.

2.2 Information collected automatically

Device and connection data

Internet protocol (IP) address, approximate geographic region inferred from IP, user-agent (browser type and version, operating system), device type, screen size, and the time of each request.

Service-usage telemetry

Pages and features you interact with, button clicks, generation events (model used, duration, status, credits consumed), error events, and performance metrics. These are captured by product analytics software and error monitoring software.

Cookies and similar technologies

We use first-party cookies for session authentication and for remembering your preferences. Analytics identifiers are pseudonymised. We do not set third-party advertising or behavioural-tracking cookies. See Section 9.

2.3 Information from third parties

Stripe

When you make a purchase, Stripe shares with us limited transaction metadata: customer ID, invoice ID, amount, currency, billing country, and the brand and last four digits of the card used.

Authentication providers (if used in future)

If we add sign-in via Google, GitHub, Apple or another provider, we will receive the basic profile information that provider returns to us (typically your email and name) under your account permissions.

2.4 Sensitive information

We do not seek to collect sensitive information. Face photographs, voice recordings and likeness references can be sensitive or biometric in some contexts. You warrant in our Terms of Use that you have the depicted or recorded person’s consent before uploading any such content. Do not upload content that contains sensitive information about anyone unless it is essential for your project and you have all required consents.

2.5 Children

The Service is for adults only. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us at hello@hypereel.ai and we will take appropriate steps to delete it.

3. How and why we use your personal information

We use your personal information for the following purposes:

Service delivery

Authenticate you, render your dashboard, route your prompts and uploads to the AI providers in Section 5, store and surface generated outputs, enforce credit limits and rate limits, and send transactional emails (sign-up confirmation, password reset, billing receipts, scene completion notifications).

Billing

Charge you for subscriptions and top-ups via Stripe, issue receipts, manage refunds permitted under our Terms or by law, and detect or prevent payment fraud.

Security and abuse prevention

Detect and respond to suspicious sign-in activity, abusive content, attempts to exceed rate limits, attempts to bypass content moderation, and other policy violations. This includes routing prompts and uploads through automated content-moderation systems (see Section 5).

Service improvement

Analyse aggregated, de-identified usage statistics (for example, total seconds of video generated per day, model error rates, latency distributions) to improve performance, reliability and user experience. We do not use your inputs or outputs to train, fine-tune or evaluate AI models — see Section 4.

Customer support and communications

Respond to your questions and feedback. With your consent or as permitted by law, we may also send you occasional product updates; you can unsubscribe from any non-transactional email at any time.

Legal compliance

Comply with our obligations under Australian law (including the Privacy Act 1988, the Australian Consumer Law and tax law), respond to lawful requests from regulators or courts, and establish, exercise or defend legal claims.

We will not use your personal information for a secondary purpose unless that purpose is related to the primary purpose, you would reasonably expect us to do so, you have consented, or another APP 6 exception applies.

4. We do not train AI models on your inputs or outputs

We do not use your Inputs or Outputs (or content derived from them) to train, fine-tune, evaluate, red-team or otherwise improve any AI model — ours, an affiliate’s or a third party’s. We use the upstream AI providers in Section 5 on their respective API tiers, which exclude customer content from model training, and we do not opt in to any training-contribution programmes on your behalf.

This is a statement about Hypereel’s configuration and use of the Service. Upstream providers may still process content transiently to deliver the requested API call, apply safety checks, prevent abuse, debug failures, comply with law, or retain limited logs under their own data-processing terms.

We may use de-identified, aggregated metrics about how the Service is used (for example, “X seconds of video were generated yesterday”, “error rate on model Y was Z%”). Aggregated metrics of that kind do not identify you or any individual.

5. Service providers we use

The Service depends on third-party providers that:

1. host our database and store uploaded files;
2. process payments and issue invoices;
3. run AI models for ad analysis, scene planning, transcription and content moderation;
4. run AI models for image and video generation;
5. provide product analytics and error monitoring.

These providers are mostly headquartered in the United States, with some compute in the European Union, the United Kingdom and other regions depending on routing. Each provider is contracted to handle personal information consistently with the Australian Privacy Principles and only for the role we engage them for. We can give you the current list of named providers — including their roles and links to their privacy policies — on request at hello@hypereel.ai.

We may also disclose personal information:

1. to our professional advisers (lawyers, accountants, auditors, insurers) under duties of confidence;
2. where required by law or in response to a lawful request from a regulator, court or law-enforcement agency;
3. to enforce our Terms of Use and to investigate potential breaches; and
4. in connection with a sale, merger, restructure or transfer of our business (in which case any acquirer will be bound by privacy obligations at least as protective as this Privacy Policy).

We do not sell your personal information.

6. Overseas disclosures

Some of our service providers are located outside Australia, with most based in the United States and some processing in the European Union, the United Kingdom and other countries depending on routing. By using the Service you acknowledge that your personal information may be disclosed to recipients outside Australia and outside the country where you are located.

We take reasonable steps before disclosing personal information overseas, including by relying on the contractual commitments and published privacy programmes of those providers.

7. Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include:

1. encryption in transit (TLS) and at rest;
2. role-based access controls and the principle of least privilege, including database row-level isolation between organisations;
3. short-lived signed URLs for object-storage downloads, so links surfaced in-product expire quickly;
4. verified webhook callbacks from our payment and AI providers;
5. routine dependency updates and vulnerability monitoring; and
6. per-account cost and rate-limit controls to limit blast radius if credentials are compromised.

No system is perfectly secure. If we become aware of an eligible data breach under Part IIIC of the Privacy Act 1988, we will comply with the Notifiable Data Breaches scheme and notify you and the Office of the Australian Information Commissioner where required.

8. Retention

We keep personal information only for as long as we need it for the purposes described in this Privacy Policy or as required by law.

Account and billing data

Kept while your account is active and for up to 7 years after closure to comply with Australian record-keeping and tax laws.

Project content and generated outputs

Available in your dashboard while the project is open. When you close your account or ask us to delete project content, we delete project content and generated outputs from our active databases and object storage within 30 days where it is technically and legally practicable to do so. We may take up to 90 additional days to remove copies from rolling backups, and upstream providers may retain limited logs under their own data-processing terms.

Operational logs

Application logs, audit logs and error events are kept for up to 90 days.

Legal-hold and security exceptions

We may retain specific personal information for longer where necessary to investigate security incidents, defend or pursue legal claims, comply with subpoenas or other legal process, or where deletion is technically infeasible (for example, in immutable backups), in which case we isolate it from active processing.

9. Cookies and similar technologies

We use a small number of first-party cookies and similar technologies:

1. Session cookies, used to keep you signed in. These are essential and cannot be disabled without breaking the Service.
2. Preference cookies, used to remember low-impact UI choices (for example, expanded panels).
3. Pseudonymised analytics identifier, used for aggregate product analytics. It is not tied to your name or email until you sign in and identify yourself to us.

We do not use third-party advertising or behavioural-tracking cookies and we do not run pixel-based retargeting. Where a law requires consent before non-essential analytics cookies or similar technologies are set, we will ask for that consent or disable the relevant analytics for that visitor.

You can configure your browser to block or delete cookies. If you block essential cookies, parts of the Service (especially sign-in) will not work.

10. Your rights and choices

10.1 Access and correction

You have a right to ask for access to the personal information we hold about you, and to ask us to correct any of it that is inaccurate, out-of-date, incomplete, irrelevant or misleading. We aim to respond to access and correction requests within 30 days. We may need to verify your identity before responding. We will not charge you a fee for access except where the request is excessive or repetitive, in which case we will tell you the fee in advance.

10.2 Deletion

You can delete project content from within the Service at any time. You can request closure of your account by emailing hello@hypereel.ai. We follow the retention schedule in Section 8 once an account is closed.

10.3 Marketing communications

You can unsubscribe from non-transactional emails at any time using the unsubscribe link in the email or by emailing us. Service-related communications (billing receipts, security alerts, important account notices) cannot be unsubscribed from while your account is active.

10.4 Declining to provide personal information

You can use parts of the Website without providing personal information. To create an account or use any AI generation feature, we need at least your email and authentication credentials; if you choose not to provide them, we cannot give you those features.

10.5 No automated decision-making with legal effect

We do not use the Service to make decisions about you that produce legal or similarly significant effects on you (for example, employment, credit or housing decisions). Generated outputs are creative, not consequential, and are reviewed and used by you.

11. Visitors in the European Economic Area or United Kingdom

If you are located in the European Economic Area or the United Kingdom, the GDPR or UK GDPR may apply to our processing of your personal information. Hypereel is the controller; you can contact us at hello@hypereel.ai.

Subject to the GDPR’s conditions and exceptions, you have the right to access, correct or erase your personal information, restrict or object to certain processing, and (for information you provided under contract or consent) request portability.

12. How to contact us

If you have a concern or questions about how we have handled your personal information, please contact us at hello@hypereel.ai. We will acknowledge you promptly and aim to provide a response within 30 days.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this document indicates the most recent version. Your continued use of the Service after the effective date of an updated Privacy Policy constitutes acceptance of the change.