Privacy Policy
Hyperiux Immersion Labs Private Limited ("Hyperiux," "we," "us," "our") operates vault.hyperiux.com and the Hyperiux Vault product (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the choices and rights you have.
It is written to be consistent with India's Digital Personal Data Protection Act, 2023 and its rules, under which Hyperiux acts as a "Data Fiduciary" and you, as an individual using the Service, are a "Data Principal." If you access the Service from outside India, your data may still be processed as described here; see Section 5 on cross-border processing.
This Privacy Policy applies to vault.hyperiux.com and the Vault CLI. It does not cover third-party websites we may link to, which have their own privacy practices. See our Terms of Service for the full document hierarchy.
1. Personal Data We Collect
Data you give us directly:
- Contact and account data: name, email address, and, if you provide it, company name - collected when you sign up for the newsletter, join a waitlist, create a Vault account, or authenticate via the CLI.
- Billing data: billing name, billing address, and transaction details - collected when you subscribe to Vault Pro. We do not collect or store your full card number; that's handled directly by our payment processor.
- Communications: anything you send us when you email us or otherwise contact us for support, licensing questions, or enterprise inquiries.
Data we collect automatically:
- Usage and technical data: IP address, browser type, device type, operating system, pages visited, referring URL, approximate location derived from IP, and general interaction data, such as which Effects you view or install, collected via cookies, similar technologies, and server logs.
- CLI usage data: authentication events, access-token issuance, and which Effects you install via the Hyperiux CLI, to the extent needed to enforce your License Tier and provide the Service. The CLI installs Effect files into your project; it does not read, scan, or transmit the application source code you have written. It may read minimal project configuration, for example, detecting your framework or package manager, solely to install Effects correctly.
Data from third parties:
- If you sign in or interact with the Service through a third-party platform, for example GitHub, we may receive basic profile data from that platform as permitted by your settings there.
- Visitor identification data: we use a website visitor identification service that may match your visit to publicly available professional information - such as your name, job title, employer, and LinkedIn profile - sourced from that provider's own data network, even if you have not filled out a form or otherwise identified yourself to us directly. This applies primarily to visitors browsing from the United States; for visitors elsewhere, this tool generally identifies the visiting company rather than the individual.
2. Cookies and Similar Technologies
We use cookies and similar technologies for:
- Essential functionality - for example, keeping you logged in and remembering checkout state.
- Analytics - to understand how visitors use the Service, including pages viewed, traffic sources, and general behavior, using Google Analytics and Openpanel.dev.
- Visitor identification - we use RB2B, a website visitor identification tool. Unlike standard analytics, RB2B is designed to identify who is visiting our website at an individual or company level, even if you have not filled out a form, created an account, or otherwise identified yourself.
RB2B may work differently depending on where you are browsing from:
- For visitors browsing from the United States, RB2B may identify you individually - including your name, job title, employer, and LinkedIn profile - by correlating cookies, device signals, and IP data against its own identity network, and may pass this information to our sales/marketing tools for outreach purposes.
- For visitors browsing from outside the United States, RB2B generally identifies only the company or organization associated with the visit, not the individual.
You can opt out of RB2B's identification network directly here:
When you first visit the Service, you'll see a notice that the site uses cookies, with an "Okay" button to acknowledge it. This notice does not offer a separate "reject" or per-category choice - clicking "Okay," or continuing to browse the Service, is treated as your acknowledgment of the cookie use described in this section.
If you'd prefer not to be tracked by any of the tools listed above, the most reliable way is to block or clear cookies in your browser settings, or use RB2B's direct opt-out link above; browser-level controls apply regardless of what you click on our banner.
3. Why We Process Your Data (Purpose and Legal Basis)
We process personal data to:
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide and operate the Service, including Vault Pro access and license enforcement | Account, billing, CLI usage data | Performance of contract |
| Process payments and manage subscriptions | Billing data via our payment processor | Performance of contract |
| Send product updates and newsletter content you've opted into | Email address | Consent |
| Send transactional communications, including receipts, security notices, and service updates | Email address, account data | Performance of contract |
| Respond to support, licensing, and enterprise inquiries | Communications you send us | Performance of contract / legitimate use |
| Improve the Service, understand usage patterns, and fix issues | Usage and technical data | Legitimate use |
| Identify individual or company visitors for sales outreach through RB2B | Usage/technical data, visitor identification data | Consent via the cookie notice in Section 2 |
| Detect, prevent, and investigate fraud, abuse, or breaches of our Terms of Service or License Agreement | Account, usage, and technical data | Legitimate use |
| Comply with legal obligations, including tax, accounting, and consumer-protection recordkeeping | Billing and account data | Legal obligation |
Where we rely on your consent, the way you withdraw it depends on what the consent was for: for the newsletter, you can unsubscribe at any time using the link in any email; for cookies and the tools described in Section 2, withdrawal is via your browser's cookie controls or the direct opt-out link provided, since our cookie notice itself does not include a toggle or preference center.
4. How We Share Your Data
We do not sell your personal data. We share it only with:
- Payment processor: Stripe - to process Vault Pro payments. They receive your billing and card details directly; we do not store your full card number.
- Analytics and visitor identification providers: Google Analytics, Openpanel.dev, and RB2B, as described in Section 2.
- Email delivery provider: Resend - to send newsletters and transactional email.
- Cloud infrastructure and hosting providers: the providers we use to host the Service and store data securely.
- Professional advisors: our accountants, auditors, and legal counsel, where necessary for their engagement.
- Legal and safety reasons: where required by law, regulation, court order, or governmental request, or to protect the rights, property, or safety of Hyperiux, our users, or the public.
- Business transfers: if Hyperiux is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy or a successor policy you're notified of.
Each of these parties is only permitted to use your data for the purpose we've engaged them for, and, where required, under a written agreement consistent with applicable law.
5. Where Your Data Is Processed
We and our service providers may process and store your data on servers located outside India, including in jurisdictions where our cloud infrastructure and third-party processors operate.
Where such transfers occur, we take reasonable steps to ensure your data continues to receive an appropriate level of protection, consistent with the Digital Personal Data Protection Act, 2023 and any government-notified restrictions on cross-border transfer that may apply from time to time.
6. How Long We Keep Your Data
We retain personal data for as long as needed to provide the Service and for the purposes described in Section 3, and after that, for as long as necessary to comply with legal, tax, or accounting obligations, resolve disputes, and enforce our agreements:
- Account and billing data: for the duration of your subscription and for 7 years afterward, consistent with standard Indian tax and accounting recordkeeping norms.
- Newsletter data: until you unsubscribe or request deletion.
- Support communications: for 3 years after the matter is resolved.
- CLI authentication and access-token records: for the duration of your account, and for a reasonable period afterward to support security investigations and license enforcement.
7. Your Rights
As a Data Principal under India's Digital Personal Data Protection Act, you have the right to:
- Access the personal data we hold about you and how it's being processed;
- Correct inaccurate or incomplete personal data;
- Erase your personal data, subject to our legal obligation to retain certain records, for example billing history for tax purposes;
- Withdraw consent for any processing based on consent, for example the newsletter or RB2B identification, without affecting the lawfulness of processing before withdrawal;
- Grievance redressal - raise a complaint with us directly, and if unresolved, escalate to the Data Protection Board of India;
- Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, contact us at support@hyperiux.com. We will respond within a reasonable time and in accordance with applicable law.
8. Children's Data
The Service is not directed at, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from children without verifiable parental or guardian consent.
If we become aware that we've collected personal data from a child without appropriate consent, we will take steps to delete it. If you believe a child has provided us personal data, contact us at support@hyperiux.com.
9. Data Breach Notification
If a personal data breach occurs that compromises the confidentiality, integrity, or availability of your personal data, we will notify the Data Protection Board of India and affected individuals without undue delay, consistent with our obligations under the Digital Personal Data Protection Act, 2023.
10. Security
We use reasonable technical and organizational safeguards designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction, including scoped and revocable CLI access tokens.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
11. Grievance Officer
In accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and the Consumer Protection (E-Commerce) Rules, 2020, you may raise privacy-related grievances with:
| Field | Details |
|---|---|
| Grievance Officer | Bhaskar Varshney, Founder & CEO |
| support@hyperiux.com | |
| Phone | +91 81780 26136 |
| Address | 312, Tower A, Grandslam iThum, A-40, Sector 62, Noida, Uttar Pradesh, India |
We will acknowledge grievances within 48 hours and aim to resolve them within 30 days.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We'll update the "Last updated" date above when we do, and where changes are material, we'll make reasonable efforts to notify you, for example, by email or a notice on the Service.
13. Contact Us
Phone: +91 81780 26136
Address: 312, Tower A, Grandslam iThum, A-40, Sector 62, Noida, Uttar Pradesh, India