Privacy Policy

1. Introduction

Hypaz (“we”, “our”, “us”) is committed to protecting the privacy of visitors to our website hypaz.com. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

By using our website, you agree to the practices described in this policy. If you do not agree, please do not use our website.

2. Data Controller

The data controller responsible for your personal data is:

• Company: Hypaz
• Website: hypaz.com
• Contact: Via our contact form or LinkedIn

3. Personal Data We Collect

3.1 Contact Form

When you submit our contact form, we collect:

• Full name
• Email address
• Company name (optional)
• Selected topic of interest
• Message content

3.2 Chatbot

When you use our AI chatbot assistant, we process:

• The messages you type
• A randomly generated session ID (not linked to your identity)
• Timestamp of each message

3.3 Automatically Collected Data

When you visit our website, the following data may be collected automatically:

• IP address — used for rate limiting and abuse prevention
• reCAPTCHA data — Google reCAPTCHA v3 collects behavioral data (mouse movements, keystrokes, scroll patterns) to generate a bot-detection score. See Google's Privacy Policy

3.4 Data We Do NOT Collect

We do not collect:

• Browsing history or page views analytics
• Device fingerprints
• Location data
• Payment or financial information
• Social media profile data

4. How We Use Your Data

We use the collected data for the following purposes:

5. Data Sharing

We share your data only with the following third parties, strictly for the purposes described:

• Google (reCAPTCHA) — Behavioral data for bot detection. Governed by Google's Privacy Policy
• N8N (workflow automation) — Contact form and chatbot messages are processed through our self-hosted N8N instance

We do not sell, rent, or share your personal data with advertisers, data brokers, or any other third parties.

6. Data Retention

• Contact form submissions: Retained for up to 12 months, then deleted
• Chatbot conversations: Session-based, not permanently stored. Chat session IDs are cleared when you close the browser tab
• IP addresses: Stored temporarily in server memory for rate limiting. Reset on server restart

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under the GDPR:

• Right of Access — Request a copy of the personal data we hold about you
• Right to Rectification — Request correction of inaccurate data
• Right to Erasure — Request deletion of your personal data
• Right to Restrict Processing — Request that we limit processing of your data
• Right to Data Portability — Request your data in a machine-readable format
• Right to Object — Object to processing based on legitimate interest

To exercise any of these rights, please contact us via our contact form.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all data in transit
• Server-side input validation and sanitization
• Rate limiting and honeypot protection against automated abuse
• Access control for backend systems

9. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when this policy was last revised. We encourage you to review this page periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Via our contact form
• Via LinkedIn: Hypaz AI