Legal · v1 draft

Privacy Policy

Version: v1 draft · Status: in effect at public launch · Last updated: 2026-05-13

Draft notice. This Privacy Policy is a v1 draft intended to come into force at Hypersave's public launch. Private-beta data handling is governed by individual signed engagement letters. Current detailed practices and the signed version for vendor review are available on request from legal@hypersave.ai.

This Privacy Policy explains how Hypersave (operated by Quiet Mountain Consulting Pte. Ltd.) collects, uses, and protects information when you use our Service. We do not use customer prompts or outputs to train machine-learning models.

1. Information we collect

Account information. Email address, organisation name, billing contact, technical contact, and authentication credentials when you create an account.
Usage data. API requests, request metadata (model, region, tag attribution, request and response sizes), per-request cost, and routing decisions. Required for billing accuracy and anomaly detection.
Payment information. Processed by our payment processor; Hypersave receives a tokenised reference and the last four digits of card / billing address for receipts. Full card details are not stored on Hypersave systems.
Support communications. Messages you send to hello@, support@, or other Hypersave addresses, and any files you share for troubleshooting.
Cookies. Only strictly-necessary functional cookies for session management and CSRF protection. No advertising or cross-site tracking cookies.

2. Legal basis for processing

We process the data above based on (a) the contract you accept by using the Service, (b) our legitimate interests in operating, securing, and improving the Service, and (c) compliance with applicable legal obligations including financial record-keeping. Where required, we obtain explicit consent (for example, marketing communications, which you can opt out of at any time).

3. How we use information

To operate, monitor, and improve the Service
To meter usage and charge for it accurately
To detect fraud, abuse, and security incidents
To provide customer support
To communicate service updates, planned maintenance, security advisories, and policy changes
To comply with legal obligations and respond to lawful requests

4. Sub-processors

To deliver the Service, Hypersave shares limited customer data with sub-processors under written contracts requiring confidentiality and security. The current and planned sub-processor list (including payment processor, upstream compute and inference providers, hosting, observability, and email) is published at /security and updated when changes occur. Material additions are announced at least 30 days in advance via email and the dashboard.

5. International data transfers

Hypersave operates primarily from Singapore, with sub-processors located in Singapore, the European Union, the United Kingdom, and the United States. Cross-border transfers use mechanisms permitted by applicable law, including Standard Contractual Clauses for transfers out of the EEA/UK. The Data Processing Agreement at /dpa documents these mechanisms in detail.

6. Data retention

We retain account information for the life of your account and for a reasonable period after termination for billing, audit, and legal-obligation purposes. Financial records are retained for at least 7 years where required by applicable tax and accounting law. Usage metadata is retained for 90 days at full resolution and longer at aggregated form for capacity planning. You may request earlier deletion of account data subject to legal-retention obligations.

7. Your rights

Subject to applicable law (including the GDPR, UK GDPR, and Singapore PDPA), you have rights to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data ("right to be forgotten")
Export your data in a portable format
Object to or restrict certain processing
Lodge a complaint with your local data protection authority

To exercise these rights, contact legal@hypersave.ai. We respond within 30 days of receipt, or sooner where the request is straightforward.

8. Security

Our security posture — including encryption, access controls, incident response, and vulnerability disclosure — is documented at /security.

9. Children

Hypersave is a business-to-business Service and is not directed to individuals under 18. We do not knowingly collect personal data from minors.

10. Changes

Material changes to this Policy are announced via email and dashboard at least 30 days before they take effect.

11. Contact

Privacy questions, data subject requests, or DPA inquiries: legal@hypersave.ai.