Privacy Policy

1. Introduction

Hyperion ("we", "our", "the app") is a communication platform that provides voice rooms, messaging, and user profile features. This Privacy Policy explains what personal data we collect, how we use it, and your rights regarding that data.

By using Hyperion you agree to the practices described in this policy.

2. Data We Collect

We collect the following data when you create and use an account:

• Email address — used for account creation, login, and email verification
• Username — your unique identifier visible to other users
• Display name — optional public name shown on your profile
• Bio — optional short description visible on your profile
• Avatar image — optional profile picture you upload
• IP address — recorded in technical logs for security and abuse prevention
• Device type — Phone or PC, used to track active sessions and personalize the experience

3. How Data Is Stored

• Passwords are never stored in plain text. We use PBKDF2 hashing with a unique salt per user
• Refresh tokens (session credentials) are stored in our database as hashed values and expire automatically
• Avatar images are stored as binary data in our database
• All data is stored on servers located within the EU / managed hosting infrastructure

4. How Data Is Used

Your data is used exclusively to provide the Hyperion service:

• Authentication and authorisation (login, token refresh, session management)
• Identifying you within the platform (username, avatar, display name)
• Security — detecting and preventing brute-force attacks, account lockouts
• Email verification to confirm account ownership
• Technical diagnostics — IP address and device type in service logs

5. Third Parties

We use Resend to deliver transactional emails (email verification, password reset). Only your email address is passed to Resend for this purpose. Resend's privacy policy is available at resend.com/legal/privacy-policy.

No analytics platforms, advertising networks, or social tracking scripts are embedded in the application.

6. Data Retention

• Your account data is retained for as long as your account exists
• Expired refresh tokens are purged automatically after 30 days
• Technical logs may be retained for up to 90 days for security purposes
• Upon account deletion, all personal data is anonymised (see section 7)

7. Account Deletion

You can request account deletion at any time through the Profile → Delete Account section inside the Hyperion app.

After submitting the request:

• Your account enters a 24-hour grace period — you can cancel by logging in again
• After 24 hours, all personal data (email, username, display name, bio, avatar) is replaced with anonymous placeholders
• All active sessions and refresh tokens are permanently deleted
• Activity records (e.g. room participation) that do not contain personal data are retained in anonymised form

8. Biometric Sign-In

The app offers optional biometric sign-in (fingerprint or Face ID). When enabled, your login credentials are stored locally on your device using the system's secure storage (Android Keystore / iOS Keychain). The app never accesses or stores your biometric data — authentication is handled entirely by the operating system. You can disable biometric sign-in at any time from the app settings.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated personal data
• Object to certain processing activities

To exercise any of these rights, contact us using the details in section 10.

10. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out via Discord:

• Discord: ronaldryan

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Continued use of Hyperion after changes are posted constitutes acceptance of the revised policy.