GDPR
1. Scope of this notice
This notice explains how Hypeline approaches the GDPR. It complements our privacy notice and our security page. Hypeline is based in Sweden, within the EU.
2. Lawful basis
For ingesting public web content, our lawful basis is legitimate interest, assessed through a three-part balancing test that weighs the purpose, the necessity, and the balance against the interests of the source and rights holder. For account features, if you register, the basis is performance of a contract.
3. Data minimization
The engine ingests only free, open, unauthenticated, publicly available content. We never fetch login-walled or paid content, and ingestion is untracked at the visitor level.
4. Retention
The ingested content event log lives in a rolling, time-bounded retention window (a time-to-live), not indefinite storage.
5. Your rights under GDPR
You have the rights to access, rectification, erasure, restriction, objection, and portability. The right to erasure is backed by a real, already-built deletion path: we can remove stored events by source URL or by source, and deleting your account cascades to your sessions, tokens and API keys. To exercise any right, email hello@hypeline.io.
6. International basis
Hypeline is based in Sweden, within the EU. We ingest only public content from its original public sources.
7. Contact
For any GDPR question or request, email hello@hypeline.io.