Skip to content

Privacy Policy

Last updated:

Plain English: Hypertab stores your tables in a database isolated to your account, encrypts your secrets at rest, never sells your data, and deletes everything within 30 days if you close your account.

Contents

  1. 1. Data we collect
  2. 2. How we use your data
  3. 3. Sub-processors
  4. 4. Data isolation
  5. 5. Data retention
  6. 6. Your rights
  7. 7. Cookies and tracking
  8. 8. Security
  9. 9. Children
  10. 10. Changes to this policy
  11. 11. Contact

1. Data we collect

  • Account data: email address, name, hashed password, timestamps. Provided by you at signup.
  • Workspace data: tables, columns, rows, smart column configurations, API keys, webhooks. Stored in your isolated Turso database (one database per customer).
  • Operational logs: HTTP request metadata, MCP tool invocations, smart column run results, IP address, user agent. Used to debug issues, enforce rate limits, and detect abuse.
  • Billing data: name, billing address, last 4 digits of payment card, subscription status. Stored by Stripe — Hypertab never sees your full card number.
  • Telemetry: anonymous page views and feature usage via privacy-respecting analytics. No third-party advertising trackers.

2. How we use your data

  • To provide the service: store your tables, run your smart columns, deliver webhooks, authenticate your API requests.
  • To bill you: process subscription payments via Stripe, generate invoices, calculate ops usage.
  • To improve the product: analyze aggregated usage patterns to decide what to build next. We do not read individual customer data for product decisions.
  • To respond to you: when you contact support at [email protected] we read your message and any data you reference.
  • To meet legal obligations: respond to lawful requests from authorities with valid legal basis.

3. Sub-processors

  • Cloudflare (USA): hosting for the API, marketing site, and edge compute (Workers, Durable Objects, Queues, R2).
  • Turso (USA): managed libSQL database hosting. Each customer has an isolated database.
  • Supabase (USA): authentication and user management.
  • Stripe (USA): payment processing and billing.
  • Fly.io (USA): heavy-compute jobs for batch operations.
  • Sentry (USA): error monitoring and crash reporting.
  • OpenAI / Anthropic / Google (USA): only when YOU configure an AI smart column with YOUR API key. Hypertab never sends your data to AI providers without your explicit configuration.

4. Data isolation

  • Every customer gets a separate Turso database at signup. Customer data never shares storage with another customer.
  • API keys, AI provider keys, and webhook auth headers are encrypted at rest using AES-256-GCM before being written to the database.
  • Internal staff access to customer databases is restricted to the founder and is logged in the audit log. We do not browse customer data without an explicit support request from the customer.

5. Data retention

  • Active workspaces: retained for the lifetime of your subscription.
  • Soft-deleted tables: retained for 30 days after deletion, then permanently purged. Restorable via hypertab_restore_table during this window.
  • Closed accounts: workspace data is deleted within 30 days of account closure. Audit logs are retained for 1 year for security and compliance.
  • Billing records: retained for 7 years to comply with US tax law.

6. Your rights

  • Access: request a copy of all data we hold about you. Email [email protected].
  • Correction: update your account data anytime in settings, or email us for help.
  • Deletion: close your account in settings or email us. We will delete your data within 30 days.
  • Portability: export any table to CSV via the dashboard or hypertab_export_csv MCP tool. No data is held hostage.
  • GDPR / CCPA: residents of the EU, UK, and California have additional rights under their local law. Email us with any request and we will respond within 30 days.

7. Cookies and tracking

  • We use a single first-party cookie to keep you signed in. No third-party advertising cookies, no cross-site tracking, no fingerprinting.
  • Analytics is privacy-respecting and does not set tracking cookies.

8. Security

  • All traffic is encrypted in transit via TLS 1.3.
  • Stored secrets (API keys, AI provider keys, webhook auth headers, environment variables) are encrypted at rest using AES-256-GCM.
  • Authentication uses Supabase with password hashing via bcrypt and JWT verification on every request.
  • Suspected security issues: email [email protected]. We respond within 24 hours.

9. Children

  • Hypertab is not intended for children under 13. We do not knowingly collect data from children. If you believe we have, email us and we will delete it.

10. Changes to this policy

  • When we change this policy materially, we email account holders at least 30 days before the change takes effect. Minor changes (clarifications, updated sub-processor list) take effect on publication and are reflected in the "last updated" date at the top.

11. Contact

  • Questions or requests: [email protected].
  • Legal name: Hypertab AI, Inc..
  • For GDPR matters, the data controller is Hypertab AI, Inc. We do not have an EU representative as we do not meet the threshold for one.

Questions? Email [email protected].