Privacy Policy

Hyper Mind Technologies, LLC (“we,” “us”) operates the Awkward AI creative writing and entertainment service available at heyawkward.com (the “Service”).

This Privacy Policy describes how we collect, use, and share information about visitors, registered users, and account holders of the Service.

Information you provide to us:

• Email address (required to create an account).

• Display name (optional, set on your profile).

• Creative prompts (situation, tone, audience) you submit when generating drafts.

• Support communications you send to us.

Information collected automatically:

• IP address (truncated or hashed for rate-limit purposes).

• Browser type, device type, operating system, and language.

• Pages viewed, referring URL, and timestamps.

• Cookies and similar technologies (see Section 5).

Information from third parties:

• Stripe sends us subscription status (e.g., active / canceled). We do not receive your payment card numbers. (Currently no subscription status is sent because the paid tier is not active.)

• OAuth providers (e.g., Google) send us your email and basic profile information if you choose to sign in with single sign-on.

Information we do NOT collect:

• Precise geolocation.

• Government identification numbers.

• Social Security, national ID, or similar identifiers.

• Payment card numbers (Stripe handles all card data on its own infrastructure).

We use the information we collect to:

• Operate the Awkward AI entertainment service (run the generator, save your history, render results).

• Bill subscriptions if and when paid tiers are reintroduced (process payments via Stripe — currently inactive).

• Communicate with you (transactional sign-in codes, support replies, optional weekly digest if you opt in).

• Improve the Service (product analytics, debugging, prompt tuning) using aggregated data where possible.

• Enforce our Terms of Service (detect abuse, prevent fraud, respond to violations).

• Comply with legal obligations (tax, accounting, lawful requests).

If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your personal information are:

• Contract: providing the Service you signed up for.

• Legitimate Interest: securing the Service, preventing fraud, performing aggregate analytics.

• Consent: marketing communications and non-essential cookies.

• Legal Obligation: tax, accounting, and lawful requests by competent authorities.

We use four categories of cookies and similar storage technologies: Necessary (sign-in, anonymous session, CSRF protection, your cookie-consent choice), Analytics (PostHog behavioral events, only after consent), Advertising (reserved for any future Google AdSense placements on programmatic content — currently no advertising cookies are set), and Third-party features (Stripe Checkout cookies during the upgrade flow).

Only Necessary cookies are set by default. Analytics, Advertising, and Third-party are off until you opt in, and you can change that decision anytime.

For the full list of cookies we set — names, domains, durations, and purpose — see our Cookie Policy. To toggle individual categories, use Cookie Settings.

We use the following sub-processors to operate the Service. None of them receive your payment card numbers from our servers, and none of them sell our user data to third parties.

We share information with the sub-processors listed in Section 6, limited to what each provider needs to perform its role. Stripe is integrated but currently inactive — no user data flows to Stripe today.

We may disclose information for legal compliance (lawful subpoenas, court orders, regulatory requests) when we have a good-faith belief that disclosure is required by law.

In the event of a business transfer (merger, acquisition, sale of substantially all assets), we will notify you in advance and allow you to delete your account before the transfer takes effect.

We do NOT sell or rent personal information.

We do NOT share your creative prompts with advertisers or external parties for marketing purposes.

Account data: while your account is active, plus up to 90 days after deletion (for backups and legal hold), then permanently deleted.

Generation history: while your account is active. Deleted with your account.

Anonymous-session generations: 90 days after creation, then the session-link is deleted. Aggregated, de-identified statistics may persist longer.

IP rate-limit counters: 24 to 72 hours, rolling.

Billing records: 7 years from the date of the transaction (tax and legal retention). The paid tier is currently inactive, so we hold no billing records today.

Support emails: 2 years.

Our sub-processors may process your information in the United States and other countries. For transfers from the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses and provider-level certifications (most of our providers maintain SOC 2 Type II compliance).

All users have the right to:

• Access the personal information we hold about you.

• Correct inaccurate information.

• Delete your account and associated data.

• Export your data in a portable format (JSON).

• Object to or restrict certain processing.

• Lodge a complaint with your local data-protection authority (EU/UK).

California residents (CCPA/CPRA) additionally have the right to:

• Know what categories of personal information we collect.

• Delete personal information.

• Opt out of "sale" or "sharing" of personal information (we don’t do either, but the right exists).

• Non-discrimination for exercising these rights.

To exercise any of these rights, email hello@heyawkward.com with subject [privacy] from your account email so we can verify the request. We respond within 30 days (45 for complex cases).

The Service is not directed to children under 13 (under 16 in some EU jurisdictions). We do not knowingly collect personal information from anyone in that age group. If you believe a child has provided us with personal information, contact us at hello@heyawkward.com and we will delete it.

We use industry-standard measures to protect your information, including TLS encryption in transit, encryption at rest in our database, access controls and least-privilege roles, and server-only handling of service-role credentials.

No system is 100% secure. We will notify affected users of a security incident within 72 hours where legally required and in any case as soon as we have reasonable detail to share.

Material changes to this Privacy Policy will be communicated in-product or by email at least 30 days before they take effect. Minor changes are reflected in the “Last updated” date at the top of this page.

Privacy questions: hello@heyawkward.com with subject [privacy].

Entity: Hyper Mind Technologies, LLC.

Mailing address: Mailing address available upon written request to hello@heyawkward.com.