Effective: February 2026
Welcome to Hyper, provided by Charmbracelet, Inc. (“Charm,” “we,” “us,” or “our”). This Privacy Policy explains how we handle your information when you use Hyper, our AI inference platform and related services.
Here are our core privacy commitments, explained plainly:
| Commitment | What it means |
|---|---|
| We don’t train on your data | Your prompts and outputs are never used to train AI models. Period. |
| We don’t store your content | Prompts and outputs are not retained by default. Temporary retention occurs only for debugging, abuse prevention, or legal compliance, and is deleted promptly. |
| We don’t sell your data | We do not sell your personal information to anyone, for any reason. |
| We use privacy-conscious analytics | We use privacy-conscious analytics platforms to understand how users interact with our Services. |
| Type | Examples |
|---|---|
| Account Data | Name, email address, username, password |
| Payment Data | Payment card details, billing address (processed securely by Stripe) |
| Content Data | Prompts, queries, and inputs you submit; outputs generated by the Services |
| Communications | Support requests, emails, feedback you send us |
| Type | Examples |
|---|---|
| Usage Data | API calls, endpoints accessed, timestamps, error logs |
| Device Data | IP address, browser type, operating system |
| Analytics Data | Pages visited, features used, session duration (via a privacy-conscious analytics platform) |
We use your information to:
Do not submit sensitive personal information (such as health data, government IDs, or financial account numbers) through the Services unless you have a lawful basis and appropriate rights to do so. You are responsible for ensuring your use complies with applicable laws.
We share your information only in these specific circumstances:
| Recipient | Purpose |
|---|---|
| Service Providers | Companies that help us operate (hosting, analytics, payment processing). They are contractually bound to protect your data. |
| Payment Processor | Stripe processes your payment information. See Stripe’s Privacy Policy. |
| Third-Party Model Providers | To process your API requests. See Section 4. |
| Legal Requirements | When required by law, court order, or to protect rights and safety. |
| Business Transfers | In connection with a merger, acquisition, or sale of assets. |
We do not share your Content Data (prompts and outputs) with third parties except as necessary to process your requests through third-party model providers.
To provide the Services, we route your API requests to third-party AI model providers. When you submit a prompt:
We do not store prompts or outputs by default. Temporary retention may occur for debugging, abuse prevention, or legal compliance. Such data is deleted as soon as reasonably practicable, typically within 30 days.
Required for the Services to function (authentication, security). These cannot be disabled.
Currently, we use PostHog, a privacy-conscious analytics platform, to understand how users interact with our Services. PostHog collects usage data such as pages visited, features used, and session information. For more information, see PostHog’s Privacy Policy. We may use another privacy-conscious analytics platform in the future.
Most browsers allow you to refuse or delete cookies. Note that disabling essential cookies may affect functionality.
We implement industry-standard security measures including:
No method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and API keys.
We retain your information according to the following schedule:
| Data Type | Retention Period | Purpose |
|---|---|---|
| Account Data | Until account deletion + 30 days | Account management; legal compliance |
| Payment Data | As required by law | Billing, tax, legal obligations |
| Content Data | Not stored by default; up to 30 days if temporarily retained | Debugging, abuse prevention, legal compliance |
| Usage Data (operational) | 90 days | Error diagnosis, API performance monitoring |
| Usage Data (analytics) | 24 months | Aggregate trend analysis, capacity planning |
| Communications | Duration of support request + 12 months | Support continuity, legal requirements |
When you delete your account, we delete or anonymize your personal information within 30 days. Residual copies may persist in encrypted backups for up to 90 days. Retention beyond these periods occurs only where required by law.
The Services are operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States or other jurisdictions where our service providers operate.
When we transfer personal data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Data roles:
A Data Processing Agreement (DPA) is available upon request by contacting legal@charm.land.
Under GDPR and UK GDPR, you have the right to: access your personal data, correct inaccurate data, request deletion, restrict or object to processing, data portability, withdraw consent, and lodge a complaint with a supervisory authority.
Under the CCPA, you have the right to: know what personal information we collect and how we use it, request deletion of your personal information, opt out of the sale of personal information (we do not sell personal information), and non-discrimination for exercising your rights.
Residents of Colorado, Connecticut, Virginia, and other states with privacy laws may have similar rights. Contact us to exercise your rights.
Contact us at legal@charm.land or submit a request to Charmbracelet, Inc., 185 Wythe Ave, 2nd Floor, Brooklyn, NY 11249, Attention: Legal. We will respond within the timeframe required by applicable law (typically 30–45 days). We may need to verify your identity before processing your request. Any disclosures we provide will cover the 12-month period preceding the date we verify a request.
The Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@charm.land.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our website prior to the changes taking effect.
Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our privacy practices:
Charmbracelet, Inc.
185 Wythe Ave, 2nd Floor
Brooklyn, NY 11249
Email: legal@charm.land
Last Updated: January 2026
Send us a message and we'll get back to you as soon as possible.