HYPEO — COOKIE POLICY

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. Cookies are widely used to make websites work more efficiently, remember your preferences, and provide information to website operators.

• Session Cookies: Temporary cookies that expire when you close your browser. They enable core functionality during your browsing session.
• Persistent Cookies: Cookies that remain on your device for a set period or until you delete them. They remember your preferences and actions across multiple sessions.

• First-Party Cookies: Cookies set by Hypeo directly when you visit the Platform.
• Third-Party Cookies: Cookies set by third parties (such as analytics providers, advertisers, or social media platforms) when you visit the Platform.

In addition to cookies, we use similar technologies including:

• Pixels (Web Beacons): Small transparent images embedded in web pages or emails that track whether content has been viewed or accessed.
• Tags: Code snippets that enable functionality and tracking on web pages.
• Local Storage: Data stored in your browser that persists after you close it, similar to persistent cookies but with larger storage capacity.
• Session Storage: Data stored in your browser for the duration of a session, cleared when you close the browser tab.
• SDKs (Software Development Kits): Code libraries embedded in mobile applications that enable functionality, analytics, and tracking.
• Device Fingerprinting: Techniques that collect information about your device configuration to identify it across sessions. We use this only for fraud prevention and security purposes.
• ETags and Cache-Based Tracking: Identifiers stored in your browser cache. We use these only for essential caching functionality.

In this policy, unless otherwise specified, “cookies” refers to cookies and all similar tracking technologies described above.

In addition to cookies, our servers automatically collect certain information when you access the Platform, including IP address, access times, pages viewed, and referring URLs. This collection occurs regardless of your cookie preferences and is necessary for security, fraud prevention, and Platform operation.

To enable core functionality that is necessary for the Platform to work properly, including authentication, security, load balancing, and session management.

To protect the Platform and our users from unauthorized access, fraud, abuse, and other malicious activity.

To remember your settings, preferences, and choices (such as language, region, or display preferences) to provide a personalized experience.

To understand how visitors interact with the Platform, which features are most popular, how users navigate the site, and where errors occur. This helps us improve Platform performance and user experience.

To deliver relevant advertisements, measure the effectiveness of our marketing campaigns, and limit how often you see certain ads. We may also use cookies to retarget you with ads on third-party platforms after you visit the Platform.

To enable social media features, such as sharing content or logging in with social media accounts.

To support our AI-powered features, including Creator-Brand matching and personalized recommendations, by understanding your interests and behavior patterns.

These cookies are essential for the Platform to function and cannot be disabled in our systems. They are usually set in response to actions you take, such as logging in, setting privacy preferences, or filling out forms. Without these cookies, certain services you have requested cannot be provided.

Legal Basis: Legitimate interest (necessary for Platform operation). These cookies do not require consent.

These cookies collect information about how you use the Platform, such as which pages you visit, how long you spend on pages, and any errors you encounter. This information is aggregated and used to improve Platform performance and user experience.

Legal Basis: Consent (where required by law) or legitimate interest.

These cookies enable enhanced functionality and personalization, such as remembering your preferences, language settings, and customizations. They may be set by us or by third-party providers whose services we use.

Legal Basis: Consent (where required by law) or legitimate interest.

These cookies are used to deliver advertisements relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies are usually placed by advertising networks with our permission.

Legal Basis: Consent. These cookies are only placed with your consent where required by law.

These cookies are set by social media platforms to enable you to share content, log in using social accounts, or interact with embedded social media content. They may track your browser across other sites and build a profile of your interests.

Legal Basis: Consent. These cookies are only placed with your consent where required by law.

The specific cookies we use may change from time to time as we update the Platform or engage new service providers. We will update this Cookie Policy periodically to reflect material changes. For the most current list of cookies, please refer to our cookie consent management tool.

The durations listed above are approximate. Actual cookie lifespans may vary based on browser settings, user actions, and updates to our systems or third-party services.

Some cookies on the Platform are placed by third parties who provide services to us. These third parties may include:

• Analytics Providers: Google Analytics, Mixpanel, Amplitude, PostHog, Hotjar
• Advertising Platforms: Google Ads, Meta (Facebook/Instagram), TikTok, LinkedIn, Microsoft Advertising
• Social Media Platforms: Instagram, TikTok, YouTube, X (Twitter), Facebook
• Payment Processors: Stripe
• Customer Support: Intercom, Zendesk
• Security Services: Cloudflare, reCAPTCHA

These third parties have their own privacy and cookie policies governing their collection and use of data. We encourage you to review their policies:

• Google: https://policies.google.com/privacy
• Meta: https://www.facebook.com/privacy/policy/
• TikTok: https://www.tiktok.com/legal/privacy-policy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Stripe: https://stripe.com/privacy

While we can control first-party cookies, we do not control the cookies placed by third parties. Third parties may update their cookies independently, and their actual cookie behavior may differ from what is described here.

The Platform may display embedded content from third parties (such as social media posts or videos). Accessing embedded content may allow third parties to place cookies on your device even if you do not interact with the content.

Some of our service providers may place their own cookies when you interact with their services through the Platform (e.g., payment processing, customer support chat). These cookies are governed by the service provider's privacy and cookie policies.

When you first visit the Platform from a jurisdiction that requires consent (such as the EEA or UK), you will see a cookie consent banner. You can:

• Accept all cookies;
• Accept only strictly necessary cookies;
• Customize your preferences by cookie category; or
• Reject all non-essential cookies.

You can change your preferences at any time by clicking the “Cookie Settings” link in the Platform footer or by contacting privacy@hypeo.ai.

Most web browsers allow you to manage cookies through their settings. You can typically:

• View cookies stored on your device;
• Delete some or all cookies;
• Block all cookies or only third-party cookies;
• Block cookies from specific sites; and
• Clear cookies when you close your browser.

Instructions for common browsers:

• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge63947406-40ac-c3b8-57b9-2a946a29ae09
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

On mobile devices, you can manage cookies and tracking through:

• Your device settings (e.g., “Limit Ad Tracking” on iOS or “Opt out of Ads Personalization” on Android);
• The settings within our mobile application; and
• Your mobile browser settings.

We recognize the Global Privacy Control (GPC) signal as a valid opt-out request. If your browser sends a GPC signal, we will treat it as an opt-out of non-essential cookies and “sale” or “sharing” of personal information for that browser.

Some browsers offer a “Do Not Track” (DNT) setting. There is no industry consensus on how to respond to DNT signals, and our Platform does not currently respond to DNT signals. However, we honor GPC signals as described above.

You can opt out of certain third-party advertising cookies using industry opt-out tools:

• Digital Advertising Alliance (DAA): https://optout.aboutads.info
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org
• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.eu
• Google Ad Settings: https://adssettings.google.com
• Meta Ad Preferences: https://www.facebook.com/ads/preferences

If you disable or block certain cookies:

• Strictly Necessary Cookies: Disabling these will prevent the Platform from functioning properly. You may not be able to log in, access secure areas, or use core features.
• Performance Cookies: Disabling these will not affect Platform functionality, but will limit our ability to improve the Platform based on usage patterns.
• Functionality Cookies: Disabling these may cause the Platform to not remember your preferences, requiring you to set them each visit.
• Advertising Cookies: Disabling these will not reduce the number of ads you see, but the ads may be less relevant to your interests.

Your cookie preferences are stored in a cookie on your device. If you clear your cookies, you may need to set your preferences again on your next visit.

Even if you disable all cookies, we may still collect certain information through server logs and other cookie-less methods for security and fraud prevention purposes. This collection is necessary for legitimate interests and does not require consent.

Our mobile applications use SDKs (Software Development Kits) that function similarly to cookies on websites. These SDKs may collect device identifiers, usage data, and other information.

Mobile applications may access device advertising identifiers (such as Apple's IDFA or Google's Advertising ID) for analytics and advertising purposes, subject to your device settings and consent.

You can limit mobile tracking by:

• Adjusting your device's privacy settings (e.g., “Allow Apps to Request to Track” on iOS);
• Resetting your advertising identifier;
• Uninstalling the application; or
• Adjusting settings within the application.

Our mobile applications may send push notifications. You can manage push notification preferences through your device settings or within the application.

We obtain your consent before placing non-essential cookies where required by applicable law, including in the European Economic Area, United Kingdom, and certain U.S. states.

We use a consent management platform (CMP) to obtain, record, and manage your cookie preferences. The CMP presents a cookie banner on your first visit and allows you to adjust preferences at any time.

Our consent mechanism allows you to provide granular consent by cookie category (analytics, functionality, advertising, social media) rather than all-or-nothing consent.

We maintain records of cookie consents, including the date, time, categories consented to, and consent mechanism used. These records may be used to demonstrate compliance with applicable laws.

You may withdraw your consent at any time by:

• Clicking the “Cookie Settings” link in the Platform footer;
• Adjusting your browser settings to delete or block cookies;
• Using opt-out tools described in Section 5.6; or
• Contacting privacy@hypeo.ai.

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

We do not require consent for strictly necessary cookies, as these are essential for Platform operation and are placed under our legitimate interest.

If you have previously provided consent, we will not ask you again unless: (a) you have cleared your cookies or consent preferences; (b) we have added new cookie categories requiring consent; (c) a significant period has elapsed since your last consent (typically 12 months); or (d) applicable law requires renewed consent.

(a) Consent Requirement: Under the ePrivacy Directive (as implemented in EU member states) and UK PECR, we obtain your consent before placing non-essential cookies.

(b) Legal Basis: Strictly necessary cookies are placed under legitimate interest. All other cookies require consent.

(c) Rights: You have the right to withdraw consent, access information about cookies used, and lodge complaints with your supervisory authority.

(a) California: Under CCPA/CPRA, the use of certain cookies may constitute “sale” or “sharing” of personal information. California residents may opt out by using our cookie consent tool, clicking “Do Not Sell or Share My Personal Information” in the Platform footer, or enabling GPC.

(b) Other States: We comply with applicable state privacy laws (Virginia, Colorado, Connecticut, Utah, etc.) regarding cookies and tracking. Residents of these states may opt out using the mechanisms described in Section 5.

Under Moroccan Law 09-08, we inform you about our use of cookies and provide you with the ability to manage your preferences. We comply with any cookie-related guidance issued by the CNDP.

For users in other jurisdictions, we apply the consent and transparency standards described in this Cookie Policy. Where local law requires additional measures, we comply with such requirements.

Under the Lei Geral de Proteção de Dados (LGPD), we provide transparency about our use of cookies and obtain consent where required. Brazilian users may exercise their rights as described in our Privacy Policy.

Under PIPEDA and Canada’s Anti-Spam Legislation (CASL), we provide transparency about cookies and obtain consent for non-essential tracking. Canadian users may manage preferences through our cookie consent tool.

Cookies and similar technologies may collect the following types of data:

• Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
• Usage Data: Pages visited, features used, clicks, scrolls, time spent on pages, navigation paths, and search queries.
• Location Data: Approximate location based on IP address (city or region level, not precise location).
• Referral Data: How you arrived at the Platform (e.g., search engine, advertisement, social media link).
• Technical Data: IP address, connection type, ISP, and browser settings.
• Preference Data: Language, timezone, display preferences, and cookie consent choices.

We may combine data collected through cookies with other information we have about you (such as account information) to provide personalized experiences and for the purposes described in our Privacy Policy.

We may aggregate or anonymize data collected through cookies so that it no longer identifies you. Such data may be used for any lawful purpose.

We may use cookies and similar technologies to recognize you across different devices (e.g., desktop and mobile) when you are logged into your account. This allows us to provide a consistent experience and accurate analytics. If you are not logged in, we do not attempt to link your activity across devices.

Third-party advertising cookies may combine data collected on the Platform with data collected from other websites and services to build a profile of your interests for targeted advertising. We do not control this combination and encourage you to review third-party privacy policies.

We implement appropriate security measures to protect cookies and the data they contain, including:

• Secure Flag: Session and authentication cookies are marked as “Secure,” meaning they are only transmitted over encrypted HTTPS connections.
• HttpOnly Flag: Certain cookies are marked as “HttpOnly,” preventing access by client-side scripts and reducing the risk of cross-site scripting (XSS) attacks.
• SameSite Attribute: We use the SameSite attribute to limit cross-site cookie transmission and reduce the risk of cross-site request forgery (CSRF) attacks.
• Encryption: Sensitive data stored in cookies is encrypted.

We minimize the amount of personal information stored directly in cookies. Where possible, cookies contain only identifiers that reference data stored securely on our servers.

We set appropriate expiration periods for cookies based on their purpose. Session cookies expire when you close your browser. Persistent cookies expire after a defined period or when you delete them.

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, our practices, applicable laws, or for other operational or legal reasons.

We will notify you of material changes by:

• Posting the updated Cookie Policy on the Platform with a new “Last updated” date;
• Updating the cookie consent banner to reflect new cookie categories or providers; or
• For significant changes, sending notice via email or through the Platform interface.

We encourage you to review this Cookie Policy periodically to stay informed about our use of cookies.

Your continued use of the Platform after changes to this Cookie Policy constitutes acceptance of the updated policy. If we make changes that require renewed consent, we will request your consent again through our consent management tool.

Prior versions of this Cookie Policy are available upon request by contacting privacy@hypeo.ai.