HYPEO — PRIVACY POLICY

The data controller responsible for your personal information is: Phoenix AI USA Inc., 16192 Coastal Highway, Lewes, Delaware, 19958, County of Sussex, USA, Email: privacy@hypeo.ai.

Certain operational and support services may be provided by affiliated entities, including Hypeo Morocco. Regardless of which entity provides services, Phoenix AI USA Inc. remains the data controller and is responsible for compliance with applicable data protection laws.

For questions about this Privacy Policy or to exercise your data protection rights, contact: privacy@hypeo.ai.

In certain circumstances, Hypeo and a Brand may act as joint controllers or independent controllers with respect to personal information processed in connection with a collaboration. For example, a Brand is an independent controller of Creator personal information it receives through the Platform and uses for its own purposes. The allocation of controller responsibilities is addressed in the Brand & Agency Terms.

Hypeo engages third-party service providers who process personal information on our behalf as data processors. These processors are contractually bound to process data only as instructed by Hypeo and to maintain appropriate security measures.

• (a) Account Information: Name, email address, phone number, username, password, profile photo, and account preferences.
• (b) Profile Information: For Creators: social media handles, platform connections, content categories, audience demographics, biography, and portfolio. For Brands: company name, industry, brand information, and campaign preferences.
• (c) Identity Verification: Government-issued identification documents, proof of address, and selfie or video verification as required.
• (d) Tax and Payment Information: Tax identification numbers, business registration documents, bank account details, payment processor accounts, invoices, and tax forms. Payment card information is collected and processed by our third-party payment processors and is not stored on Hypeo servers.
• (e) Communications: Messages sent through the Platform, emails, support requests, and feedback.
• (f) Content: Creator Content uploaded to the Platform, briefs, brand assets, campaign materials, and other content you submit.
• (g) Survey and Research Data: Responses to surveys, questionnaires, or research participation.
• (h) Employment and Professional Information: For Creators operating through loan-out companies or agencies, information about the entity and your relationship to it. For Brand, Agency, and Enterprise users, job title, department, professional contact information, and information about authorized users on your account.

• (a) Device Information: Device type, model, operating system, browser type and version, unique device identifiers, and mobile network information.
• (b) Usage Information: Pages viewed, features used, actions taken, search queries, click patterns, time spent on pages, and navigation paths.
• (c) Log Data: IP address, access times, referring URLs, error logs, and system activity.
• (d) Location Information: Approximate location derived from IP address. We do not collect precise geolocation unless you explicitly enable location services.
• (e) Cookies and Tracking Technologies: Information collected through cookies, pixels, tags, SDKs, and similar technologies as described in our Cookie Policy.
• (f) Inferences: Inferences drawn from the above information to create a profile reflecting your preferences, characteristics, behavior, or interests, such as predicted engagement rates, content categories, or brand affinities.

• (a) Social Media Platforms: When you connect social media accounts (Instagram, TikTok, YouTube, Facebook, X/Twitter, etc.), we receive profile information, follower counts, engagement metrics, audience demographics, and content performance data as permitted by each platform's API and your privacy settings.
• (b) Identity Verification Services: Verification results, fraud risk scores, and identity confirmation from third-party verification providers.
• (c) Payment Processors: Transaction confirmations, payment status, and limited payment details from Stripe, PayPal, or other payment partners.
• (d) Analytics Providers: Aggregated analytics and insights from third-party analytics services.
• (e) Public Sources: Publicly available information from social media profiles, websites, news sources, and public databases.
• (f) Business Partners: Information provided by Brands about campaigns or by agencies about their clients.
• (g) Creator-Provided Audience Data: Information that Creators voluntarily provide about their audience or content performance beyond what is available through platform APIs.

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or biometric data, except: (a) government-issued identification documents for identity verification, which may contain such information incidentally; or (b) where you voluntarily provide such information in profile content or communications. If you provide sensitive information voluntarily, you consent to our processing of that information as described in this Privacy Policy.

We do not intentionally collect: (a) financial account passwords or full payment card numbers (these are handled by payment processors); (b) Social Security numbers or equivalent national identification numbers except where required for tax compliance; (c) biometric data for identification purposes; or (d) information about children under 18.

We use your information to:

• (a) Create, maintain, and secure your account;
• (b) Verify your identity and eligibility;
• (c) Facilitate Creator-Brand matching and recommendations;
• (d) Enable communication between Creators and Brands;
• (e) Generate and execute digital contracts;
• (f) Process payments, including take rate calculations, invoicing, and tax withholding;
• (g) Provide campaign analytics and performance reporting;
• (h) Deliver customer support and respond to inquiries;
• (i) Enforce our Terms and collaboration contracts;
• (j) Send transactional communications (account confirmations, payment notifications, collaboration updates);
• (k) Assign and manage Customer Success Managers and Influence Success Managers for eligible subscription plans;
• (l) Facilitate add-on services, including Full Influence Management and White Label Agency Mode;
• (m) Process subscription fees, Platform Fees, Service Fees, and add-on charges;
• (n) Facilitate tax withholding and reporting as required by applicable law;
• (o) Generate and maintain audit trails for compliance purposes; and
• (p) Enable features such as saved searches, favorites, and personalized dashboards.

We use your information to:

• (a) Analyze usage patterns and trends;
• (b) Develop, test, and improve Platform features and functionality;
• (c) Train, test, and improve AI and machine learning models used for matching, recommendations, fraud detection, and other Platform features;
• (d) Conduct research and analytics;
• (e) Debug and fix technical issues; and
• (f) Personalize your experience.

We use your information to:

• (a) Detect, prevent, and investigate fraud, fake accounts, artificial engagement, and other abuse;
• (b) Verify the authenticity of Creator metrics and audience data;
• (c) Monitor for violations of our Terms;
• (d) Protect the rights, property, and safety of Hypeo, our users, and the public;
• (e) Comply with legal obligations and respond to lawful requests; and
• (f) Enforce our Terms and policies.

We use your information to:

• (a) Send service-related communications that are necessary for Platform operation;
• (b) Send promotional communications about Hypeo features, products, and services (you may opt out at any time);
• (c) Send surveys and requests for feedback;
• (d) Deliver targeted advertising on third-party platforms (with your consent where required); and
• (e) Measure the effectiveness of our marketing campaigns.

We use your information to:

• (a) Comply with applicable laws, regulations, and legal processes;
• (b) Respond to lawful requests from government authorities;
• (c) Establish, exercise, or defend legal claims;
• (d) Fulfill tax reporting and withholding obligations; and
• (e) Maintain records as required by law.

We may aggregate or de-identify personal information so that it no longer identifies you and use such data for any lawful purpose, including research, analytics, benchmarking, product development, and marketing. Aggregated and de-identified data is not subject to the restrictions in this Privacy Policy.

Processing necessary to perform our contract with you, including providing the Platform, processing payments, and facilitating collaborations.

Processing necessary for our legitimate interests or those of third parties, where not overridden by your rights, including:

• (a) Fraud prevention and platform security;
• (b) Product improvement and development;
• (c) AI model training and improvement;
• (d) Analytics and research;
• (e) Marketing and business development; and
• (f) Enforcing our Terms and protecting our rights.

Processing necessary to comply with legal obligations, including tax reporting, identity verification requirements, and responding to lawful government requests.

Processing based on your consent, including:

• (a) Marketing communications (where consent is required);
• (b) Cookies and tracking technologies (where consent is required);
• (c) Processing sensitive information you voluntarily provide; and
• (d) Other processing for which we specifically request your consent.

You may withdraw consent at any time, but withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

In rare circumstances, processing necessary to protect vital interests of you or another person.

Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests are not overridden by your fundamental rights and freedoms. Factors considered include: (a) the nature of the personal information; (b) the purpose and necessity of processing; (c) the reasonable expectations of users; (d) the potential impact on users; and (e) the safeguards we have implemented. You may request information about our legitimate interests balancing by contacting privacy@hypeo.ai.

If you are a Brand, we share relevant information with Creators to facilitate collaborations, including:

• (a) Company name, brand information, and campaign briefs;
• (b) Contact information for collaboration communication;
• (c) Brand assets and guidelines; and
• (d) Contract terms and payment information.

If you are a Creator, we share relevant information with Brands to facilitate collaborations, including:

• (a) Profile information, social media handles, and portfolio;
• (b) Audience demographics and engagement metrics;
• (c) Content drafts and deliverables;
• (d) Invoices and tax documentation as required by law;
• (e) Communication records related to collaborations; and
• (f) Identity verification status (verified/not verified, without document details).

We share information with third-party service providers who perform services on our behalf, including:

• (a) Cloud hosting and infrastructure providers;
• (b) Payment processors (Stripe, PayPal, etc.);
• (c) Identity verification services;
• (d) Analytics providers;
• (e) Customer support tools;
• (f) Email and communication services;
• (g) AI and machine learning service providers;
• (h) Security and fraud prevention services;
• (i) Professional advisors (legal, accounting, consulting);
• (j) Customer Success Manager and Influence Success Manager personnel, who may access account and campaign data to provide dedicated or shared support services.

Service providers are contractually obligated to use your information only for the purposes of providing services to Hypeo and to maintain appropriate security measures.

We share information with social media platforms as necessary to:

• (a) Authenticate your connected accounts;
• (b) Retrieve metrics and analytics;
• (c) Facilitate branded content tools and whitelisting; and
• (d) Measure campaign performance.

We may disclose information:

• (a) To comply with applicable laws, regulations, or legal processes;
• (b) To respond to lawful requests from government authorities, including law enforcement;
• (c) To enforce our Terms or collaboration contracts;
• (d) To protect the rights, property, or safety of Hypeo, our users, or the public;
• (e) To detect, prevent, or address fraud, security, or technical issues; and
• (f) In connection with actual or potential legal claims.

In connection with any merger, acquisition, sale of assets, financing, bankruptcy, or reorganization, your information may be transferred to the acquiring entity or successor. We will notify you of any such transfer and any choices you may have regarding your information.

We may share aggregated or de-identified data that cannot reasonably be used to identify you for any purpose, including research, analytics, benchmarking, and marketing.

We may share your information with third parties when you direct us to do so or provide consent.

We do not sell your personal information to third parties for monetary consideration. We do not share personal information for cross-context behavioral advertising except with your consent or where you have not opted out after being given the opportunity to do so. To the extent any data sharing described above constitutes a “sale” or “sharing” under applicable law (such as CCPA/CPRA), you may opt out as described in Section 8.9. Note that sharing information with service providers for business purposes, with Brands/Creators to facilitate collaborations, or as otherwise described in this policy does not constitute a “sale.”

We may share information with our corporate affiliates (subsidiaries, parent company, and commonly owned entities) for the purposes described in this Privacy Policy. Our affiliates are bound by this Privacy Policy or policies that provide equivalent protection.

We may share information with our professional advisors, including lawyers, accountants, auditors, and consultants, who need access to such information to provide services to us. These parties are bound by professional confidentiality obligations.

We may share information with our insurers and insurance brokers in connection with obtaining or maintaining insurance coverage, managing risks, or pursuing insurance claims.

With your consent, we may share your name, company, and testimonial in marketing materials or case studies. You may withdraw consent by contacting privacy@hypeo.ai.

Hypeo operates globally, and your information may be transferred to, stored, and processed in the United States and other countries where Hypeo, its affiliates, or service providers maintain facilities.

When we transfer personal information outside your jurisdiction, we implement appropriate safeguards as required by applicable law, including:

• (a) For transfers from the EEA, UK, or Switzerland, we use European Commission-approved Standard Contractual Clauses or UK Addendum, as applicable;
• (b) We may transfer data to countries that have received an adequacy decision from relevant authorities; and
• (c) We may rely on other lawful transfer mechanisms, such as binding corporate rules, certification schemes, or derogations for specific situations.

For transfers of personal data from Morocco, we comply with Moroccan Law 09-08 and any requirements imposed by the Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP), including obtaining authorizations where required.

You may request a copy of the safeguards we use for international transfers by contacting privacy@hypeo.ai.

Where required, we implement supplementary measures to ensure that transferred data receives an essentially equivalent level of protection, including:

• (a) Encryption of data in transit and at rest;
• (b) Pseudonymization where appropriate;
• (c) Access controls limiting who can access transferred data;
• (d) Contractual commitments regarding government access requests;
• (e) Regular assessments of the legal framework in recipient countries.

For transfers to jurisdictions without adequacy decisions, we conduct transfer impact assessments to evaluate the risks and implement appropriate safeguards.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to:

• (a) Provide the Platform and maintain your account;
• (b) Comply with legal, accounting, and tax obligations;
• (c) Resolve disputes and enforce agreements;
• (d) Maintain business records; and
• (e) Pursue legitimate business interests.

Specific retention periods depend on the type of data and purpose:

• (a) Account Information: Retained for the duration of your account plus 3 years after account closure, unless longer retention is required by law.
• (b) Collaboration Records: Retained for 7 years after completion of the collaboration to comply with tax, legal, and contractual obligations.
• (c) Invoices and Tax Documents: Retained for 10 years or as required by applicable tax law.
• (d) Identity Verification Documents: Retained for 5 years after verification or as required by anti-money laundering regulations.
• (e) Communications: Retained for 3 years after your last interaction or as necessary for legal purposes.
• (f) Usage and Analytics Data: Retained in identifiable form for 2 years; may be retained longer in aggregated or de-identified form.
• (g) Marketing Preferences: Opt-out preferences retained indefinitely to honor your choices.

When personal information is no longer required, we securely delete or anonymize it. Some information may persist in backups for a limited period and will be deleted in accordance with our backup retention schedules.

We may retain information beyond standard retention periods if required for pending or anticipated litigation, government investigation, or other legal matters.

The specific retention periods set forth above are guidelines. Actual retention may vary based on: (a) the nature of the data and sensitivity; (b) the purposes for which data is processed; (c) applicable legal requirements, which may mandate longer or shorter retention; (d) statute of limitations for potential claims; (e) ongoing business need; and (f) your requests for deletion. We maintain a detailed data retention schedule that governs our retention practices.

In some cases, instead of deleting personal information, we may anonymize it so that it can no longer be associated with you. Anonymized data may be retained indefinitely.

You have the right to request access to the personal information we hold about you, including confirmation of whether we process your data and a copy of that data.

You have the right to request correction of inaccurate or incomplete personal information. You can update most account information directly through your account settings.

You have the right to request deletion of your personal information, subject to certain exceptions (such as data we must retain for legal compliance or to complete transactions).

You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit that data to another controller, where technically feasible.

You have the right to request restriction of processing of your personal information in certain circumstances, such as when you contest accuracy or object to processing.

You have the right to object to processing of your personal information based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests or the processing is necessary for legal claims.

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

You may opt out of marketing communications at any time by: (a) clicking the “unsubscribe” link in any marketing email; (b) adjusting your communication preferences in account settings; or (c) contacting privacy@hypeo.ai. Opting out of marketing does not affect transactional or service-related communications.

If you are a California resident or resident of another U.S. state with applicable privacy law, you may opt out of the “sale” or “sharing” of your personal information (as those terms are defined under applicable law) by contacting privacy@hypeo.ai or using the “Do Not Sell or Share My Personal Information” link on our website.

Our Platform does not currently respond to “Do Not Track” browser signals. You can manage cookies and tracking through your browser settings and our Cookie Policy.

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI-powered features (matching, recommendations) assist human decision-making but do not make final decisions regarding payments, account status, or legal obligations without human oversight.

To exercise any of these rights, contact privacy@hypeo.ai. We will respond within the timeframe required by applicable law (generally 30-45 days). We may request information to verify your identity before processing your request. We will not discriminate against you for exercising your rights.

If we decline your request, you may appeal by contacting privacy@hypeo.ai with “Appeal” in the subject line. We will respond to appeals within the timeframe required by applicable law.

If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority in your jurisdiction, including:

• (a) EEA: Your local data protection authority;
• (b) UK: Information Commissioner's Office (ICO);
• (c) Morocco: Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel (CNDP);
• (d) U.S.: Federal Trade Commission (FTC) or your state attorney general.

You have the right to know the categories of personal information we collect, the sources from which it is collected, the purposes for collection, and the categories of third parties with whom we share it. This information is provided in this Privacy Policy.

Where applicable law provides, you have the right to limit our use of sensitive personal information to purposes necessary to provide the services. To exercise this right, contact privacy@hypeo.ai.

When you submit a request, we will verify your identity by: (a) matching information you provide with information we have on file; (b) requiring you to log into your account; or (c) requesting additional documentation. We cannot fulfill requests if we cannot verify your identity. We will only use information provided for verification purposes.

We will acknowledge receipt of your request within 10 business days and provide a substantive response within: (a) 30 days for GDPR requests (extendable by 60 days for complex requests); (b) 45 days for CCPA/CPRA requests (extendable by 45 days); and (c) timeframes required by other applicable law. If we need an extension, we will notify you of the reason and expected response date.

We implement technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction, including:

• (a) Encryption of data in transit (TLS/SSL) and at rest;
• (b) Access controls and authentication requirements;
• (c) Role-based access limitations;
• (d) Regular security assessments and penetration testing;
• (e) Employee training on data protection and security;
• (f) Incident response procedures;
• (g) Secure development practices; and
• (h) Third-party security audits.

While we take reasonable measures to protect your information, no system is completely secure. We cannot guarantee the absolute security of your information, and you provide information at your own risk.

You are responsible for maintaining the security of your account credentials and for all activities under your account. Notify us immediately at security@hypeo.ai if you suspect unauthorized access to your account.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

We require our service providers and vendors to maintain appropriate security measures and conduct due diligence on their security practices before engaging them to process personal information.

[If applicable: Hypeo maintains SOC 2 Type II certification / ISO 27001 certification / other relevant certifications. Information about our security certifications is available upon request.]

We maintain a responsible disclosure program for security researchers. If you discover a security vulnerability, please report it to security@hypeo.ai. Do not publicly disclose vulnerabilities until we have had an opportunity to address them.

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact privacy@hypeo.ai.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13.

We implement age-gating measures during registration to prevent minors from creating accounts. However, we cannot guarantee that all users are over 18 and rely in part on users’ self-reported age.

Our use of cookies and similar tracking technologies is described in detail in our Cookie Policy, which is incorporated into this Privacy Policy by reference.

We use:

• (a) Cookies: Small text files stored on your device;
• (b) Pixels/Web Beacons: Small graphics that track user behavior;
• (c) Local Storage: Data stored in your browser;
• (d) SDKs: Software development kits in mobile applications; and
• (e) Similar Technologies: Other technologies that collect or store information.

We use these technologies for:

• (a) Essential Functions: Authentication, security, and core Platform functionality;
• (b) Performance and Analytics: Understanding how users interact with the Platform;
• (c) Functionality: Remembering preferences and settings;
• (d) Advertising: Delivering and measuring targeted advertising (with consent where required).

You can manage cookies through: (a) our cookie consent banner (where applicable); (b) your browser settings; and (c) opt-out tools provided by advertising networks. Disabling certain cookies may affect Platform functionality.

We recognize the Global Privacy Control (GPC) signal as a valid opt-out request for the “sale” or “sharing” of personal information under applicable U.S. state privacy laws. If your browser sends a GPC signal, we will treat it as an opt-out request for that browser.

The Platform uses artificial intelligence and machine learning for various features, including:

• (a) Creator-Brand matching and recommendations;
• (b) Content analysis and categorization;
• (c) Fraud detection and platform integrity;
• (d) Engagement and performance predictions;
• (e) Search and discovery optimization; and
• (f) Customer support automation.

AI models may be trained using: (a) aggregated and de-identified user data; (b) Creator Content and profile information (as authorized under the Creator Terms); (c) campaign data (as authorized under the Brand Terms); and (d) publicly available data.

AI-powered features assist and inform human decision-making but do not make final decisions regarding: (a) account suspension or termination; (b) payment withholding or release; (c) fraud determinations with legal consequences; or (d) other decisions with significant legal or financial effects. Such decisions involve human review.

AI features are provided for informational purposes and may contain errors or inaccuracies. We do not guarantee the accuracy, reliability, or suitability of AI-generated outputs. You are solely responsible for evaluating and acting upon AI recommendations.

You have the right to: (a) receive information about AI-powered processing; (b) request human review of significant automated decisions; and (c) contest decisions that significantly affect you. Contact privacy@hypeo.ai to exercise these rights.

We engage in profiling (automated processing to evaluate certain personal aspects) for purposes including: (a) predicting Creator performance and engagement; (b) matching Creators with relevant Brands; (c) fraud risk assessment; and (d) personalizing the Platform experience. Profiling may affect the opportunities presented to you but does not result in decisions with legal or similarly significant effects without human oversight.

Certain AI features are integral to the Platform and cannot be disabled. However, you may request that specific AI-assisted recommendations not be applied to your account by contacting privacy@hypeo.ai. Note that opting out may limit Platform functionality.

We may update, retrain, or replace AI models from time to time. Such updates may affect the recommendations and outputs you receive. We do not guarantee consistency in AI outputs over time.

• (a) Legal Basis: See Section 4 for the legal bases for our processing.
• (b) Data Protection Officer: You may contact our data protection representative at dpo@hypeo.ai.
• (c) Transfers: See Section 6 for information about international transfers and safeguards.
• (d) Rights: You have the rights described in Section 8, including the right to lodge a complaint with your supervisory authority.

• (a) CNDP Compliance: Hypeo complies with Moroccan Law 09-08 (Loi relative à la protection des personnes physiques à l'égard du traitement des données à caractère personnel) and regulations issued by the CNDP.
• (b) Registration: Hypeo has filed required declarations with the CNDP for processing activities involving Moroccan users.
• (c) Rights: Moroccan users have rights of access, rectification, opposition, and deletion as provided under Law 09-08. To exercise these rights, contact privacy@hypeo.ai.
• (d) Transfers: International transfers of Moroccan user data are conducted in accordance with CNDP requirements, including obtaining authorizations where required.
• (e) Local Representative: For Morocco-specific inquiries, you may contact: [Insert Hypeo Morocco contact information].
• (f) Consent for Processing: Where required under Law 09-08, we obtain your consent before processing personal information. You may withdraw consent at any time, but withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
• (g) Data Localization: Certain data relating to Moroccan users may be stored on servers located in Morocco or in jurisdictions that have received CNDP authorization for international transfers.

• (a) Categories of Information: In the preceding 12 months, we have collected the categories of personal information described in Section 2, including identifiers, commercial information, internet activity, geolocation data, professional information, and inferences.
• (b) Sources: We collect information from the sources described in Section 2, including directly from you, automatically, and from third parties.
• (c) Purposes: We use information for the purposes described in Section 3, including providing services, marketing, and security.
• (d) Sharing: We share information as described in Section 5. We do not "sell" personal information for monetary consideration. To the extent any sharing constitutes a "sale" or "sharing" for cross-context behavioral advertising under CCPA/CPRA, you may opt out as described in Section 8.9.
• (e) Rights: California residents have the right to know, delete, correct, and opt out, as well as the right to non-discrimination. See Section 8.
• (f) Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.
• (g) Financial Incentives: We do not offer financial incentives for the collection of personal information.
• (h) Sensitive Personal Information: We collect limited sensitive personal information (government ID for verification) and use it only for permitted purposes.

• (a) Applicable Laws: We comply with state privacy laws including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and other applicable state laws.
• (b) Rights: Residents of these states have similar rights to those described in Section 8. To exercise your rights, contact privacy@hypeo.ai.

• (a) Legal Basis: We process personal information of Brazilian users based on: consent, contract performance, legitimate interests, legal compliance, and other bases permitted under the Lei Geral de Proteção de Dados (LGPD).
• (b) Rights: Brazilian users have rights including confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, consent withdrawal, and filing complaints with the ANPD.
• (c) Contact: For LGPD-related inquiries, contact privacy@hypeo.ai.

• (a) Applicable Laws: We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws for Canadian users.
• (b) Consent: We obtain your consent for the collection, use, and disclosure of personal information, except where permitted by law without consent.
• (c) Rights: Canadian users have rights to access and correct personal information and to withdraw consent, subject to legal limitations.
• (d) Contact: For privacy inquiries from Canadian users, contact privacy@hypeo.ai.

• (a) Applicable Laws: We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 for Australian users.
• (b) Cross-Border Disclosure: By using the Platform, Australian users consent to the disclosure of personal information to recipients outside Australia, including in the United States. We take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs.
• (c) Complaints: Australian users may lodge complaints with the Office of the Australian Information Commissioner (OAIC).

The Platform may integrate with or contain links to third-party websites, services, and applications, including social media platforms, payment processors, and analytics providers.

We are not responsible for the privacy practices of third parties. This Privacy Policy does not apply to any third-party services, and we encourage you to review their privacy policies before providing information.

When you connect social media accounts or interact with social media features on the Platform, those interactions are governed by the privacy policies of the respective social media platforms.

The Platform may display embedded content from third parties (such as social media posts or videos). Interacting with embedded content may allow the third party to collect information about you. We are not responsible for the data practices of content embedded from third-party sources.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

We will notify you of material changes by: (a) posting the updated Privacy Policy on the Platform with a new "Last updated" date; (b) sending an email to the address associated with your account; or (c) providing notice through the Platform interface.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with any changes, you should discontinue use of the Platform.

Material changes include, but are not limited to:

• (a) changes to the categories of personal information collected;
• (b) changes to the purposes for which personal information is used;
• (c) changes to the categories of third parties with whom information is shared;
• (d) changes that materially affect your rights; and
• (e) changes to the data controller identity.

Prior versions of this Privacy Policy are available upon request by contacting privacy@hypeo.ai.

Your Creator profile, including your name, photo, social media handles, content categories, and portfolio, is visible to Brands searching for Creators on the Platform. You can control certain profile visibility settings through your account.

When you connect social media accounts, we retrieve and share your metrics (follower counts, engagement rates, audience demographics) with Brands evaluating you for collaborations. This sharing is necessary to facilitate the Platform's matching functionality.

Your tax documentation (invoices, tax forms, identification) may be shared with Brands or Agencies as required by law for their tax compliance. Brands and Agencies are required to maintain the confidentiality of this information.

Creator Content you submit through the Platform may be used as described in Section 5.3 of the Creator Terms. This includes use for Platform operation, analytics, marketing (with limitations), and AI training.

Brands may rate and review you after collaborations. These ratings are visible to other Brands and affect your visibility in search results and recommendations.

When payments are processed through the Platform (“Platform Payments”), Hypeo deducts a Creator Fee of five percent (5%) from your gross payout. When Brands or Agencies pay you directly outside the Platform (“Direct Payments”), no Creator Fee applies, but Hypeo does not process, guarantee, or have visibility into such payments.

Information about your campaigns, including briefs, budgets, performance data, and client information (for Agencies), is stored on the Platform and used for the purposes described in this Privacy Policy.

When you receive Creator personal information through the Platform, you become a controller of that information for your own purposes. You are responsible for: (a) using Creator information only for purposes related to the collaboration; (b) maintaining appropriate security; (c) complying with applicable data protection laws; and (d) honoring Creator rights requests related to data you control.

If you add employees or other authorized users to your account (as permitted by your subscription plan), we collect their contact information and usage data. You represent that you have provided appropriate notice and obtained any necessary consents from these individuals.

Creators may rate and review you after collaborations. These ratings are visible to Creators evaluating collaboration opportunities.

If your subscription includes a Customer Success Manager (“CSM”) or Influence Success Manager (“ISM”), whether shared or dedicated, these personnel will have access to your account information, campaign data, Creator communications, and performance analytics as necessary to provide their services. CSM and ISM personnel are bound by confidentiality obligations.

If you are an Agency, you may provide information about your brand clients through the Platform. You represent and warrant that you have obtained all necessary consents and authorizations from your clients to share their information with Hypeo and to allow Hypeo to process such information as described in this Privacy Policy. You are responsible for ensuring your clients are informed of Hypeo’s data practices.

If you subscribe to the White Label Agency Mode add-on, you acknowledge that: (a) your branding will be displayed to Creators and clients interacting with your white-labeled Platform instance; (b) Hypeo remains the data controller for all personal data processed through the white-labeled instance; and (c) you are responsible for providing appropriate privacy disclosures to your clients and Creators regarding both your data practices and Hypeo's role as the underlying platform provider.

Enterprise Brands that require a Data Processing Addendum (DPA) or similar agreement for GDPR, CCPA, or other compliance purposes may request one by contacting legal@hypeo.ai.

Hypeo's standard DPA is available at [URL] and is incorporated by reference into the Brand & Agency Terms for Brands that are controllers of personal information processed through the Platform.

A list of Hypeo's sub-processors is available at [URL] or upon request. We will provide notice of changes to sub-processors as required by our DPA.