Welcome to Hyper, provided by Charmbracelet, Inc. ("Charm," "we," "us," or "our"). This Privacy Policy explains how we handle your information when you use Hyper, our AI inference platform and related services.
Privacy at a Glance
Here are our core privacy commitments, explained plainly:
We don’t train on your data
Your prompts and outputs are never used to train AI models. Period.
We don’t store your content
Prompts and outputs are not retained by default. Temporary retention occurs only for debugging, abuse prevention, or legal compliance, and is deleted promptly.
We don’t sell your data
We do not sell your personal information to anyone, for any reason.
We use privacy conscious analytics
We use privacy conscious analytics platforms to understand how users interact with our Services.
Information You Provide
Type
Examples
Account Data
Name, email address, username, password
Payment Data
Payment card details, billing address (processed securely by Stripe)
Content Data
Prompts, queries, and inputs you submit; outputs generated by the Services
Communications
Support requests, emails, feedback you send us
Information Collected Automatically
Type
Examples
Usage Data
API calls, endpoints accessed, timestamps, error logs
Device Data
IP address, browser type, operating system
Analytics Data
Pages visited, features used, session duration (via a privacy conscious analytics platforms)
We use your information to:
Provide the Services: Process your API requests, manage your account, handle billing
Improve the Services: Analyze usage patterns, debug issues, develop new features
Communicate with you: Respond to support requests, send service updates
Protect the Services: Detect fraud, enforce our terms, maintain security
Comply with law: Meet legal obligations, respond to lawful requests
What We Don’t Do
We do not use your Content Data to train AI models. Your prompts and outputs are processed solely to provide the Services to you.
We do not sell your personal information.
Sensitive Information
Do not submit sensitive personal information (such as health data, government IDs, or financial account numbers) through the Services unless you have a lawful basis and appropriate rights to do so. You are responsible for ensuring your use complies with applicable laws.
We share your information only in these specific circumstances:
Recipient
Purpose
Service Providers
Companies that help us operate (hosting, analytics, payment processing). They are contractually bound to protect your data.
Payment Processor
Stripe processes your payment information. See Stripe’s Privacy Policy.
Third-Party Model Providers
To process your API requests. See Section 4.
Legal Requirements
When required by law, court order, or to protect rights and safety.
Business Transfers
In connection with a merger, acquisition, or sale of assets.
We do not share your Content Data (prompts and outputs) with third parties except as necessary to process your requests through third-party model providers.
To provide the Services, we route your API requests to third-party AI model providers. When you submit a prompt:
Your Content Data is transmitted to the relevant provider to generate a response.
We select providers whose terms of service prohibit training on customer data.
We require contractual commitments from providers to protect your data.
Providers may process data in jurisdictions outside your location.
Content Data Storage
We do not store prompts or outputs by default. Temporary retention may occur for debugging, abuse prevention, or legal compliance. Such data is deleted as soon as reasonably practicable, typically within 30 days.
Essential Cookies
Required for the Services to function (authentication, security). These cannot be disabled.
Analytics
Currently, we use PostHog, a privacy conscious analytics platform, to understand how users interact with our Services. PostHog collects usage data such as pages visited, features used, and session information. For more information, see PostHog’s Privacy Policy. We may use another privacy conscious analytics platform in the future.
How to Control Cookies
Most browsers allow you to refuse or delete cookies. Note that disabling essential cookies may affect functionality.
We implement industry-standard security measures including:
Encryption in transit (TLS) and at rest
Access controls and authentication
Regular security assessments
No method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and API keys.
We retain your information according to the following schedule:
Data Type
Retention Period
Purpose
Account Data
Until account deletion + 30 days
Account management; legal compliance
Payment Data
As required by law
Billing, tax, legal obligations
Content Data
Not stored by default; up to 30 days if temporarily retained
Debugging, abuse prevention, legal compliance
Usage Data (operational)
90 days
Error diagnosis, API performance monitoring
Usage Data (analytics)
24 months
Aggregate trend analysis, capacity planning
Communications
Duration of support request + 12 months
Support continuity, legal requirements
Account Deletion
When you delete your account, we delete or anonymize your personal information within 30 days. Residual copies may persist in encrypted backups for up to 90 days. Retention beyond these periods occurs only where required by law.
The Services are operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States or other jurisdictions where our service providers operate.
For Users in the EEA, UK, and Switzerland
When we transfer personal data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Data roles:
Charm acts as a data controller for Account Data, Usage Data, and Analytics Data.
Charm acts as a data processor when processing your Content Data on your behalf.
A Data Processing Agreement (DPA) is available upon request by contacting legal@charm.land.
All Users
Access and update your account information through your dashboard
Delete your account
Request a copy of your data
EEA, UK, and Switzerland Residents
Under GDPR and UK GDPR, you have the right to: access your personal data, correct inaccurate data, request deletion, restrict or object to processing, data portability, withdraw consent, and lodge a complaint with a supervisory authority.
California Residents
Under the CCPA, you have the right to: know what personal information we collect and how we use it, request deletion of your personal information, opt out of the sale of personal information (we do not sell personal information), and non-discrimination for exercising your rights.
Other US States
Residents of Colorado, Connecticut, Virginia, and other states with privacy laws may have similar rights. Contact us to exercise your rights.
How to Exercise Your Rights
Contact us at legal@charm.land or submit a request to Charmbracelet, Inc., 185 Wythe Ave, 2nd Floor, Brooklyn, NY 11249, Attention: Legal. We will respond within the timeframe required by applicable law (typically 30–45 days). We may need to verify your identity before processing your request. Any disclosures we provide will cover the 12-month period preceding the date we verify a request.
The Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.
If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@charm.land.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our website prior to the changes taking effect.
Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our privacy practices:
Charmbracelet, Inc. 185 Wythe Ave, 2nd Floor Brooklyn, NY 11249
Email: legal@charm.land
Last Updated: May 2026