Privacy Policy

Who We Are

HYP Yoga is operated by Joshua Judd as a sole proprietorship under the name HYP Yoga, based in the United States. We are a yoga study platform offering classical texts, study tools, and AI-powered companions. When this policy says "we," "us," or "our," it refers to HYP Yoga and its operator.

HYP Yoga is the data controller for the personal data described in this policy. For any privacy-related questions, or to exercise your data rights, you can reach us at namaste@hyp.yoga.

What We Collect and Why

Account information: When you create an account, we collect your email address, display name, username, and optional biography. If you sign in through Google or Memberful, we receive basic profile information from those services. We process this data to perform our contract with you (providing the service you signed up for).

Content you create: Journal entries, Sparkmarks, Voice Sparks (audio recordings), profile information, and any other content you create on the platform is stored in our database. Journal entries may be public or private at your discretion. We process this data to perform our contract with you.

AI Companion conversations: Messages you send to SwamiGPT and DharmaGPT are transmitted to third-party AI providers (OpenAI and Anthropic) to generate responses. We track daily message counts for rate limiting but do not permanently store the content of your conversations. We process this data based on your consent, which you provide when you first interact with an AI Companion.

Subscription information: If you subscribe to a paid tier, your subscription is managed by Memberful. Payment processing is handled by Stripe through Memberful. We receive your subscription status and tier level but never see or store your payment card details. We process this data to perform our contract with you.

Usage data: We collect basic usage data necessary to operate the site, such as authentication sessions and feature usage counts. We process this data based on our legitimate interest in maintaining the security and functionality of the platform. We do not use analytics trackers, advertising pixels, or any form of behavioral tracking. We do not track you for advertising purposes and never will.

Lawful Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal data:

Contract performance: Processing your account information, content, and subscription data is necessary to provide you with the HYP Yoga service you signed up for.

Consent: When you interact with our AI Companions (SwamiGPT and DharmaGPT), your messages are transmitted to third-party AI providers. You provide consent for this when you first use these features. You can withdraw consent at any time by simply not using these features; previously processed messages cannot be recalled from the AI providers but no new data will be transmitted.

Legitimate interest: We have a legitimate interest in maintaining the security, integrity, and functionality of the platform, which includes rate limiting, authentication session management, and abuse prevention.

How We Use Your Information

We use your information to provide and improve the HYP Yoga platform: authenticating your account, displaying your content, managing your subscription, enforcing rate limits, and delivering AI Companion responses. That is the extent of it. We do not sell, rent, or share your personal information with advertisers or data brokers. We do not build behavioral profiles. We do not serve ads.

Third-Party Services and Data Processors

We rely on the following third-party services to operate HYP Yoga. Each acts as a data processor on our behalf and has its own privacy practices:

Supabase (United States) provides our authentication system and database hosting. Your account data and content are stored on Supabase infrastructure. Memberful (United States, via Stripe) handles paid subscription management and payment processing. OpenAI (United States) and Anthropic (United States) process messages you send to our AI Companions. Netlify (United States) hosts and serves the website. Resend (United States) handles transactional email delivery for subscription notifications.

All fonts used on HYP Yoga are self-hosted on our own servers. No requests are made to external font providers when you visit the site.

International Data Transfers

HYP Yoga is operated from the United States. If you are accessing the platform from outside the United States, including from the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data will be transferred to and processed in the United States.

Our third-party service providers are all based in the United States. Where required by applicable law, these transfers are supported by appropriate safeguards, including the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or equivalent mechanisms recognized by the European Commission.

By using HYP Yoga, you acknowledge that your data will be processed in the United States. If you have concerns about international data transfers, please contact us at namaste@hyp.yoga.

Cookies and Local Storage

HYP Yoga uses cookies and browser local storage strictly for functional purposes that are essential to the operation of the site. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

Authentication session: Supabase stores a session token in your browser's local storage to keep you logged in. This is strictly necessary for the service to function.

Draft autosave: When composing a journal entry, your draft is temporarily saved in local storage so it can be recovered if you navigate away. This data stays in your browser and is cleared when you publish.

AI consent acknowledgment: When you first use an AI Companion, we store a flag in local storage recording that you have acknowledged your messages will be processed by third-party AI providers.

Privacy notice dismissal: When you dismiss the privacy notice banner, we store a flag so it is not shown again.

Because we only use strictly necessary cookies and storage (no analytics, no advertising, no tracking), no cookie consent is required under the ePrivacy Directive. We provide these details for transparency.

Data Retention

Account and profile data: Retained for as long as your account is active. Upon account deletion, your profile data is permanently deleted within 30 days.

Journal entries, Sparkmarks, and Voice Sparks: Retained for as long as your account is active. Upon account deletion, all content is permanently deleted within 30 days. You may delete individual entries at any time.

AI Companion messages: Message content is not stored by HYP Yoga. Daily message counts are retained for rate-limiting purposes and reset each day. Messages transmitted to OpenAI and Anthropic are subject to those providers' own retention policies.

Subscription data: Subscription status and tier information are retained for as long as your account is active. Payment records are maintained by Memberful and Stripe in accordance with their own retention policies and applicable financial regulations.

Your Data Rights

Regardless of where you are located, HYP Yoga provides the following data rights to all users:

Right of access: You can request a copy of all personal data we hold about you.

Right to rectification: You can update your profile information, journal entries, and other content directly on the site at any time. For data you cannot edit yourself, contact us and we will correct it.

Right to erasure: You may request deletion of your account and all associated data by emailing namaste@hyp.yoga. We will process your request within 30 days.

Right to data portability: You can export your journal entries and Sparkmarks at any time using the built-in export tools on your profile page. For a complete data export in a machine-readable format, contact us.

Right to restrict processing: You can request that we limit how we use your data while a complaint or concern is being resolved.

Right to object: You can object to processing based on our legitimate interests. We will stop processing your data unless we have compelling legitimate grounds that override your interests.

Right to withdraw consent: Where we rely on consent (such as for AI Companion conversations), you can withdraw consent at any time by ceasing to use the feature.

To exercise any of these rights, email us at namaste@hyp.yoga. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority (a list is available at edpb.europa.eu).

Data Security

We use industry-standard security practices to protect your data, including encrypted connections (HTTPS with HSTS preloading), secure authentication through Supabase, row-level security on our database, Content Security Policy headers, signed upload URLs for file storage, and server-side validation of all tier-gated features. However, no system is perfectly secure, and we cannot guarantee absolute security.

Children

HYP Yoga is not intended for children under the age of 16 (or the minimum age required by applicable law in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe a child has provided us with personal information, please contact us at namaste@hyp.yoga and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will make reasonable efforts to notify registered users by email at least 14 days before the changes take effect.

Contact

If you have questions about this privacy policy, how your data is handled, or wish to exercise any of your data rights, contact us at namaste@hyp.yoga.