HyperTribe
Start

Privacy Policy

Last updated: May 2026. Draft — pending legal review.

This policy explains how HyperTribe Music Services Ltd (company number 14184929, registered in England and Wales) collects, uses, and protects your personal data when you use HyperTribe. We are the data controller for personal data we hold about you, except where we act as a processor on behalf of an organisational Customer (see section 11).

1. What data we collect

We collect data you give us directly (name, email, organisation, role, payment details), data generated as you use the service (posts, messages, attendance, submissions, behavioural scores derived from your activity), and limited data from third-party integrations you connect (e.g. Spotify, Chartmetric, Instagram where you authorise it). We also collect technical data automatically (IP address, browser, device, pages visited).

2. Lawful basis

We process your personal data on the following bases under UK GDPR:

  • Contract — to provide the service you have signed up for, including account, membership benefits, payment processing.
  • Legitimate interest — to operate, secure, and improve the service, prevent fraud, and produce aggregated insights. You can object to this processing.
  • Consent — for analytics cookies and for marketing emails. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, anti-money-laundering, and other statutory requirements.

3. How we use your data

To deliver the service (account, community, Creator Reports, opportunity matching, intro drafts, events), to process payments, to communicate with you about your account or new features, to provide customer support, to detect and prevent fraud or abuse, and to produce aggregated and anonymised analytics about how the platform is used.

4. AI processing

We use AI models to analyse activity, draft messages, score behaviour, and surface patterns. AI providers we use are listed in section 6. Your data is not used to train third-party AI models without your explicit consent.

5. Cookies

We use essential cookies that make the site work (login session, security). We use analytics cookies only with your consent, captured via our cookie banner. You can change your preference at any time by clearing your browser's site data for hypertribe.com, which re-shows the banner.

6. Who we share data with

We share personal data only with providers who help us deliver the service. Each is bound by a written agreement and may only use the data on our instructions. Our current key sub-processors include:

  • Supabase — application database and authentication
  • Vercel — website and application hosting
  • Stripe — payment processing
  • Circle — community platform
  • Brevo — transactional and marketing email
  • Google Workspace — internal email and documents
  • Anthropic, OpenAI, Google — AI model providers powering analysis and drafting features

An up-to-date list is available on request from privacy@hypertribe.com. We will give 30 days' notice of material changes to organisational Customers.

7. International transfers

Some of our processors are based outside the UK or EU (notably in the United States). Where this is the case, transfers are protected by appropriate safeguards: the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or equivalent mechanisms approved by the UK Information Commissioner's Office.

8. How long we keep your data

We keep your data only as long as needed for the purpose we collected it:

  • Account data: while your account is active, plus 12 months after closure
  • Payment records: 7 years (UK tax law)
  • Marketing email subscriptions: until you unsubscribe
  • Community content (posts, messages): retained while your account is active; on account deletion we anonymise content where deletion would break thread context
  • Support tickets: 24 months from resolution
  • Website analytics: 14 months (Google Analytics default) or as configured

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Have your data deleted (the “right to erasure”)
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time where we rely on consent
  • Complain to the UK Information Commissioner's Office (ICO)

10. How to exercise your rights

Email privacy@hypertribe.com with your request. We will respond within 30 days (extendable to 90 days for complex requests, in which case we will tell you within 30 days). You can also complain to the ICO at ico.org.uk or 0303 123 1113.

11. When we act as a processor

When an organisational Customer (label, agency, sports body) uses HyperTribe to manage members of their team or roster, the Customer is the data controller for those members' data and we act as data processor. In that case data subject rights are exercised through the Customer, who can request our assistance via the Data Processing Addendum.

12. Security

We use industry-standard measures to protect personal data, including encryption in transit (TLS) and at rest, access controls, audit logging, and regular review of our sub-processors. No method of transmission over the internet is fully secure, so we can't guarantee absolute security, but we work to a high standard and will notify you of any breach affecting your data without undue delay where the law requires it.

13. Children

HyperTribe is not intended for anyone under 18. We do not knowingly collect data from people under 18. If you believe we have, please contact privacy@hypertribe.com and we will delete it.

14. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top reflects the most recent version. We will notify you by email or in-app notice of material changes.

15. Contact

Data protection queries: privacy@hypertribe.com. General contact: HyperTribe Music Services Ltd, registered office details available from Companies House (company number 14184929).