Privacy Policy

1. Information We Collect

HyperXI, operated by Escape Tech Enterprises LLC ("we", "us", "our"), collects the following types of information:

• Tenant administrator information: Name, email address, business name, and billing details provided during account registration and subscription management.
• Customer booking data: Information submitted by end customers when making bookings through your HyperXI-powered booking pages, including names, email addresses, phone numbers, and booking preferences.
• Usage analytics: Information about how you interact with the Service, including pages visited, features used, API call volume, and general usage patterns. This data is collected in aggregate to improve the Service.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the HyperXI booking platform.
• Process payments and manage subscriptions through our payment provider.
• Send transactional notifications such as booking confirmations, reminders, and account-related communications.
• Respond to support inquiries and provide customer assistance.
• Analyze usage patterns to improve the Service and develop new features.
• Comply with legal obligations and enforce our Terms of Service.

3. Data Sharing

We do not sell, rent, or trade your personal information or your customers' data to third parties. We share data only with the following service providers, solely to operate the Service:

• Stripe: For payment processing and subscription billing. Stripe processes payment card data directly and is PCI DSS compliant.
• Amazon Web Services (AWS) SES: For sending transactional emails such as booking confirmations and account notifications.
• Twilio: For sending SMS notifications such as booking reminders, when enabled by the tenant.

Each of these providers is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each provider to perform its function.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on a dedicated server. We implement the following security measures to protect your information:

• All passwords are hashed using bcrypt before storage. We never store plaintext passwords.
• All data in transit is encrypted using SSL/TLS (HTTPS).
• Access to production systems is restricted to authorized personnel only.
• API authentication uses secure tokens with appropriate expiration policies.

While we take reasonable precautions to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Tenant Data

HyperXI is a multi-tenant platform. Each tenant's data is logically isolated from other tenants. Tenant administrators can only access data belonging to their own account.

You own all data created within your tenant account, including booking records, customer information, room configurations, and business settings. You may export your data at any time or request its deletion by contacting us.

6. Cookies

HyperXI uses a minimal set of cookies:

• Session cookies: Used to maintain your authenticated session after login. These are essential for the Service to function and expire when you log out or after a period of inactivity.
• CSRF tokens: Used to protect against cross-site request forgery attacks. These are security cookies and do not track your behavior.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

7. Third-Party Services

The Service integrates with the following third-party services. Each has its own privacy policy governing how it handles data:

• Stripe -- Payment processing and subscription management.
• AWS (Amazon Web Services) -- Email delivery (SES) and infrastructure services.
• Twilio -- SMS notifications.
• Google Calendar -- Optional calendar synchronization for booking schedules, when enabled by the tenant.
• Vercel -- Frontend hosting and content delivery.

8. Data Retention

We retain your data according to the following policies:

• Active accounts: Your data is retained for as long as your account remains active and your subscription is current.
• Cancelled accounts: After cancellation, we retain your data for a 90-day grace period during which you may reactivate your account or request a data export. After 90 days, all tenant data is permanently deleted from our systems.
• Backups: Data may persist in encrypted backups for a limited period after deletion from production systems, after which backup data is also purged.

9. Your Rights

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request correction of inaccurate or incomplete information.
• Deletion: You may request deletion of your personal information, subject to any legal obligations requiring us to retain certain records.
• Export: You may request an export of your tenant data in a standard, machine-readable format.

To exercise any of these rights, contact us at escapetech@escapetech.rocks. We will respond to your request within 30 days.

10. Children's Privacy

HyperXI is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at escapetech@escapetech.rocks.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice within the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Escape Tech Enterprises LLC
Email: escapetech@escapetech.rocks