Privacy Policy Hypereum Ltd

Last updated: 26 March 2026

Hypereum Ltd ("Hypereum", "we", "us", "our") is committed to protecting the privacy and personal data of individuals who interact with our website and services. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with our website at www.hypereum.tech (the "Site").

This Policy applies to all visitors and users of the Site regardless of location. Hypereum is based in the United Kingdom and primarily operates under the UK General Data Protection Regulation ("UK GDPR"). Where users are located in the European Economic Area, the EU General Data Protection Regulation ("EU GDPR") applies. For users in the United States, relevant provisions of the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") and other applicable US state privacy laws are addressed in this Policy.

As Hypereum expands its operations into additional jurisdictions, this Policy will be updated to reflect compliance with applicable local data protection laws, including but not limited to the Swiss Federal Act on Data Protection ("FADP"), Brazil's Lei Geral de Proteção de Dados ("LGPD"), the United Arab Emirates Personal Data Protection Law ("UAE PDPL"), and the People's Republic of China Personal Information Protection Law ("PIPL"). Users in these jurisdictions are encouraged to contact us at privacy@hypereum.tech with any data protection enquiries.

This Policy does not constitute legal advice. If you have questions about your rights under applicable data protection law, we recommend consulting qualified legal counsel.

1. Identity and contact details

1.1 The data controller responsible for the processing of personal data described in this Policy is:

1.2 Contact email for all data protection enquiries: privacy@hypereum.tech

1.3 General enquiries: info@hypereum.tech

1A. Designation under Article 27 EU GDPR

1A.1 Hypereum Ltd is established in the United Kingdom and is not established in the European Union. As of the date of this Policy, Hypereum relies on the exemption provided by Article 27(2)(a) of the EU GDPR on the basis that its processing of personal data of EU data subjects is occasional, does not include large-scale processing of special categories of data or personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope, and purposes of the processing.

1A.2 This exemption will be reviewed if the nature, scale, or scope of Hypereum's data processing activities changes — in particular, if Hypereum launches commercial products or services that involve systematic processing of EU data subjects' personal data. At that point, Hypereum will designate a representative in the EU in accordance with Article 27 EU GDPR and update this Policy accordingly.

1A.3 In the meantime, EU data subjects may direct any data protection enquiries to: privacy@hypereum.tech.

2. Categories of personal data

2.1 We collect the following categories of personal data:

(a) Contact form data. When you submit the contact form on our Site, we collect: your name, work email address, company name, industry, and the content of your message. All fields are provided voluntarily by you.

(b) Automatically collected data. When you visit the Site, our hosting infrastructure (Cloudflare) automatically collects certain technical data, including: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and approximate geographic location derived from IP address. This data is collected through server logs and is necessary for the security and operation of the Site.

(c) Cookie data. We use strictly necessary cookies for Site functionality and security. Details are provided in our Cookie Policy.

2.2 We do not collect sensitive personal data (also known as special category data under UK/EU GDPR, or sensitive personal information under CCPA/CPRA). This includes but is not limited to: racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

2.3 We do not knowingly collect personal data from children under the age of 16 (or such other minimum age as required by applicable local law). If we become aware that we have collected personal data from a child without appropriate consent, we will delete such data promptly.

3. Purposes and legal bases

3.1 We process personal data for the following purposes and on the following legal bases:

3.2 We do not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

3.3 We do not sell, share (as defined under CCPA/CPRA), or otherwise make available personal data to third parties for monetary or other valuable consideration.

3.4 We do not use personal data for targeted advertising, cross-context behavioural advertising, or interest-based advertising.

4. Recipients of personal data

4.1 We may share personal data with the following categories of recipients, solely for the purposes described in this Policy:

(a) Hosting and infrastructure providers. Cloudflare, Inc. (for website hosting, CDN, and security services). Cloudflare processes technical data (IP addresses, request metadata) as a data processor on our behalf.

(b) Form processing. Contact form submissions are processed by Cloudflare Workers (cloudflare.com) as part of our existing hosting infrastructure. Form data (name, work email, company, industry, message) is processed and stored within our Cloudflare account and is not shared with third-party form processing services. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

(c) Professional advisors. We may share data with legal counsel, accountants, or auditors when necessary for the provision of professional services to Hypereum.

(d) Law enforcement and regulatory authorities. We may disclose personal data where required by applicable law, regulation, legal process, or governmental request.

4.2 We require all third-party processors to process personal data only on our documented instructions, to implement appropriate technical and organisational security measures, and to comply with applicable data protection law. Where required by law, we enter into Data Processing Agreements with such processors.

4.3 We do not transfer personal data to any other categories of recipients beyond those described above.

5. Cross-border data transfers

5.1 Hypereum is based in the United Kingdom. Personal data collected through the Site may be processed in the United Kingdom and in any country where our hosting infrastructure or processors operate (including the United States, where Cloudflare maintains infrastructure).

5.2 Where personal data is transferred from the UK or EEA to a country that has not been recognised as providing an adequate level of data protection, we implement appropriate safeguards as required by applicable law. These may include:

(a) Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO);

(b) The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs;

(c) Adequacy decisions by the European Commission or UK Secretary of State;

(d) Other lawful transfer mechanisms recognised under applicable law.

5.3 You may request information about the specific safeguards applied to transfers of your personal data by contacting us at privacy@hypereum.tech.

6. Retention periods

6.1 We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

6.2 Specific retention periods:

(a) Contact form submissions: Retained for 24 months from the date of submission, unless an ongoing business relationship is established, in which case data is retained for the duration of the relationship plus 24 months.

(b) Server logs and technical data: Retained for up to 90 days for security and operational purposes.

(c) Legal compliance data: Retained for the period required by applicable law.

6.3 When personal data is no longer needed, we securely delete or anonymise it in accordance with our data retention procedures.

7. Security measures

7.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include but are not limited to:

(a) Encryption of data in transit (TLS/HTTPS);

(b) Access controls limiting access to personal data to authorised personnel;

(c) Regular review of security practices and procedures;

(d) Use of reputable third-party infrastructure providers with established security practices.

7.2 While we take reasonable measures to protect personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data.

8. Rights under applicable data protection law

8.1 Depending on your location and applicable law, you may have the following rights regarding your personal data:

Rights under UK GDPR and EU GDPR (EEA/UK residents):

(a) Right of access — the right to obtain confirmation of whether we process your personal data and to receive a copy of such data (Article 15).

(b) Right to rectification — the right to request correction of inaccurate personal data (Article 16).

(c) Right to erasure — the right to request deletion of your personal data in certain circumstances (Article 17).

(d) Right to restriction — the right to request restriction of processing in certain circumstances (Article 18).

(e) Right to data portability — the right to receive your personal data in a structured, commonly used, machine-readable format (Article 20).

(f) Right to object — the right to object to processing based on legitimate interests, including direct marketing (Article 21).

(g) Right to withdraw consent — where processing is based on consent, the right to withdraw consent at any time (Article 7(3)).

(h) Right to lodge a complaint — the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO): ico.org.uk. In the EU, this is the data protection authority of the Member State where you reside or where the alleged infringement occurred.

Rights under CCPA/CPRA (California residents) and other US state privacy laws:

(i) Right to know — the right to know what personal information is collected, used, disclosed, or sold.

(j) Right to delete — the right to request deletion of personal information.

(k) Right to correct — the right to request correction of inaccurate personal information.

(l) Right to opt-out of sale/sharing — we do not sell or share personal information as defined under the CCPA/CPRA.

(m) Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

(n) Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined under the CCPA/CPRA.

These rights also apply, with jurisdiction-specific variations, to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Nevada, and Utah, to the extent applicable.

Rights under other applicable data protection laws:

(o) If you are located in a jurisdiction with applicable data protection legislation not specifically addressed above (including but not limited to Switzerland, Brazil, the UAE, or China), you may have rights similar to those described above. Please contact us at privacy@hypereum.tech to exercise any applicable rights, and we will respond in accordance with the requirements of your local law. As Hypereum expands its operations, this section will be updated to address jurisdiction-specific rights in detail.

8.2 To exercise any of these rights, contact us at privacy@hypereum.tech. We will respond to your request within the timeframe required by applicable law (generally within 30 days, or one calendar month under UK/EU GDPR).

8.3 We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request, as permitted by applicable law.

8.4 Global Privacy Control (GPC). We recognise and honour browser-based privacy signals such as the Global Privacy Control where required by applicable law, including under the CCPA/CPRA.

9. Links to external sites

9.1 The Site may contain links to third-party websites (e.g., hivemindax.com, LinkedIn, Companies House, ICO register). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

10. Updates

10.1 We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this Policy indicates when it was last revised.

10.2 Where changes are material, we will take reasonable steps to notify affected individuals — for example, by posting a notice on the Site.

11. How to contact us

11.1 For all data protection enquiries, requests to exercise your rights, or complaints:

11.2 If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.