Hypeliv Private Limited is a company incorporated in India with its registered office at Flat 101, Plot 603, Sarthak Enclave, Sector-1, Vaishali, Ghaziabad – 201010, Uttar Pradesh, India. We are the data controller for information processed through the Service. You can reach us at info@hypeliv.com.

Momentum is a B2B social-media-automation product. Our customers are businesses ("Clients"). End users of those businesses' social channels are not direct users of the Service.

We use the information described above to:

• Provide, operate, and improve the Service.
• Generate content on your behalf using AI providers (see Section 5).
• Publish content you have approved to the social platforms you have connected.
• Authenticate users, prevent abuse, and secure the Service.
• Communicate with you about the Service, including service notices and support responses.
• Comply with applicable laws.

We do not use your data, your content, or platform-derived data to train any AI model.

Where the GDPR, the UK GDPR, or India's Digital Personal Data Protection Act, 2023 applies, we rely on the following legal bases:

• Performance of a contract — to deliver the Service you signed up for.
• Legitimate interests — to secure, maintain, and improve the Service.
• Consent — for connecting third-party platforms and for any optional communications.
• Legal obligation — when required by law.

We share information only with the following categories of recipients, and only to the extent needed for the purposes described above:

Each sub-processor receives only the minimum data needed for its function. We do not sell personal information.

We may also disclose information if required by law, regulation, valid legal process, or to protect the rights, property, or safety of Hypeliv, our users, or others.

• Account information: retained while your account is active; deleted within 30 days of account closure unless we are required to retain it longer.
• OAuth tokens: retained until you disconnect the platform or close your account, after which they are deleted within 7 days.
• Generated media and content: retained while your account is active and for up to 90 days after closure for recovery purposes, then permanently deleted.
• Logs: retained for up to 12 months for security and audit purposes.

OAuth access tokens are encrypted at rest using AES-256-GCM.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Request deletion of your information.
• Object to or restrict certain processing.
• Withdraw consent at any time.
• Lodge a complaint with a data protection authority.

To exercise any of these rights, email info@hypeliv.com. We will respond within the timeframes required by applicable law.

You can revoke our access to any connected platform at any time:

• Inside Momentum — open Settings → Connected accounts → Disconnect.
• From the platform itself — Instagram, LinkedIn, or YouTube account settings.

To request deletion of all data Hypeliv holds about you (including data received from Meta), email info@hypeliv.com with the subject line "Data deletion request". We will confirm completion within 30 days.

A self-service data-deletion page will be available at momentum.hypeliv.com/data-deletion in a future release.

We use industry-standard safeguards including TLS for data in transit, encryption of OAuth tokens at rest (AES-256-GCM), least-privilege access controls, and audit logging. No system is perfectly secure; if we ever become aware of a breach affecting your information, we will notify you and the relevant authorities as required by law.

Hypeliv is based in India. Your data may be processed in India and in any country where our sub-processors operate (including the United States and the European Union). Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

The Service is not directed at children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

We may update this Policy from time to time. Material changes will be communicated via email or a notice in the Service at least 14 days before they take effect. The "Last Updated" date above always reflects the current version.

If you have any questions about this Policy, please contact us: