Hype API Privacy Policy

Effective Date: December 5, 2025

1. Information Collection

1.1 Information We Collect

When you use the Service, we collect the following information:

1.2 Cookies and Similar Technologies

The Service uses Cookies to store your login session information so you can remain logged in and use the service normally.

1.3 Information Collected by Cloudflare

We use Cloudflare as our CDN and DDoS protection service. Cloudflare may collect the following technical information; in addition, we collect and may retain IP addresses for each request (successful or failed) for security, logging and abuse prevention:

• IP addresses (for security protection, traffic routing, and abuse investigation)
• Browser type and version
• Access timestamps
• HTTP request header information

This information is collected and processed by Cloudflare and by us for security purposes. Cloudflare's data processing is governed by its privacy policy; we may retain IP records for a reasonable period to support security investigations and legal compliance.

1.4 Information We Do NOT Collect

• We do not log your API request content or response content
• We do not use any analytics or tracking tools
• We do not collect your browsing history or device information

2. Information Usage

2.1 How We Use Your Information

The information we collect is used solely for the following purposes:

• Authentication: Verify your identity and provide access
• Service Provision: Maintain and improve service functionality
• Security Protection: Monitor and prevent abuse, fraud, or illegal activities
• Technical Support: Assist in resolving issues you may encounter
• Rate Limiting: Implement 2 requests per minute rate limit
• Service Optimization: Improve service performance through usage statistics

2.2 We Will NOT Use Your Information For

• Marketing or advertising purposes
• Selling or renting to third parties
• Sharing with unauthorized third parties

3. Information Storage and Security

3.1 Data Storage

• API Service (api.hype3808.dev): Data is stored on DigitalOcean Virtual Private Servers (VPS) using PostgreSQL database
• Redemption System (redeem.hype3808.dev): Default users' redemption cooldown records are stored in a PostgreSQL database hosted on Neon.tech

3.2 Data Retention Period

• Your account data will be retained as long as the Service continues to operate
• If you delete your account, your data will be permanently deleted
• API usage logs will be retained for a reasonable period to maintain service security and performance

3.3 Security Measures

We take the following security measures to protect your data:

• Data Encryption: Encryption during transmission and storage
• Secure Servers: Industry-standard secure server configurations
• Database Security: PostgreSQL database with strong password protection
• Access Control: Strict limitations on user data access
• DDoS Protection: Using Cloudflare for DDoS attack protection and traffic filtering
• CDN Acceleration: Secure content delivery through Cloudflare CDN
• Regular Backups: Regular data backups to prevent data loss

Although we take reasonable security measures, please note that no method of Internet transmission or electronic storage is 100% secure.

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

The Service uses the following third-party services:

• Discord: For user authentication
• Auth0: For OIDC authentication flow
• DigitalOcean: For API service data storage and hosting
• Neon.tech: For Redemption System database hosting (stores only default users' redemption cooldown)
• Cloudflare: For Content Delivery Network (CDN) and DDoS protection for all services

These third-party service providers have their own privacy policies, which we recommend reviewing:

• Discord Privacy Policy: https://discord.com/privacy
• Auth0 Privacy Policy: https://auth0.com/privacy
• Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

4.2 Legal Requirements

We may disclose your information in the following circumstances:

• Compliance with legal obligations or legal processes
• Response to legitimate government or law enforcement requests
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

4.3 No Data Sales

We will never sell, trade, or rent your personal information to third parties for marketing purposes.

5. Your Rights

As a user, you have the following rights:

5.1 Right to Access

You have the right to request access to personal information we hold about you.

5.2 Right to Deletion

You have the right to request deletion of your personal information. After account deletion, all related data will be permanently deleted.

5.3 Right to Modification

You have the right to update or modify your personal information (through Discord account management).

5.4 Right to Withdraw Consent

You can stop using the Service at any time and request deletion of your data.

5.5 How to Exercise Your Rights

To exercise any of the above rights, please contact us through:

6. Children's Privacy

6.1 Age Restrictions

The Service is not intended for children who have not reached the legal age in their country or region.

6.2 Parental Consent

If you have not reached legal age, you must use this Service under the consent and supervision of a parent or guardian.

6.3 Children's Data Protection

If we discover that we have collected information from minors without appropriate consent, we will take steps to delete such information as soon as possible.

7. International Data Transfers

Because the Service uses cloud infrastructure, your data may be processed and stored outside your country or region. By using the Service, you consent to such data transfers.

8. Data Protection Compliance

Although the Service operator is located in Malaysia, we are committed to complying with applicable data protection laws and regulations, including but not limited to:

• Malaysia Personal Data Protection Act (PDPA)
• Other applicable international data protection standards

9. Automated Decision-Making

The Service does not use automated decision-making or profiling based on your personal data. Technical measures such as rate limiting are based on usage patterns rather than personal characteristics.

10. Privacy Policy Changes

10.1 Update Notifications

We may update this Privacy Policy from time to time. For significant changes, we will notify you through:

• Announcements on the Discord server (Odysseia)
• Updating the "Effective Date" at the top of this page

10.2 Continued Use

Continued use of the Service after Privacy Policy updates indicates your acceptance of the modified policy.

11. Contact Us

If you have any questions, comments, or complaints about this Privacy Policy, or wish to exercise your data rights, please contact us through:

We will respond to your request as soon as possible (typically within 30 days).

12. Data Breach Notification

If a data breach occurs that may affect the security of your personal information, we will:

• Promptly assess the scope and impact of the breach
• Notify affected users within a reasonable timeframe
• Take measures to mitigate potential harm
• Report to relevant regulatory authorities as required by law

13. Third-Party Links

The Service may contain links to third-party websites or services (such as SillyTavern, Discord). We are not responsible for the privacy practices of these third parties. We recommend reviewing the privacy policies of these websites.

14. Business Transfers

If ownership of the Service changes (such as through sale, merger, or acquisition), your information may be transferred as part of the assets. In such cases, we will notify you, and the new owner will continue to be bound by this Privacy Policy.

15. Complete Agreement

This Privacy Policy, together with the Hype API User Agreement, constitutes the complete agreement between you and us regarding privacy and data protection.