Privacy Policy
Last updated: 25 June 2026
Hypernova One ("we", "us", "our") respects your privacy and is committed to protecting your personal information globally. This policy explains what we collect, why we collect it, and your rights under the laws that may apply to you, including:
- South Africa — Protection of Personal Information Act, 4 of 2013 ("POPIA")
- European Union & United Kingdom — EU General Data Protection Regulation 2016/679 ("GDPR") and UK GDPR
- California, USA — California Consumer Privacy Act, as amended by the CPRA ("CCPA/CPRA")
- Brazil — Lei Geral de Proteção de Dados ("LGPD")
- Canada — Personal Information Protection and Electronic Documents Act ("PIPEDA")
- Australia — Privacy Act 1988 and the Australian Privacy Principles
1. Responsible Party
Hypernova One is the responsible party for the processing of your personal information. You can contact our Information Officer at hello@hypernovaone.com.
2. Information We Collect
- Contact details you submit through our chat or contact form (name, email, project brief, region, company).
- Payment details processed via our payment provider (Paystack). We do not store full card data.
- Technical data such as IP address, browser type, and pages visited (via essential and optional analytics cookies).
3. Why We Process It (Lawful Basis)
- To respond to your enquiry and prepare a custom proposal — based on your consent and steps to enter into a contract.
- To process payments and deliver services — performance of a contract.
- To improve our website and services — our legitimate interest, balanced against your rights.
- To comply with legal obligations.
4. Cookies
We use a small number of essential cookies to keep the site working and, with your consent, optional analytics cookies. You can change your choice at any time by clearing your browser storage for this site.
5. Sharing Your Information & Sub-Processors
We share personal information only with vetted operators ("sub-processors") that help us run the business under written data processing agreements requiring confidentiality, security and processing strictly on our instructions. We do not sell or rent your personal information.
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase (Lovable Cloud) | Database, authentication, file storage | EU / US |
| Cloudflare | Edge delivery, DDoS protection, DNS | Global |
| Google (Gemini via Lovable AI Gateway) | AI assistant inference | US |
| Resend | Transactional and notification emails | US / EU |
| Paystack | Payment processing | South Africa / EU |
We will update this list when sub-processors change. Material changes will be highlighted at the top of this page.
6. Cross-Border Transfer
Some of our service providers may process your information outside South Africa. Where this happens, we ensure they offer a level of protection substantially similar to POPIA, as required by section 72.
7. Retention
We keep personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Lead and chat data is retained for up to 24 months unless you request deletion sooner.
8. Security Safeguards
We apply appropriate technical and organisational safeguards to protect your personal information against loss, unauthorised access, alteration or disclosure, as required by section 19 of POPIA. These include encryption in transit (HTTPS) and at rest, server-side access controls, row-level database security, rate limiting, prompt-injection defences on our AI assistant, and audit logging of abuse attempts.
No method of transmission or storage is completely secure. While we continuously review and improve our safeguards, we cannot warrant absolute security. Please submit only the information necessary for us to respond to your enquiry, and avoid sharing payment card numbers, passwords, identity numbers or other highly sensitive data through the chat or contact form.
If we ever become aware of a security compromise affecting your personal information, we will notify you and the Information Regulator as required by section 22 of POPIA.
9. AI Assistant ("Nova")
Our website includes an AI concierge ("Nova") that helps qualify enquiries. Conversations are stored to provide and improve the service and to follow up on your project. Nova is restricted to discussing Hypernova One's services and your potential engagement; it does not provide legal, financial, medical or other professional advice, and responses may occasionally be inaccurate. Do not rely on chatbot responses for material decisions until they are confirmed in writing by a member of our team.
10. Your Rights Under POPIA
You have the right to:
- Be notified that your information is being collected.
- Access the personal information we hold about you.
- Request correction or deletion of inaccurate or outdated information.
- Object to processing or withdraw consent at any time.
- Lodge a complaint with the Information Regulator of South Africa.
To exercise any of these rights, email hello@hypernovaone.com.
11. The Information Regulator
Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@justice.gov.za
Website: inforegulator.org.za
12. EU & UK Residents (GDPR / UK GDPR)
If you are located in the European Economic Area, the United Kingdom or Switzerland, the GDPR (and UK GDPR) applies to our processing of your personal data. The lawful bases we rely on are: (a) your consent (Art. 6(1)(a)) for optional analytics and marketing; (b) steps prior to entering a contract at your request (Art. 6(1)(b)) when handling your enquiry; (c) performance of a contract (Art. 6(1)(b)) when delivering paid services; and (d) our legitimate interests (Art. 6(1)(f)) in operating, securing and improving our website, balanced against your rights.
In addition to the rights listed in section 10, you have the right to data portability (Art. 20), the right to object to processing (Art. 21), the right not to be subject to solely automated decision-making with legal effect (Art. 22), and the right to lodge a complaint with your local supervisory authority (e.g. the UK ICO at ico.org.uk, or your national EU data protection authority).
We do not currently maintain an EU/UK representative under Art. 27 as we do not systematically target or monitor data subjects in the EU/UK. If this changes, this policy will be updated. International transfers outside the EEA/UK rely on Standard Contractual Clauses or equivalent safeguards approved by the European Commission and the UK ICO.
EU/UK Representative (GDPR Art. 27): Hypernova One does not currently target the offering of goods or services to data subjects in the EU/UK, nor monitor their behaviour within the EU/UK, and is therefore not required to appoint an Article 27 representative. Should this change, we will appoint one and update this policy. EU/UK residents may contact our Information Officer directly at hello@hypernovaone.com.
13. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the CCPA/CPRA, including: the right to know the categories and specific pieces of personal information we collect; the right to delete personal information; the right to correct inaccurate personal information; the right to opt-out of "sale" or "sharing" of personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising these rights.
We do not sell your personal information for money, and we do not "share" personal information for cross-context behavioural advertising as those terms are defined under the CPRA. To exercise any California right, or to submit a verifiable consumer request, email hello@hypernovaone.com with the subject "California Privacy Request". Authorised agents may submit requests with written proof of authorisation.
14. Brazil Residents (LGPD)
If you are in Brazil, the LGPD applies. You have the rights set out in Article 18, including confirmation of processing, access, correction, anonymisation, blocking or deletion of unnecessary data, portability, information about sharing, and revocation of consent. You may contact our data protection contact at hello@hypernovaone.com or lodge a complaint with the ANPD ( gov.br/anpd).
15. Canada Residents (PIPEDA)
If you are in Canada, our processing complies with PIPEDA's ten fair information principles. You may access or challenge the accuracy of your personal information, withdraw consent, and lodge a complaint with the Office of the Privacy Commissioner of Canada ( priv.gc.ca).
16. Australia Residents (Privacy Act & APPs)
If you are in Australia, the Australian Privacy Principles apply. You may request access to or correction of your personal information and may complain to the Office of the Australian Information Commissioner ( oaic.gov.au) if you believe we have breached the APPs.
17. Children
Our website is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
18. Automated Decision-Making
We do not use your personal information for automated decision-making that produces legal or similarly significant effects. Our AI assistant ("Nova") generates conversational responses but does not make automated decisions about you.
19. How to Submit a Data Subject Request (DSAR)
Regardless of where you live, you can exercise the rights described above by emailing hello@hypernovaone.com with the subject line "Data Subject Request" and including:
- The right you wish to exercise (access, deletion, correction, portability, objection, opt-out, etc.)
- The email address(es) you have used with us, so we can locate your data
- Sufficient information for us to verify your identity (we may request additional verification to prevent fraudulent requests)
- Your country/region of residence so we can apply the correct legal framework
We will acknowledge within 7 days and respond substantively within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA, extendable once with notice). There is no fee unless your request is manifestly unfounded or excessive. Authorised agents may submit requests on your behalf with written proof.
20. Security Vulnerability Disclosure
If you discover a potential security vulnerability affecting our site, AI assistant, or any system processing personal information, please report it responsibly to hello@hypernovaone.com or via the contact specified in our security.txt. We will not pursue legal action against good-faith researchers who comply with our responsible disclosure terms.
21. Updates
We may update this policy from time to time. The latest version will always be available on this page. Material changes will be highlighted.