HypeHyenaBack to home
Home

Privacy Policy

Effective date: April 19, 2026

1. Data Controller

The data controller for your personal data is Edbo Apps (Pty) Ltd, a company registered in South Africa.

2. Data We Collect

Information you provide:

  • Account data: Name, email address, country, phone number (optional), chosen app mode (Earner or Creator).
  • Profile data: Display name, profile photo (if provided via social login), region and city (optional, for local Arena ranking).
  • Campaign content: Brand names, headlines, descriptions, images, videos, taglines, business category, opening hours, price range, gallery images, social handles, physical address, and external action links submitted by Creators. When you paste a URL into LaunchPad, our AI agent extracts public-facing fields from that page to pre-fill your draft — you remain in control and can edit or remove anything before launching.
  • Cookie preferences: Your consent choices for the analytics and marketing cookie categories.

Information collected automatically:

  • Device identifiers: We generate a device fingerprint for fraud detection and multi-account prevention, derived from your browser and device attributes.
  • IP address: We process your IP address in hashed form for rate limiting and geographic validation. We do not store raw IP addresses.
  • Approximate location: We may detect your country (and, in the future, region or city) from your IP address to surface campaigns near you first in the Arena feed. You can override this any time in Settings → Your locationby selecting a country manually or clearing the value entirely. We never share your location with other users or with creators. We do not store precise GPS coordinates unless you explicitly grant permission via your browser's geolocation prompt (a future opt-in feature).
  • Usage data: Pages visited, actions taken, campaigns shared, view counts, conversion attribution, last-active timestamps, daily share activity, mission completion, mode-switch events, and session information.
  • Error data: Crash reports and performance metrics for service improvement (collected only with your consent — see Cookies section below).
  • Analytics: Aggregated, anonymized usage patterns for service improvement (collected only with your consent — see Cookies section below).

Information from third parties:

  • Social login: Name, email, and profile photo when you sign in with a third-party provider.
  • Payment processor: Payment confirmation and subscription status. We do not receive or store credit card numbers.

3. How We Use Your Data

PurposeData UsedLegal Basis (GDPR)
Account creation and managementName, email, countryContract
Campaign participation and prizesAccount data, activity dataContract
Fraud detection and preventionDevice fingerprint, hashed IP, usage patternsLegitimate interest
Payment processingHandled by our payment processorContract
Prize deliveryName, email, countryContract
Content moderationCampaign text and imagesLegitimate interest
Service improvementUsage data, error logsLegitimate interest
Communications (transactional)Email addressContract

4. Cookies and Tracking

We organise cookies into three categories. The full list of cookies we set, their durations, and which third parties (if any) provide them lives on our dedicated Cookie Policy page. You can change your preferences any time using the "Cookie preferences" link in the site footer.

Essential (always on — required for the app to work):

  • Authentication session: Keeps you signed in.
  • Security + bot protection: Challenge tokens issued by our bot-protection provider on auth surfaces.
  • Referral attribution: Stores the referral code that brought you in (30-day expiry).
  • Earner attribution: Per-campaign cookie set when you click a shared campaign link, so the right earner gets credit if you convert (30-day expiry).
  • Cookie preference record:Remembers what you selected so the banner doesn't reappear (12-month expiry).

Analytics (off by default — explicit opt-in required):

  • Aggregate page-view counts and Core Web Vitals so we can see what's slow and which features are used. No advertising, no profiling, no cross-site tracking.
  • Crash reports + performance traces so we can fix bugs faster. Collected anonymously, no personal data.

Marketing (off by default — none in use today):

We don't currently use marketing cookies, advertising pixels, or remarketing trackers. The category is reserved for future personalisation features and stays off until you explicitly opt in.

How we honour your choices:

  • Analytics + marketing cookies are not loaded until you opt in. Rejecting them does not affect your ability to use the app.
  • We honour Global Privacy Control (GPC) — if your browser sends the Sec-GPC: 1 signal, we automatically default to essential-only without showing the banner.
  • We never sell your personal data to any third party.
  • You can revoke consent at any time via the "Cookie preferences" link in the footer; revocation takes effect immediately on the next page load (analytics scripts are unloaded).

5. Third-Party Data Sharing

We share data with trusted service providers solely for the purposes described in this policy, including:

  • Database hosting and authentication
  • Payment processing
  • Digital reward delivery
  • Web hosting and content delivery
  • Security and bot protection
  • Error monitoring and analytics

These providers are bound by contractual obligations to process your data only as instructed and to maintain appropriate security measures.

We do not sell your personal data to any third party.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) where applicable
  • Selecting processors with appropriate security certifications
  • Compliance with POPIA Section 72 (adequate protection requirements)

7. Data Retention

Data TypeRetention Period
Account dataUntil account deletion
Campaign content6 months after campaign completion
Activity logs12 months
Payment records7 years (legal/tax requirement)
Error logs90 days
Device identifiers12 months from last activity

Upon account deletion, your personal data is removed from our systems within 30 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you have the following rights:

All users:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate data via your Settings page.
  • Deletion: Delete your account and data via Settings.
  • Portability: Request your data in a machine-readable format.

EU/UK residents (GDPR):

  • Right to object to processing based on legitimate interest.
  • Right to restrict processing.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with your local Data Protection Authority.

South African residents (POPIA):

  • All rights above, plus the right to lodge a complaint with the Information Regulator of South Africa.

California residents (CCPA/CPRA):

  • Right to know what personal information is collected and how it is used.
  • Right to delete your personal information.
  • Right to opt-out of the sale of personal information — we do not sell your data.
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at support@hypehyena.com. We will respond within 30 days.

9. Children's Privacy

HypeHyena is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a person under 18, we will delete that data and terminate the associated account immediately.

10. Automated Decision-Making

  • Content moderation: Campaign content is reviewed by automated systems. Rejected content can be disputed by the Creator.
  • Fraud detection: Automated analysis is used to detect fraudulent activity. Flagged activity is reviewed before account-level action is taken.
  • Reputation scoring: Your Cred rating is calculated automatically from your performance metrics. This may affect certain platform features but does not result in automatic account termination.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption of data in transit, access controls, and regular security reviews.

12. Retention After Account Deletion

When you delete your account, we remove personally identifying information (name, email, phone number, photo, country, bio, profile link) from your record as soon as the 24-hour cooling-off period elapses and the deletion is committed.

We retain records that cannot legally be deleted, for the minimum period required:

  • Financial and transactional records (campaign purchases, prize deliveries, referral commissions, subscription payments) — retained for 7 years per Companies Act, 2008, section 24.
  • Customer identification and transaction records (FICA requirements) — retained for 5 years.
  • Tax records — retained for the period required by SARS (typically 5 years after the tax year in which the transaction was recorded).
  • Fraud-prevention records (hashed device identifiers, click-validation evidence) — retained as needed to prevent abuse and cannot be linked back to you personally after deletion.
  • Audit trails of administrative and legal actions (account moderation, ban history) — retained so we can evidence our compliance obligations.

These retained records do not contain your name, email, phone number, or other direct identifiers — only pseudonymous system identifiers. POPIA section 14(5)(a) and (b) expressly permit retention where another law requires it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Effective date" at the top of this page indicates the most recent revision.

14. Contact Us

For privacy-related questions or to exercise your data rights: