Hylē← Home

Privacy Policy

Last updated: 2026-04-13

1. Information We Collect

We collect the following types of information when you use Hylē:

  • Account information: Your email address and display name when you register via email or Google OAuth.
  • Research content: Questions, topics, and parameters you submit for analysis. These are stored to display your results and history.
  • Usage data: Pages visited, features used, and session duration — collected to improve the service.
  • Payment information: Billing is processed by Lemon Squeezy. We do not store your credit card details. We receive transaction confirmations and subscription status.
  • Technical data: IP address, browser type, and device information collected automatically via server logs.

2. How We Use Your Information

  • Delivering AI-powered research and simulation results in response to your queries.
  • Maintaining your account, order history, and subscription status.
  • Improving the accuracy and quality of our AI models and platform.
  • Sending transactional emails (order confirmations, receipts, account notifications). We do not send marketing emails without your explicit consent.
  • Detecting and preventing fraud, abuse, and violations of our Terms of Service.

3. Data Storage & Security

Your data is stored and processed using the following infrastructure:

  • Database & authentication: Supabase (hosted on AWS ap-northeast-2, Seoul). Protected by row-level security policies.
  • Application hosting: Vercel (global CDN with TLS encryption in transit).
  • AI computation: Research queries are processed on our private VPS infrastructure. Query content is not shared with third-party AI providers without your knowledge.
  • We use industry-standard encryption (TLS 1.2+) for all data in transit. Passwords are never stored in plain text.

4. Third-Party Services

We use the following third-party services that may interact with your data:

  • Supabase — Database and authentication. Privacy Policy
  • Vercel — Application hosting and CDN. Privacy Policy
  • Lemon Squeezy — Payment processing (merchant of record). Privacy Policy
  • Google OAuth — Optional sign-in method. Google's privacy policy governs data shared during the OAuth flow.

5. Data Retention

  • Account data: Retained until you request account deletion.
  • Research sessions (free accounts): Retained for 90 days from creation.
  • Research sessions (paid accounts): Retained for 2 years, or until account deletion.
  • Payment records: Retained for 7 years as required by applicable accounting and tax regulations.

6. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Ask us to correct inaccurate information.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your research history in a machine-readable format.

To exercise any of these rights, email us at support@hyle.ai. We respond within 30 days.

7. Cookies

We use session cookies only — necessary for authentication and maintaining your signed-in state. We do not use tracking cookies, advertising cookies, or analytics cookies.

8. Children's Privacy

Hylē is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 14 days before they take effect. Continued use of Hylē after that date constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or to exercise your data rights, contact us at:

Hylē / Refresh AI Lab

Email: support@hyle.ai