Hyperborea

Privacy Policy

Last updated: March 10, 2026

Hyperborea is a product of Nettarion LLC (“we,” “us,” “our”). This privacy policy describes how we collect, use, and protect your information when you use hyperborea.dev and the Hyperborea Android application. This policy should be read alongside our Terms of Service.

1. Information We Collect

Information You Provide

  • Account information: email address and authentication data. Authentication is handled by our third-party provider, Clerk. We do not store passwords. If you sign in with Google or Apple, we receive your email address and basic profile information from those providers.
  • Payment information: your payment information is submitted directly to Stripe and is not stored on our servers. We retain Stripe identifiers necessary to manage your subscription.
  • Support bundles (optional, user-initiated): device identifier, app version, app logs, system logs, and diagnostic information. Submitted only when you choose to send a support request from within the app.

Information Generated Through Use

  • Device information: a device UUID and authentication token, generated when you link a device to your account.
  • Pairing data: a pairing token, six-digit pairing code, and pairing status. Pairing requests expire after 10 minutes.
  • Rate limiting: timestamps of pairing attempts and support bundle submissions to prevent abuse.

2. How We Use Your Information

  • Account management and authentication
  • Device licensing and subscription verification
  • Payment processing via Stripe
  • Troubleshooting support issues (when you submit a support bundle)
  • Security measures including rate limiting and abuse detection

3. How We Store and Protect Your Information

We implement commercially reasonable security measures to protect your information, including:

  • Authentication is handled by Clerk, a dedicated identity provider
  • Data is encrypted in transit using TLS
  • Device authentication uses cryptographically random tokens
  • Payment processing is handled entirely by Stripe
  • No security measure is 100% effective, and we cannot guarantee absolute security

4. Data Retention

  • Account data: retained for the life of your account and deleted upon account deletion
  • Device links: retained until you unlink the device or delete your account
  • Pairing requests: expire and are removed promptly
  • Rate limiting records: rate limiting for authentication is handled by Clerk. Pairing attempt records are retained for 24 hours, then deleted.
  • Support bundles: retained only as long as reasonably needed to resolve your issue, then deleted, unless retention is required for legal or regulatory purposes
  • Subscription data: retained for the life of your account, then deleted. Stripe retains its own records per its privacy policy.

Deletion of data may not be immediate — residual copies may persist in backups or logs for a limited period before being overwritten in the normal course of operations. We may also retain data as required by law or as necessary to protect our legitimate interests.

5. Data Sharing

We may share your information with the following categories of parties:

  • Authentication provider: we use Clerk for authentication and user management, which processes your email address, authentication credentials, and sign-in activity
  • Payment processors: we use Stripe for payment processing, which receives your email address and payment information
  • Infrastructure providers: we use Convex and other service providers to host and operate the service
  • Law enforcement: if required by law, subpoena, or other legal process

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: request a copy of the data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and associated data

To exercise any of these rights, contact support@hyperborea.dev.

EU/EEA/UK Residents (GDPR)

  • Legal basis for processing: contract performance (account management and licensing), legitimate interest (security and abuse prevention), and consent (support bundle submission)
  • Right to object to processing based on legitimate interest
  • Right to data portability — request your data in a machine-readable format
  • Right to lodge a complaint with your supervisory authority

7. International Data Transfers

The service is operated in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. For EU/EEA/UK residents, we rely on the European Commission’s Standard Contractual Clauses (Module Two) as the legal mechanism for international data transfers. Our data processor’s Data Processing Agreement incorporates these clauses pursuant to Commission Implementing Decision (EU) 2021/914.

8. Children’s Privacy

We do not knowingly collect personal information from children under the age of 16. If we discover that we have collected information from a child under 16, we will delete it promptly.

9. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by updating the date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or wish to exercise your data rights, contact us at support@hyperborea.dev.