Privacy Policy

Effective Date: March 20, 2026

This Privacy Policy describes how Hyax ("we," "us," or "our") collects, uses, and shares information when you use our platform at hyax.com (the "Service"). By using Hyax, you agree to the practices described below.

1. Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and avatar. You may also sign in using Google or GitHub, in which case we receive basic profile information from those providers.
  • Team & Business Information: If you create a team or workspace, we collect the team name, username, custom domain, and related settings.
  • Payment Information: We use Stripe to process payments. When you connect your Stripe account or make a purchase, Stripe collects your payment details directly. We store your Stripe account and customer identifiers but never your full card numbers.
  • Content You Create: Posts, pages, courses, products, email campaigns, community threads, and any other content you publish through the platform.
  • Communications: Email addresses and contact information for people you add to your audience, including tags, custom fields, and subscriber preferences.

Information Collected Automatically

  • Analytics & Tracking: We collect page views, visitor identifiers (cookie-based), IP addresses, user agents, referrer URLs, UTM parameters, and country-level geolocation to power your analytics dashboard.
  • Device & Browser Data: Browser type, operating system, screen resolution, and language preferences.
  • Usage Data: Features used, pages visited within the dashboard, and interaction patterns to improve the Service.

Information from Third Parties

  • OAuth Providers: If you sign in with Google or GitHub, we receive your name, email, and profile picture.
  • Stripe: Transaction status, payment confirmations, and subscription details related to your purchases or payouts.

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related notifications (order confirmations, receipts).
  • Deliver email campaigns, sequences, and transactional emails on your behalf.
  • Generate analytics, attribution reports, and content revenue insights for your dashboard.
  • Authenticate your identity and secure your account.
  • Respond to support requests and communicate about the Service.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

  • Service Providers: We use third-party services to operate the platform, including Stripe (payments), AWS SES and Resend (email delivery), and Bunny CDN (file storage). These providers access data only as necessary to perform their services.
  • Analytics Integrations: If you enable Google Analytics, Google Tag Manager, Meta Pixel, or other third-party analytics tools, data may be shared with those providers according to their own privacy policies.
  • Your Audience: Information you publish (blog posts, courses, products, community content) is visible to your audience as configured by you.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Analytics data (page views, visitor records) is retained for up to 24 months and then automatically purged.

5. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Opt out of marketing communications at any time by unsubscribing from emails.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at [email protected].

6. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and authentication state.
  • Assign visitor identifiers for analytics.
  • Remember your preferences and settings.

The Hyax tracking script (hyax.js) uses a first-party cookie to identify returning visitors on sites that embed it. You can manage cookie preferences through your browser settings.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), secure session management, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]