Hyperdope Privacy Policy
Effective Date: November 25, 2025
Last Updated: November 25, 2025
TL;DR: We collect very little data. No user accounts, no tracking cookies, no data sales, no surveillance. You control your own access tokens in your browser.
1. Introduction
Hyperdope LLC ("we", "us", "our") operates hyperdope.com (the "Service"). This Privacy Policy explains how we collect, use, and protect your information.
2. Information We Collect
2.1 No User Accounts
We do not require user accounts. We do not collect or store:
- Names, emails, or contact information
- Passwords or credentials
- Payment details (credit cards, bank accounts)
- Personal identifiable information (PII)
Watch history: We do NOT permanently store your viewing history on our servers. See section 2.2 below for how watch history works.
2.2 Master Token (Stored Locally in Your Browser)
Your browser stores a cryptographic "master token" in local storage that contains your personalization data:
- Videos you've unlocked: 24-hour and lifetime access tokens
- Tips you've sent: Records of content you've supported
- Recent watch history: Up to 20 recently watched videos
How this works:
- Token is created and stored entirely in YOUR browser (not on our servers)
- You control whether to share it with us for personalized recommendations
- When you request personalized homepage or sidebar videos, your browser sends this token
- We process it temporarily to suggest relevant videos based on your interests
- We do NOT permanently store your watch history or build user profiles
We cannot:
- Access your token unless you send it to us
- Recover lost tokens (no "forgot password" - you control the data)
- Track you across devices (token is local to each browser)
- Build permanent server-side user profiles
You control your data: Clearing your browser data deletes your token permanently. You can also export/import your token to back it up or transfer to another device.
2.3 Server Logs (Temporary)
Our web server automatically logs minimal technical information for security and operational purposes:
- IP addresses (for security, abuse prevention, and DDoS protection)
- Timestamps (when requests were made)
- Requested URLs (which pages/videos were accessed)
- User agent strings (browser and device type)
- HTTP status codes (success, errors, etc.)
Retention: Server logs are automatically deleted after 30 days. We do not retain logs longer than necessary for technical operations.
2.4 Bitcoin/Lightning Payments
Payments are processed through BTCPay Server, our self-hosted Bitcoin/Lightning payment processor.
We see:
- Lightning invoice amounts (in satoshis)
- Payment confirmation status (paid/unpaid)
- Timestamp of payment
We do NOT see:
- Your Lightning wallet address or node identity
- Your payment history beyond our platform
- Any personal information from your wallet
- Your name, email, or identity
Privacy note: Bitcoin blockchain transactions (on-chain payments) are pseudonymous but publicly visible on the blockchain. Lightning Network payments are private and not recorded on the blockchain.
2.5 Creator Information (Future Feature)
When we implement creator revenue sharing:
- Creators who claim their accounts will provide a Lightning address for payments
- We will store creator Lightning addresses securely
- We track which content belongs to which creator (for revenue attribution)
- Creator contact information is optional and never shared publicly
3. How We Use Information
We use collected information solely for:
- Service delivery: Serving video content, processing unlock/tip payments
- Personalization: Temporarily processing your master token (when you send it) to generate video recommendations
- Security: Preventing abuse, DDoS attacks, and unauthorized access
- Technical operations: Debugging errors, optimizing performance, maintaining infrastructure
- Future payments: Distributing revenue to creators (when implemented)
Important distinction - Temporary vs Permanent Processing:
- Temporary: Your master token data (watch history, unlocks, tips) is processed in memory when you request recommendations, then discarded
- Permanent: We only permanently store server logs (30 days), payment confirmations, and video metadata
- No user profiles: We do not build or maintain permanent databases of user behavior
We do NOT use information for:
- Advertising or marketing
- Tracking or profiling users
- Building user behavior models
- Selling or sharing data with third parties
- Analytics or surveillance
4. Cookies and Tracking
4.1 Essential Cookies Only
We use minimal cookies required for technical functionality:
- Access token delivery (iOS/Safari compatibility - temporary session cookies)
- DDoS protection (if enabled - security cookies from Cloudflare or similar)
4.2 No Tracking
We do NOT use:
- Advertising cookies
- Analytics cookies (no Google Analytics, no tracking scripts)
- Social media cookies or pixels
- Third-party tracking or fingerprinting
- Cross-site tracking
4.3 Third-Party Embeds
We do not embed third-party tracking scripts, analytics platforms, advertising networks, or social media widgets.
5. Data Sharing
5.1 We Do Not Sell Data
We do NOT sell, rent, trade, or share your data with third parties for marketing or advertising purposes.
5.2 Legal Compliance
We may disclose information if required by law, such as:
- Valid subpoenas or court orders
- DMCA takedown requests (for content identification only)
- Law enforcement requests (where legally required)
We will resist overly broad or unjust requests and will notify users when legally permitted.
5.3 Creator Payments (Future)
When creator revenue sharing is implemented, we will share:
- Payment amounts with creators (for their own content only)
- Aggregated revenue statistics (no user-level data)
We will NOT share user identities, viewing histories, or personal information with creators.
6. Data Security
We implement reasonable security measures to protect the Service and your data:
- HTTPS/TLS encryption for all connections
- Secure server configuration and hardening
- Regular security updates and patches
- Self-hosted infrastructure (no third-party cloud dependencies for core functions)
- Access tokens cryptographically signed (HMAC-SHA256)
- Minimal data retention (30-day log expiration)
However, no system is perfectly secure. You use the Service at your own risk. We recommend:
- Using a secure browser and keeping it updated
- Protecting your device with a password/PIN
- Being cautious on public WiFi networks
- Backing up your access tokens if you value them (export browser data)
7. Your Rights and Control
7.1 Access and Control
Since we don't store personal data or user accounts, there's minimal data to access or control.
- Access tokens: Stored in your browser. View via browser DevTools or export browser data.
- Server logs: Automatically deleted after 30 days. Contact us if you need information before deletion.
- Payments: Bitcoin/Lightning transactions are recorded on the network (not by us).
7.2 Data Deletion
To delete your data:
- Access tokens: Clear your browser's local storage or cache
- Server logs: Stop using the Service; logs auto-delete after 30 days
- Payment records: Bitcoin/Lightning transactions are immutable (blockchain/Lightning Network property)
7.3 GDPR and Privacy Rights (EU/EEA Users)
If you're in the European Union or European Economic Area, you have rights under GDPR:
- Right to access: We have minimal data to access (see section 7.1)
- Right to deletion: Clear browser data; server logs auto-delete in 30 days
- Right to object: Stop using the Service to prevent further data collection
- Right to data portability: Export your browser's local storage to access tokens
- Right to lodge a complaint: Contact your local data protection authority
Contact us at hello@hyperdope.com for GDPR-related requests.
7.4 California Privacy Rights (CCPA)
If you're a California resident, you have rights under CCPA:
- We do not sell personal information (and collect very little to begin with)
- You have the right to know what data we collect (see section 2)
- You have the right to delete data (see section 7.2)
8. Children's Privacy
The Service is not directed at children under 13 years old. We do not knowingly collect information from children under 13.
If you believe a child under 13 has used the Service or purchased access tokens, please contact us at hello@hyperdope.com and we will investigate.
9. International Users
The Service is operated from the United States. If you access the Service from outside the U.S., your information (minimal server logs) may be transferred to, stored in, and processed in the United States.
By using the Service, you consent to the transfer of information to the U.S., which may have different data protection laws than your country.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our practices (e.g., implementing creator revenue sharing)
- Legal or regulatory requirements
- Improvements to the Service
Changes will be posted on this page with an updated "Last Updated" date. Material changes will be announced on the homepage.
Continued use of the Service after changes constitutes acceptance of the new Privacy Policy.
11. Contact Us
For privacy questions, requests, or concerns:
Email: hello@hyperdope.com
Mailing Address:
Hyperdope LLC
30 N Gould St Ste N
Sheridan, WY 82801
© 2025 Hyperdope LLC. All rights reserved.