Hyperion Finance, Inc. ("Hyperion", "we", or "our") operates the platform available at hyperion.finance ("Platform") and related services. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Services.
By using the Services, you acknowledge that you have read and understood this Policy. If you do not agree, do not use the Services.
When you connect third-party accounts (for example, point-of-sale systems such as Clover or Shopify; bank accounts; government agency portals), we receive data from those integrations to the extent you authorize. This may include sales data, transactions, inventory, and agency responses or filings.
When we use commercial verification (KYB) services to confirm the existence and regulatory standing of Businesses that use the Platform, such services may collect and return data about the entity, its registration, and its good standing. If we engage a KYB provider in the future, we will disclose it on the Sub-Processors list.
We use your information to:
Hyperion uses robotic process automation (RPA) to execute repeatable tasks on government and third-party portals. These processes are deterministic: they execute predefined steps without issuing discretionary judgments that directly affect your rights.
Additionally, we may use artificial intelligence technologies (including providers such as OpenAI and Mindee) for auxiliary tasks such as document information extraction (OCR), classification, categorization suggestions, or user assistance. Hyperion does not use AI to make automated decisions that produce legal effects on you; actions requiring judgment (for example, final validation of a filing) are subject to human control and review or deterministic procedure.
To the extent we expand the use of AI, we will update this Policy and, when applicable, provide additional disclosures and control mechanisms. Some documents you upload may be processed by AI providers based in the United States.
To automate filings, Hyperion uses its own commercial accounts on the relevant agency portals (SURI, COFIM, municipal procedures, etc.). When you authorize us, you grant Hyperion delegated access to your agency account through the mechanism the agency itself provides.
Hyperion does not store credentials (username/password) for your government agency accounts for recurring use outside of authorized automation sessions. The sensitive data we use in these processes (for example, bank routing and account numbers to remit tax payments) are those received through Stripe Connect under your authorization.
We share personal information with providers that help us operate the Platform, under contractual obligations of confidentiality and security. An updated list of sub-processors is available at /en/legal/sub-processors.
As the core of the Service, we submit information to government agencies on your behalf, as you authorize.
Stripe processes payments and receives the information necessary for that purpose, under its own terms and privacy policy.
We may disclose information when required by law, court order, subpoena, or legitimate government request, or when we believe in good faith that disclosure is necessary to prevent harm, fraud, or rights violations.
In the event of a merger, acquisition, asset sale, financing, or corporate reorganization, information may be transferred to the acquirer or successor, subject to this Policy.
In any other circumstance, with your consent.
We use cookies and similar technologies to: operate the Platform (strictly necessary cookies); remember user preferences; measure site usage and improve our Services; and conduct targeted marketing and advertising attribution.
Third-party services we use include:
You can manage cookies through your browser settings. Note that disabling certain cookies may affect Platform functionality.
We will send you essential communications related to your Account and filings (legal notices, security alerts, filing confirmations) by email and, when appropriate, through other channels you have enabled.
For WhatsApp or SMS communications, you may enable or opt out within the Business settings on the Platform. Sending "STOP" will disable non-essential communications on those channels; "HELP" will return contact information.
Some of our sub-processors process data outside of Puerto Rico, including in the continental United States, the European Union, and other jurisdictions. When we transfer personal data outside your jurisdiction of residence, we do so based on recognized legal frameworks and through contractual commitments that protect your information.
We implement reasonable technical and organizational measures to protect personal information, including encryption in transit (TLS), encryption at rest, role-based access controls, environment segregation, monitoring, and auditing. No system is perfectly secure; you acknowledge that internet transmission carries inherent risks.
We retain personal information while your Account is active and for the time necessary to (a) provide the Services; (b) comply with legal and tax obligations (including record-retention periods under federal and Puerto Rico law, typically 6–7 years for tax records); (c) resolve disputes; and (d) enforce our agreements. When the data is no longer necessary, we will delete or anonymize it.
Subject to applicable laws, you have the right to: access the personal information we hold about you; request correction of inaccurate information; request deletion, subject to legal retention obligations; object to or limit certain processing; data portability for certain data; and withdraw consents when processing is based on consent.
To exercise these rights, contact us using the data in the contact section of this site. We will verify your identity before processing your request and respond within the timeframes required by applicable law.
The Services are not directed to persons under 18 years of age. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete the information.
We may update this Policy periodically. We will publish the updated version on the Platform with a new effective date, and, where appropriate, notify the Administrator by email. Continued use after the effective date constitutes acceptance of the updated version.
