Privacy Policy

1 Introduction

Welcome to Hyperion.ai, operated by Sumyati Astro Tech LLP ("we", "us", "our", or "the Company"). We are committed to protecting your privacy and ensuring that your personal information is handled responsibly, transparently, and in compliance with applicable data-protection laws.

This Privacy Policy explains how we collect, use, and safeguard the limited personal information you provide when you visit our website https://www.hyperion.co.in/ ("Site") or submit an enquiry or demo-request form. By using our Site you agree to the practices described in this Policy.

2 Information We Collect

2.1 Information You Provide Directly

When you submit a contact or demo-request form — either on our Site or via a LinkedIn Lead Gen Form linked to one of our sponsored campaigns — we collect only the following personal information:

• Full name
• Email address
• LinkedIn profile URL

We do not request or store payment details, phone numbers, postal addresses, or any sensitive personal data through our Site or lead forms.

2.2 Information Collected via Third-Party Marketing Platforms

We use the following platforms for lead generation and conversion measurement. Each platform operates under its own privacy policy:

• LinkedIn Lead Gen Forms – when you respond to a sponsored LinkedIn campaign, LinkedIn shares your name, email address, and LinkedIn profile URL with us as you pre-filled them on LinkedIn. See LinkedIn's Privacy Policy.
• Google Ads Conversion Tracking – we use Google's conversion tag (gtag) to measure actions taken on our Site after clicking a Google Ad (e.g., form submissions). This data is aggregated and does not personally identify you. See Google's Privacy Policy.

2.3 Information Collected Automatically

When you visit our Site, we and our analytics provider automatically collect certain technical information, including:

• IP address and approximate geographic location (country/city level)
• Browser type, version, and operating system
• Pages viewed, time spent, and navigation paths
• Referring URL
• Device type and screen resolution
• Session and analytics cookies (see Section 5)

This technical data is used solely to understand how the Site is used and to improve its performance and content. It is not combined with your form-submission data unless you have explicitly consented.

3 How We Use Your Information

We use the information we collect for the following purposes only:

• To respond to your enquiries and schedule product demonstrations
• To send you information about our products, services, and updates (with your consent where required by applicable law)
• To measure the performance of our LinkedIn and Google Ads campaigns (conversion tracking)
• To analyse website usage and improve our Site's content and user experience
• To comply with legal obligations applicable in the jurisdictions in which we operate
• To detect and address security incidents

4 Sharing of Information

We do not sell your personal information. We may share it only in the following limited circumstances:

4.1 Service Providers & Marketing Partners

We share data with trusted third-party providers who help us operate our Site and conduct our marketing activities, including:

• Email and CRM platforms (to manage and respond to enquiries)
• Cloud hosting and storage providers
• Website analytics providers (e.g., Google Analytics — see Section 6)
• LinkedIn – we receive lead data from LinkedIn Lead Gen Forms subject to LinkedIn's data-processing terms
• Google Ads – we share conversion signals with Google to measure the effectiveness of our paid campaigns (aggregated, non-identifying data)

These providers are contractually required to use your data only as directed by us and in accordance with applicable data-protection laws.

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to a successor entity subject to equivalent privacy protections.

4.3 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or the safety of others.

5 Cookies & Tracking Technologies

Our Site uses the following categories of cookies and tracking technologies:

5.1 Essential Cookies

Required for the Site to function correctly (e.g., session management). These cannot be disabled without affecting core Site functionality.

5.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our Site (pages visited, session duration, device type). Google Analytics data is anonymised before transmission. See Section 6 for details.

5.3 Conversion Tracking Cookies

We use Google's conversion tag (gtag) to measure whether a user who clicked one of our Google Ads subsequently completed an action on our Site (e.g., submitted a form). This uses a cookie set by Google Ads. The data shared with Google is aggregated and does not personally identify you. You can opt out via Google Ad Settings or by installing the Google Analytics Opt-out Browser Add-on.

LinkedIn Lead Gen Forms operate on LinkedIn's own platform and are governed by LinkedIn's Privacy Policy. No LinkedIn tracking cookie is placed on our Site.

5.4 Managing Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing ones, or receive alerts when cookies are set.

For EU and UK residents, we obtain your consent before setting non-essential cookies, as required by the GDPR / UK GDPR and the ePrivacy Directive / PECR.

• Google Analytics opt-out: tools.google.com/dlpage/gaoptout
• Google Ad Settings: adssettings.google.com

6 Analytics & Conversion Tracking

6.1 Google Analytics

We use Google Analytics to collect aggregated, anonymised information about how visitors use our Site. Data collected includes pages visited, session duration, approximate location, browser, and device type. This information helps us improve the Site's content and performance. Google Analytics data is not used to identify individual visitors or for any remarketing purpose. For full details, see Google's Privacy Policy.

6.2 Google Ads Conversion Tracking

We run paid campaigns on Google Ads. When a user clicks one of our ads and subsequently submits a form on our Site, Google's conversion tag records this action to help us understand campaign effectiveness. The conversion data shared with Google is aggregated — it does not include your name, email, or LinkedIn URL. For more information, see Google's Privacy Policy and Google Ad Settings.

6.3 LinkedIn Lead Gen Forms

We run sponsored campaigns on LinkedIn that include Lead Gen Forms. When you engage with one of our LinkedIn ads and submit the pre-filled Lead Gen Form, LinkedIn shares your name, email address, and LinkedIn profile URL with us in accordance with LinkedIn's data-sharing terms. This data is used solely to follow up on your expressed interest in our products. LinkedIn's collection and processing of your data is governed by LinkedIn's Privacy Policy. You can manage your LinkedIn ad preferences at LinkedIn Privacy Settings.

7 Data Retention

We retain your personal information for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required by law:

• Enquiry and contact-form data (name, email, LinkedIn URL) is retained for up to 3 years from the date of collection, or until you request deletion, whichever is sooner.
• Marketing communications data is retained until you unsubscribe or withdraw consent.
• Google Analytics data is retained in accordance with the retention settings configured in our Google Analytics account (typically up to 26 months).

You may request deletion of your personal data at any time by contacting us at contact@hyperion.co.in.

8 Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS/HTTPS), access controls, and regular security reviews.

No method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that materially affects your rights, we will notify you and relevant supervisory authorities as required by applicable law.

9 Children's Privacy

Our Site and services are directed exclusively to business professionals and adults. We do not knowingly collect personal information from anyone under the age of 13 (or under 16 in the EU / UK). If you believe we have inadvertently collected information from a minor, please contact us immediately at contact@hyperion.co.in and we will promptly delete it.

10 EU / EEA Rights (GDPR)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) grants you the following rights:

• Right of Access – request a copy of the personal data we hold about you
• Right to Rectification – request correction of inaccurate or incomplete data
• Right to Erasure – request deletion of your personal data
• Right to Restriction of Processing – request that we limit how we use your data
• Right to Data Portability – receive your data in a structured, machine-readable format
• Right to Object – object to processing based on legitimate interests
• Right to Withdraw Consent – where processing is based on consent, withdraw it at any time without penalty

To exercise any of these rights, contact us at contact@hyperion.co.in. We will respond within 30 days. You also have the right to lodge a complaint with your local data-protection supervisory authority.

11 United Kingdom Rights (UK GDPR)

If you are located in the United Kingdom, the UK GDPR (as retained in UK law by the European Union (Withdrawal) Act 2018) grants you equivalent rights to those listed in Section 10 above. The UK supervisory authority is the Information Commissioner's Office (ICO).

To contact the ICO: ico.org.uk/concerns or call 0303 123 1113.

To exercise your rights, contact us at contact@hyperion.co.in.

12 California Rights (CCPA / CalOPPA)

CCPA – California Consumer Privacy Act

If you are a California resident, the CCPA grants you the following rights:

• Right to Know – request details about the personal information we collect and use
• Right to Delete – request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out of Sale – we do not sell your personal information
• Right to Non-Discrimination – we will not discriminate against you for exercising your CCPA rights
• Right to Correct – request correction of inaccurate personal information

Categories of Personal Information Collected (Past 12 Months)

• Identifiers (name, email address)
• Professional or employment-related information (LinkedIn profile URL)
• Internet or other electronic network activity (anonymised site usage via Google Analytics; aggregated conversion events via Google Ads)
• Commercial information (interest in products/services, expressed via LinkedIn Lead Gen Form submission)

We have not collected sensitive personal information, payment data, or biometric data.

To submit a verifiable consumer request, contact us at contact@hyperion.co.in. We will respond within 45 days (extendable by a further 45 days where reasonably necessary).

CalOPPA – California Online Privacy Protection Act

• Users may visit our Site anonymously.
• This Privacy Policy is linked from our homepage footer.
• We will notify users of material changes by updating the effective date at the top of this page.
• You may request correction or deletion of your personal information by emailing contact@hyperion.co.in.

Do Not Track Signals

Our Site does not currently respond to browser Do Not Track (DNT) signals. You may manage tracking preferences through your browser settings or via the Google Analytics opt-out link in Section 5.

13 India Rights (DPDPA / IT Act)

As a company incorporated in India (Sumyati Astro Tech LLP, registered in Bengaluru, Karnataka), we comply with the Information Technology Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA).

Under these laws, you have the right to:

• Access, correct, and update your personal data we hold
• Withdraw consent for processing of your personal data
• Request erasure of your personal data (subject to legal retention requirements)
• Nominate a representative to exercise rights on your behalf

To exercise these rights, contact us at contact@hyperion.co.in. We will update this Policy as further rules under the DPDPA are notified by the Government of India.

14 Southeast Asia

We serve users across Southeast Asia and are committed to complying with applicable regional data-protection laws, including:

• Singapore – Personal Data Protection Act (PDPA) 2012
• Thailand – Personal Data Protection Act B.E. 2562 (PDPA 2019)
• Malaysia – Personal Data Protection Act 2010
• Philippines – Data Privacy Act 2012 (Republic Act No. 10173)
• Indonesia – Personal Data Protection Law (UU PDP) 2022

Under these laws you have rights broadly consistent with those described in Section 10, including rights to access, correct, and request deletion of your personal data. To exercise any of these rights, please contact us at contact@hyperion.co.in.

15 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Effective Date" at the top of this page. We encourage you to review this Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated Policy.

16 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: