Legal

Privacy Policy

Effective Date: February 21, 2026
Last Updated: February 21, 2026
Policy Version: 2.0

Effective Date: February 21, 2026 Last Updated: February 21, 2026 Product: Hyperdrive, a native macOS email client Developer: Hyperdrive One LLC Policy Version: 2.0

This Privacy Policy explains in detail how Hyperdrive One LLC ("we," "us," "our," or "Hyperdrive") collects, uses, stores, shares, discloses, retains, and protects information when you ("you," "your," or "user") use the Hyperdrive macOS application ("Hyperdrive" or "the app"), related server-side services operated by Hyperdrive, and associated websites, APIs, and web-based features (collectively, "the Service").

By downloading, installing, accessing, or using Hyperdrive, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must discontinue use of the Service.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

Scope and Applicability
Definitions
Summary of Data Collection Practices
Information You Provide Directly
Information Hyperdrive Collects Automatically — Local Storage
Information Collected and Stored on Hyperdrive Servers
How Hyperdrive Uses Information
Legal Bases for Processing
Third-Party Services and Data Sharing
Artificial Intelligence and Machine Learning Features
Email Tracking and Recipient Data
Automated Decision-Making and Profiling
Local-Only Processing
Hardware Identifiers, Device Fingerprinting, and Licensing
Notifications
Data Retention
Data Deletion, Export, and Account Controls
Security Measures
International Data Transfers
Your Rights Under the General Data Protection Regulation (GDPR)
Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)
Do Not Track Signals
Children's Privacy
Information We Do Not Collect
Your Responsibilities
Server-Side Deferred Actions and Expanded Trust Boundary
Changes to This Privacy Policy
Contact Information

1. Scope and Applicability

This Privacy Policy applies to:

The Hyperdrive macOS desktop application, including all features, modules, and functionality delivered through the application binary.
Server-side services operated by Hyperdrive that support the application, hosted at app.hyperdriveone.com.
Web-based scheduling pages served from app.hyperdriveone.com that allow third parties to book meetings with Hyperdrive users.
Any features within Hyperdrive that connect to or exchange data with third-party services, including but not limited to Google (Gmail and Calendar APIs), Slack, OpenAI, Gravatar, Unsplash, Stripe, and Cloudflare.

This Privacy Policy does not apply to:

Third-party products, services, websites, or applications that you connect to or access through Hyperdrive. Those third parties maintain their own privacy policies and practices, and Hyperdrive is not responsible for their data handling.
Email content or communications created, sent, or received by you through third-party email providers such as Google Gmail. The handling of such content by those providers is governed by their respective privacy policies.
Any custom AI endpoint you choose to configure under the Custom AI tier. If you provide your own API key and optional endpoint URL, data transmitted to that endpoint is governed by the privacy practices of the endpoint operator, and you assume full responsibility for evaluating its privacy and security posture.

2. Definitions

For purposes of this Privacy Policy, the following terms have the meanings set forth below:

Account means any email account, Slack workspace, or other service credential you connect to Hyperdrive, such as a Google account for Gmail access or a Slack workspace for Slack integration.
Content means the text, headers, subject lines, body content, attachments, metadata, timestamps, labels, and other information contained in emails, Slack messages, calendar events, drafts, or scheduled messages that are processed by Hyperdrive.
Device Identifier means a persistent or semi-persistent identifier associated with your hardware, including but not limited to the macOS platform UUID derived from IOKit (IOPlatformExpertDevice / kIOPlatformUUIDKey), used for licensing activation and device limit enforcement.
Local Storage means data stored on your Mac, including data stored in the macOS Keychain, SQLite databases within ~/Library/Application Support/Hyperdrive/, UserDefaults preferences at ~/Library/Preferences/com.hyperdrive.app.plist, and cache files at ~/Library/Caches/Hyperdrive/.
Server-Side Storage means data stored on Hyperdrive infrastructure, which currently consists of Cloudflare Workers for compute and Cloudflare D1 (managed SQLite at edge) for persistent storage.
Personal Information or Personal Data means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person. This includes, without limitation, email addresses, names, IP addresses, device identifiers, OAuth tokens, and email content.
Tracking means email open tracking and link click tracking performed by injecting a one-pixel transparent image (tracking pixel) and wrapping outbound hyperlinks through a redirect endpoint in outgoing emails sent by the user.
Processing means any operation performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
Proxy or Server Proxy means the Hyperdrive server infrastructure that acts as an intermediary between the Hyperdrive client application and a third-party API (such as OpenAI), allowing Hyperdrive to inject API credentials, meter usage, and route requests without exposing third-party API keys to the client application.
Split or Inbox Split means a categorized view of the inbox (such as Important, Team, Newsletters, Transactions, Calendar, or Other) that organizes emails based on automated classification rules and heuristics.

3. Summary of Data Collection Practices

Hyperdrive is an email client that necessarily processes sensitive personal communications data. The scope of data collection is broad because providing full-featured email client functionality, AI-assisted productivity features, licensing enforcement, and cross-service integrations requires access to and processing of personal information.

The following is a high-level summary of the categories of information Hyperdrive collects and processes. Each category is described in full detail in subsequent sections of this Privacy Policy.

Category	Stored Locally	Stored on Server	Shared with Third Parties
Email content, metadata, and thread data	Yes	No (except subjects in tracking pixels)	Yes (Google, OpenAI via proxy)
Slack messages and metadata	Yes	No	Yes (Slack)
OAuth tokens and credentials	Yes (Keychain)	Yes (scheduling tokens, encrypted)	No
Licensing and trial data	Partially	Yes	No
Email tracking data (pixels, opens, clicks)	No	Yes	No
Contact enrichment data	No	Yes (cached 30 days)	Yes (Gravatar)
AI feature inputs and outputs	Partially (summaries cached locally)	No (content not logged; usage metered)	Yes (OpenAI via proxy)
Calendar events and attendee data	Yes	Partially (scheduling bookings)	Yes (Google Calendar)
User preferences and settings	Yes	No	No
Device identifiers and hardware UUIDs	No	Yes (licensing)	No
IP addresses	No	Yes (tracking, licensing)	Incidentally (Cloudflare, third-party APIs)
Search queries	Yes (recent searches)	No	Yes (if AI search used, via OpenAI proxy)
Sender classification data	Yes	No	Yes (domains sent to OpenAI for classification)
Scheduling link and booking data	Yes	Yes	Yes (Google Calendar for event creation)
Debug logs (development builds only)	Yes (temporary)	No	No

4. Information You Provide Directly

4.1 Account Connection Information

When you connect email or messaging services to Hyperdrive, you provide authorization for Hyperdrive to access those services on your behalf. As part of this process, Hyperdrive receives and stores:

Your account email address.
OAuth 2.0 access tokens (short-lived credentials that grant API access).
OAuth 2.0 refresh tokens (long-lived credentials that allow Hyperdrive to obtain new access tokens without requiring you to re-authorize).
Token expiration timestamps.
For Slack: workspace identifiers, user tokens, and team information, if you connect a Slack workspace.

The specific OAuth authorization scopes requested by Hyperdrive are detailed in Section 9.

4.2 Email You Write, Draft, and Schedule

When you compose, draft, reply to, forward, or schedule email within Hyperdrive, the application stores:

Draft content, including the full message body in HTML and plain text formats, RTFD-formatted rich text data, and all metadata (recipients, subject, CC, BCC fields).
Scheduled messages, including the full composed email content, the scheduled send date and time, and the originating account identifier.
Email signatures you create or import, stored per-account in both HTML, plain text, and RTFD formats.
Text snippet templates you create for quick insertion, including shortcut key bindings.

Scheduled messages may also be stored server-side for reliable send-later delivery even when your Mac is offline. See Section 26 for details on server-side deferred actions.

4.3 Scheduling Link Information and Bookings

If you use scheduling links and booking features, Hyperdrive stores:

Scheduling link configuration, including: title, URL slug, duration in minutes, availability windows (days and hours as JSON), selected calendar identifier, timezone, and active/inactive status.
Booking details when a guest books a meeting with you, including: guest name, guest email address, booking start and end times, and the identifier of the Google Calendar event created.
Your Google Calendar OAuth tokens (access and refresh tokens), encrypted server-side using AES-256-GCM with a key derived via PBKDF2 (100,000 iterations) from the SCHEDULING_ENCRYPTION_KEY environment variable. These tokens enable the server to create calendar events on your behalf when a guest books a meeting.

4.4 Inbox Configuration

When you customize your inbox, Hyperdrive stores:

Split configuration files, including custom inbox split definitions and filtering rules, stored as JSON files locally at ~/Library/Application Support/Hyperdrive/splits-{account_id}.json.
Thread split overrides, where you manually re-classify a thread into a different split.
Blocked sender lists, including the blocked email address and the timestamp of the block action.
Muted thread identifiers for conversations you have muted.

4.5 Support Communications

If you contact Hyperdrive for support, you may provide:

Your contact information (name, email address).
Device details, app version, and operating system information you include in your message.
Diagnostic information, screenshots, or logs you choose to share.
Description of the issue or feedback.

We use this information solely to respond to your inquiry and to improve the Service. We do not use support communications for marketing purposes.

5. Information Hyperdrive Collects Automatically — Local Storage

5.1 Local SQLite Database

Hyperdrive maintains a local SQLite database (hyperdrive.sqlite) as a cache and feature store. The database is located at ~/Library/Application Support/Hyperdrive/ and currently operates at schema version 32. This database stores the following categories of information:

Email data: - Email thread identifiers, subjects, snippets (short preview text), message counts, and label associations. - Full message bodies stored as binary large objects (BLOBs), along with sender and recipient information, dates, and attachment metadata. - Draft message data (BLOB), subject lines, recipients summary, and timestamps. - Full-text search index content derived from email subjects, body text, sender names, and snippets, built using SQLite FTS5 with Porter stemming and Unicode61 tokenization.

Contact data: - Contact email addresses, display names, interaction counts, last-seen dates, and AI-generated relationship metrics. - Sender relationship markers (such as VIP or important designations) and frequency metrics. - Blocked sender email addresses and block timestamps. - Records of senders where unsubscribe prompts were dismissed.

Scheduling and workflow data: - Snooze records, including thread identifiers, return dates, and label restore state. - Reminder records, including thread identifiers, remind dates, and message count thresholds. - Pending actions queue, containing email actions (such as archive, delete, label changes) awaiting synchronization with the server, with full action payloads. - Scheduling link definitions (slugs, durations, availability, timezone).

AI and classification data: - AI-generated thread summaries, stored locally. - Sender domain classifications assigned by AI (newsletters, transactions, other), with a 30-day local expiry. - Thread split overrides and command palette usage frequency data.

Slack data (if Slack is connected): - Slack channel identifiers, names, and workspace associations. - Slack message content and metadata. - Slack thread classification overrides.

Calendar data (if calendar features are used): - Calendar event data, dates, times, and attendee information. - Calendar metadata per account.

User interface and performance data: - Email rendering height caches (for UI performance optimization). - Image URL and sender whitelist entries for remote image display. - Email signatures per account (HTML, plain text, RTFD). - Text snippet templates with shortcut key bindings.

5.2 Credential Storage (macOS Keychain)

Hyperdrive stores OAuth tokens and related sensitive credentials using the macOS system Keychain, backed by Apple's Security framework (Security.framework). All Keychain items are stored with the accessibility level kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which means:

Tokens are only accessible when your Mac is unlocked.
Tokens are never synchronized to iCloud Keychain.
Tokens are bound to the specific physical device on which they are stored.

The following credentials may be stored in the Keychain:

Credential Type	Keychain Service Key	Sensitivity
Gmail OAuth access token	`com.hyperdrive.gmail.{account_id}`	Critical
Gmail OAuth refresh token	`com.hyperdrive.gmail.{account_id}`	Critical
Gmail token expiration	`com.hyperdrive.gmail.{account_id}`	Low
Gmail account email address	`com.hyperdrive.gmail.{account_id}`	Personal
Slack user token	`com.hyperdrive.slack.{workspace_id}`	Critical
Custom AI API key (if configured)	`com.hyperdrive.ai-api-key`	Critical

Migration Note: Earlier versions of Hyperdrive stored tokens in plaintext files at ~/Library/Application Support/Hyperdrive/tokens/. The application automatically migrates tokens from file storage to the macOS Keychain on first launch after update. After successful migration, the old tokens directory is renamed to tokens.migrated as a backup.

5.3 UserDefaults Preferences

Hyperdrive stores application preferences using macOS UserDefaults, persisted at ~/Library/Preferences/com.hyperdrive.app.plist. This may include:

Privacy settings: Remote image blocking preference (default: enabled), always-show-original-colors preference.
Notification settings: Toggles for Gmail notifications, Slack notifications, reminder notifications, and notification sound.
Search history: Up to 10 recent search queries.
AI configuration: AI tier (basic, pro, or custom), AI provider, heavy model name, light model name, and custom endpoint URL.
Theme and typography preferences: Appearance mode, selected theme, typography scale, font family, font size, and line height.
Email behavior: Undo send delay duration, auto-advance after archive preference.
Slack preferences: Opted-in Slack channel identifiers per workspace.
Custom key bindings: Custom keyboard shortcut definitions stored as JSON.
Calendar preferences: Calendar visibility overrides, calendar color overrides, account color overrides, hidden calendar identifiers, and warm domain threshold.
Muted conversations: List of muted thread identifiers.

UserDefaults data is stored in a standard macOS preference file and is not encrypted beyond macOS filesystem-level protections.

5.4 Remote Image Behavior

By default, Hyperdrive blocks all remote images in emails using a Content Security Policy (CSP) that restricts image sources to data: URIs and cid: (Content-ID) inline images only. This default protects you from tracking pixels and remote image-based surveillance embedded in incoming emails.

If you choose to whitelist specific senders or domains for remote image loading, the application relaxes the CSP to permit loading images over HTTPS for those specific emails. When remote images are loaded, the following information may be revealed to the third-party server hosting those images:

That you opened the email (and approximately when).
Your IP address and approximate geographic location.
Your device type, operating system version, and rendering engine characteristics (via HTTP headers).
Any unique identifiers embedded in the image URL by the sender.

Whitelist entries are stored locally in the image_whitelist table of the local SQLite database.

5.5 Unsplash Photo Cache

Hyperdrive caches approximately 120 photos from Unsplash for its inbox-zero celebration feature. This cache is stored at ~/Library/Caches/Hyperdrive/inbox-zero/photo-pool.json and is refreshed approximately every 24 hours. This cache contains photo metadata (URLs, photographer attribution) and does not contain personal information.

5.6 Debug Logs (Development Builds Only)

In development builds only (when compiled with the DEBUG flag), Hyperdrive may write diagnostic logs to the macOS temporary directory ($TMPDIR/). These logs may contain:

Email subject lines.
Sender email addresses.
AI classification payloads and scoring data.

Production builds of Hyperdrive do not generate these debug logs. If you are using a development or beta build, you should be aware that these temporary files may contain personal information and should be treated accordingly.

6. Information Collected and Stored on Hyperdrive Servers

Hyperdrive uses server-side infrastructure for specific features that require persistent state beyond your local device or that enable functionality when your device is offline. The server infrastructure consists of Cloudflare Workers (for compute) and Cloudflare D1 (for managed SQLite database storage at the edge).

Server-side data is distributed across two domains: - app.hyperdriveone.com — Application server handling AI proxy, email tracking, contact enrichment, scheduling, Unsplash proxy, and Slack OAuth proxy. - app.hyperdriveone.com — Licensing server handling license activation, validation, trials, device management, and Stripe webhook processing.

6.1 Email Tracking Data

If you use email tracking features, Hyperdrive stores the following data on Hyperdrive servers:

Pixel registration data (stored when you send a tracked email): - Unique pixel identifier (UUID). - Your account identifier (your email address). - Recipient email address. - Email subject line. - Thread identifier. - Registration timestamp.

Open event data (stored when a recipient opens a tracked email): - Pixel identifier (linking back to the original email). - Open timestamp. - User-agent string of the recipient's email client or browser. - IP address of the recipient (obtained from the cf-connecting-ip header provided by Cloudflare).

Click event data (stored when a recipient clicks a tracked link): - Link identifier (UUID). - Pixel identifier (linking to the email containing the link). - Destination URL. - Click timestamp. - User-agent string. - IP address.

Important: There is currently no defined retention period or automatic expiration for email tracking data. See Section 16 for details.

Data minimization note: Email subject lines are stored in the server-side pixels table. This data is not strictly necessary for open detection (which requires only the pixel identifier) but is stored to provide richer reporting to the sender.

6.2 Contact Enrichment Cache

If contact enrichment is enabled and a contact lookup is performed through Gravatar, the following data is cached server-side:

Contact email address (used as the lookup key).
Name, company, title, and location returned by Gravatar.
Photo URL.
Social profile data, including LinkedIn profile URLs extracted from Gravatar's verified accounts.
Data source identifier (e.g., "gravatar" or "gravatar-profile").
Timestamp when the data was fetched.
Expiration timestamp (set to 30 days after fetch).

This cache is designed to expire and be refreshed after 30 days.

6.3 Scheduling System Data

For scheduling features, Hyperdrive stores the following server-side:

Scheduling user records: User identifier (typically your email address), encrypted Google Calendar OAuth refresh token, encrypted access token, and access token expiration timestamp.
Scheduling link records: URL slug, user identifier, title, duration in minutes, availability windows (JSON), calendar identifier, timezone, and active/inactive status.
Booking records: Booking identifier, scheduling link identifier, guest name, guest email address, booking start and end times, and Google Calendar event identifier.

Google Calendar OAuth tokens stored server-side are encrypted at rest using AES-256-GCM. The encryption key is derived using PBKDF2 with 100,000 iterations, a per-account random 128-bit salt (generated and stored server-side), and the environment-level encryption key. Legacy rows created before the per-account salt migration use a static salt; these will be migrated to per-account salts.

6.4 Licensing and Trial Data

Hyperdrive stores the following licensing-related data server-side:

Product records: Product identifier, name, maximum device limit, and grace period hours.
License records: License key, email address associated with the license, product identifier, license status (active, suspended, revoked, expired), maximum device override, expiration date, Stripe customer identifier, and Stripe subscription identifier.
Device activation records: License identifier, machine identifier (hardware UUID), machine name (e.g., "John's MacBook Pro"), platform (e.g., "macos"), application version, activation timestamp, and last validation timestamp.
Licensing audit event records: License identifier, event type (activated, deactivated, validated, created, suspended, revoked), machine identifier, IP address of the API request, metadata JSON, and event timestamp.
Trial records: Email address, product identifier, trial start timestamp, and trial duration in days.
Rate limiting records: Rate limit key (IP-based, derived from the Cloudflare cf-connecting-ip header), sliding window start timestamp, and request count. IP addresses are used as rate-limit keys and stored transiently in a rate_limits table with short rolling windows.

6.5 AI Usage Metering

Hyperdrive logs the following information server-side for each AI feature request processed through the server proxy:

Account identifier (your email address, resolved server-side from your license, not taken from client headers).
Feature identifier (e.g., draft_reply, summarize_thread, summarize_slack, extract_calendar_event, rewrite_email, translate_search, classify_domains, classify_pitch).
Model name used for the request.
Prompt token count, completion token count, and total token count.
Estimated cost in USD.
Request timestamp.

Important: AI usage metering logs the metadata about AI requests (which features were used, how many tokens were consumed) but does not log the content of AI requests or responses. The actual email content, prompts, and AI-generated text are not stored server-side.

AI usage metering data is currently stored without a defined expiration period. This data can be queried via an authenticated API endpoint.

7. How Hyperdrive Uses Information

Hyperdrive uses the information it collects for the following purposes:

Core email client functionality: - Syncing email from Gmail via the Gmail API, including incremental sync via the History API. - Rendering, displaying, searching, and organizing emails locally. - Composing, drafting, sending, forwarding, and replying to emails. - Managing email labels, archiving, starring, trashing, marking as read/unread, and other email state changes. - Providing full-text search across locally cached email content. - Delivering macOS notifications for new emails when enabled.

Inbox organization and productivity: - Applying inbox splits, automated classifications, and local heuristics to organize emails into categories. - Providing snooze (remind me), reminders, and scheduled sending functionality. - Providing blocked sender management and unsubscribe detection. - Muting conversations.

Slack integration: - Syncing Slack messages and channel data when you connect a Slack workspace. - Displaying Slack messages alongside email. - Enabling Slack message sending and reactions where authorized by granted scopes. - Delivering macOS notifications for Slack messages when enabled.

Scheduling: - Providing scheduling link creation, management, and public booking pages. - Creating Google Calendar events when guests book meetings through your scheduling links. - Querying Google Calendar for free/busy information to present available time slots.

Calendar integration: - Syncing calendar events from Google Calendar. - Displaying calendar events in the calendar sidebar. - Creating, updating, and managing calendar events, including AI-assisted event extraction from email content. - Providing RSVP functionality for calendar invitations. - Sharing availability with email recipients.

AI-powered features: - Generating draft replies to emails. - Summarizing email threads and Slack channels. - Extracting calendar events from email content. - Rewriting and adjusting the tone of email drafts. - Translating natural language search queries into structured search parameters. - Classifying sender domains to support inbox split organization. - Detecting cold pitch and sales outreach emails. - Generating smart split filter predicates from natural language descriptions.

Contact enrichment: - Enriching contact information with publicly available profile data from Gravatar, including names, titles, companies, locations, photos, and social profile links.

Email tracking: - Detecting when recipients open tracked emails and click tracked links. - Providing open and click reporting to the sender.

Licensing and subscription management: - Enforcing license terms, device activation limits, and subscription status. - Managing trial periods. - Processing subscription payments through Stripe. - Preventing fraud and unauthorized use.

Security, integrity, and operations: - Maintaining the security and integrity of the Service. - Preventing abuse, enforcing rate limits, and detecting anomalous activity. - Monitoring server infrastructure for operational issues. - Verifying the integrity of licensing responses using cryptographic signatures.

8. Legal Bases for Processing

Hyperdrive processes personal information under one or more of the following legal bases, depending on the specific processing activity and applicable jurisdiction:

Performance of a contract (Article 6(1)(b) GDPR): - Processing necessary to provide the Hyperdrive service you have requested, including email synchronization, sending, calendar integration, and account management. - Processing necessary to manage your license, trial, or subscription.

Legitimate interests (Article 6(1)(f) GDPR): - Securing the Service and preventing abuse, fraud, and unauthorized access. - Enforcing rate limits and maintaining service stability. - Operating licensing and device activation systems. - Improving the performance and reliability of the Service. - Metering AI usage for cost management and service planning.

When relying on legitimate interests, Hyperdrive has conducted a balancing assessment and concluded that these interests are not overridden by your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 20).

Consent (Article 6(1)(a) GDPR): - Where required, such as when you affirmatively enable integrations and features that transmit data to third parties (e.g., connecting a Slack workspace, enabling AI features, using email tracking). - When you choose to use features that require sending portions of your email content to OpenAI through the server proxy. - When you configure contact enrichment features that query Gravatar.

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Compliance with legal obligations (Article 6(1)(c) GDPR): - Processing necessary to comply with applicable legal obligations, such as responding to lawful requests from law enforcement or regulatory authorities. - Maintaining records as required by tax, accounting, or other regulatory requirements.

Because Hyperdrive processes sensitive communications data, including the content of private emails and messages, you should use Hyperdrive only if you have the legal authority and right to access, process, and transmit the content you access through the Service.

Hyperdrive interacts with multiple third-party services to provide its functionality. When you enable features that involve third-party services, data is transmitted to those services as necessary. Hyperdrive does not sell, rent, or trade your personal information to third parties for their own marketing purposes.

9.1 Google (Gmail API and Calendar API)

When you connect a Google account, Hyperdrive communicates with Google APIs over HTTPS using OAuth 2.0 Bearer token authentication.

API endpoints used: - Gmail API: https://gmail.googleapis.com/gmail/v1/users/me/ - Gmail Batch API: https://gmail.googleapis.com/batch/gmail/v1 - Calendar API: https://www.googleapis.com/calendar/v3/ - OAuth Authorization: https://accounts.google.com/o/oauth2/v2/auth - Token Exchange: https://oauth2.googleapis.com/token - User Info: https://www.googleapis.com/oauth2/v2/userinfo

OAuth scopes requested by Hyperdrive:

Scope	Purpose
`gmail.modify`	Read and modify email, labels, and threads
`gmail.compose`	Compose, draft, and send emails
`gmail.readonly`	Read-only access to email
`gmail.settings.basic`	Read and modify basic Gmail settings
`userinfo.email`	Access your email address
`userinfo.profile`	Access your basic profile information
`calendar`	Full read/write access to Google Calendar (events, free/busy queries)

Data transmitted to Google may include: - Full email content and metadata for reading, searching, drafting, and sending. - Label modifications and email state changes (archive, trash, star, read/unread, spam). - Calendar events created, updated, or deleted. - Free/busy calendar queries for scheduling features. - Search queries sent to Gmail API for remote search.

OAuth flow: Hyperdrive uses ASWebAuthenticationSession (a system-managed secure browser session) for the OAuth authorization flow. The OAuth client ID is a public credential appropriate for native applications. No client secret is used (consistent with PKCE flow for native apps). The OAuth callback is handled via the URL scheme com.hyperdrive.app://.

9.2 Slack API

If you connect a Slack workspace, Hyperdrive communicates with the Slack API at https://slack.com/api/.

Important: The Slack OAuth flow is proxied through Hyperdrive servers. The authorization redirect goes through https://app.hyperdriveone.com/slack/authorize, and the token exchange is handled server-side at https://app.hyperdriveone.com/slack/token. This architecture ensures that the Slack client ID and client secret are never embedded in or distributed with the Hyperdrive client binary. CSRF protection is implemented via a cryptographically random state parameter that is validated on the callback.

OAuth user scopes requested:

Scope	Purpose
`channels:history`, `channels:read`, `channels:write`	Access public channel messages and metadata
`chat:write`	Send messages on your behalf
`groups:history`, `groups:read`, `groups:write`	Access private channel messages and metadata
`im:history`, `im:read`, `im:write`	Access direct messages
`mpim:history`, `mpim:read`, `mpim:write`	Access group direct messages
`reactions:read`, `reactions:write`	Read and post message reactions
`users:read`, `users:read.email`	Access user profile information and email addresses

Data transmitted to Slack may include: - Message read requests across all channel types (public, private, direct messages, group DMs), depending on granted scopes. - Messages you send or reactions you post through Hyperdrive. - User profile information and email address lookups. - Channel membership data.

Slack user tokens (xoxp-... format) do not expire and remain valid until you revoke them through Slack's app management interface or disconnect the workspace in Hyperdrive.

9.3 OpenAI (via Server Proxy)

If you use AI features, Hyperdrive sends data to Hyperdrive servers at https://app.hyperdriveone.com/api/ai/chat, which then forward requests to OpenAI's API at https://api.openai.com/v1/chat/completions. Hyperdrive servers inject the OpenAI API key server-side — the key is never present in or accessible from the client application.

Headers sent with each AI request: - X-Account-ID: Your account email address (used for AI usage metering and routing). - X-AI-Feature: A feature identifier string describing which AI feature is being used.

The specific data transmitted to OpenAI depends on the feature being used and is detailed in Section 10.

Important: Hyperdrive servers log metadata about AI requests (account identifier, feature name, model used, token counts, and estimated cost) but do not log or store the content of AI prompts, email content included in prompts, or AI-generated responses. Email content passes through the server proxy transiently and is forwarded to OpenAI without being persisted.

Custom AI tier: If you select the Custom AI tier and provide your own API key and optional custom endpoint URL, Hyperdrive sends AI requests directly to the endpoint you configure (or to OpenAI directly using your key), bypassing the Hyperdrive proxy. In this configuration, Hyperdrive does not receive, process, or meter your AI requests. You are solely responsible for evaluating the privacy, security, data handling practices, and terms of service of any custom endpoint you configure.

9.4 Gravatar (Contact Enrichment)

For contact enrichment, Hyperdrive sends a SHA-256 hash of the contact's email address to the Gravatar API at https://api.gravatar.com/v3/profiles/{sha256_hash}, authenticated with a Gravatar API key stored server-side. Gravatar returns publicly available profile information, which may include: name, company, title, location, photo URL, and verified social profile links (such as LinkedIn URLs).

A fallback avatar lookup may also be performed using an MD5 hash of the email address at https://www.gravatar.com/avatar/{md5_hash}?d=404&s=128.

Contact enrichment data is cached server-side in Hyperdrive' D1 database for up to 30 days before automatic expiration.

The email address itself is not sent to Gravatar — only its cryptographic hash. However, Gravatar's operator (Automattic) may be able to correlate the hash with known email addresses if those addresses are registered in the Gravatar system.

9.5 Unsplash (Inbox Zero Photos)

Hyperdrive uses Unsplash to display curated photographs for the inbox-zero celebration feature. Photo requests are proxied through Hyperdrive servers at https://app.hyperdriveone.com/api/unsplash/random, which forward requests to https://api.unsplash.com/photos/random using a server-side Unsplash API key.

Per Unsplash's Terms of Service, Hyperdrive reports download events to Unsplash when a photo is displayed. The data sent includes the photo identifier and download trigger URL. No personally identifiable user data is included in these requests.

9.6 Stripe (Payments)

If you purchase a Hyperdrive subscription, payment processing is handled entirely by Stripe. Hyperdrive does not receive, process, or store your full payment card details, bank account information, or other payment instrument data.

The checkout experience is rendered in a WKWebView (embedded browser) that is restricted to the following Stripe domains: checkout.stripe.com, js.stripe.com, m.stripe.network, and hooks.stripe.com.

Hyperdrive receives and stores the following Stripe identifiers for subscription management: - Stripe customer identifier. - Stripe subscription identifier.

Stripe webhook events are received at https://app.hyperdriveone.com/api/webhooks/stripe and verified using HMAC-SHA256 signature verification with a server-side STRIPE_WEBHOOK_SECRET. The following Stripe events are processed: - checkout.session.completed — triggers license creation. - customer.subscription.deleted — triggers license suspension. - customer.subscription.updated — triggers license status update.

When a license is created after successful payment, a license key delivery email is sent to you via Cloudflare Worker.

9.7 Cloudflare (Infrastructure)

Hyperdrive servers run on Cloudflare Workers, and server-side data is stored in Cloudflare D1. As part of providing its infrastructure services, Cloudflare may process network information including:

IP addresses of clients making requests.
Request metadata (HTTP method, URL path, headers).
Request and response sizes and timing.

Cloudflare processes data at global edge locations. The specific edge location that processes your request depends on your geographic location and Cloudflare's routing decisions. Cloudflare's privacy policy governs its handling of this network-level data.

9.8 Services Hyperdrive Does NOT Use

Hyperdrive does not integrate with, embed, or transmit data to any of the following categories of services:

Advertising networks or ad SDKs.
Analytics platforms (such as Mixpanel, Amplitude, Segment, Google Analytics, or App Store Analytics).
Crash reporting services (such as Sentry, Crashlytics, Datadog, or Bugsnag).
CloudKit, iCloud, or Apple's cloud synchronization services.
Social media login providers (other than Google OAuth for Gmail/Calendar access).
Data brokers or data resellers.

The only external dependency in the Hyperdrive client application binary (beyond Apple system frameworks) is SwiftFormat, which is a development-only tool and is not present in production builds.

10. Artificial Intelligence and Machine Learning Features

Hyperdrive offers several AI-powered features, all of which use OpenAI language models accessed through the Hyperdrive server proxy (or your custom endpoint, if configured). When you use an AI feature, portions of your email or Slack content are transmitted to OpenAI for processing. The server enforces a global 4,096 completion token ceiling on all AI requests, regardless of per-feature limits listed below. This section details exactly what data is sent for each feature.

10.1 Draft Reply Generation

Feature identifier: draft_reply
Model: gpt-4o
Data sent: The last 10 messages from the email thread, each including the sender's email address and the message body truncated to 2,000 characters. Your tone preferences and any custom instructions you provide.
Token limit: 200 completion tokens.

10.2 Thread Summarization

Feature identifier: summarize_thread
Model: gpt-4o-mini
Data sent: The last 10 messages from the email thread, each including sender names and message body text truncated to 2,000 characters.
Token limit: 300 completion tokens.
Local caching: Generated summaries are cached locally in the thread_summaries table so the same thread is not re-summarized on subsequent views.

10.3 Slack Channel Summarization

Feature identifier: summarize_slack
Model: gpt-4o-mini
Data sent: The last 50 Slack messages from the selected channel, each truncated to 1,000 characters of user content, along with the channel name.
Token limit: 500 completion tokens.

10.4 Calendar Event Extraction

Feature identifier: extract_calendar_event
Model: gpt-4o-mini
Data sent: The last 5 messages from the email thread, each including sender name, subject line, date, and message body truncated to 2,000 characters.
Token limit: 100 completion tokens.

10.5 Email Rewriting and Tone Adjustment

Feature identifier: rewrite_email
Model: gpt-4o
Data sent: The full email body text you are composing, your selected tone preference, and any optional custom instructions you provide.
Token limit: 2,000 completion tokens.

10.6 Natural Language Search Translation

Feature identifier: translate_search
Model: gpt-4o-mini
Data sent: Your natural language search query text only. No email content is sent.
Token limit: 100 completion tokens.

10.7 Sender Domain Classification

Feature identifier: classify_domains
Model: gpt-4o-mini (temperature: 0.0 for deterministic results)
Token limit: 300 completion tokens.
Data sent: Sender email addresses and up to 3 sample subject lines per sender, processed in batches of up to 30 senders per request. No email body text is sent for this feature.
Categories assigned: newsletters, transactions, or other.
Local caching: Classification results are cached locally for 30 days.

10.8 Cold Pitch Classification

Feature identifier: classify_pitch
Model: gpt-4o-mini
Token limit: 50 completion tokens.
Data sent: For emails with ambiguous heuristic cold-pitch scores, Hyperdrive sends the sender email address, subject line, and up to 500 characters of the email body to OpenAI for binary classification as "genuine" or "cold_pitch".
Batch size: Up to 5 evaluations per batch.
Local caching: Results are cached per sender locally.

10.9 Smart Split Predicate Generation

Feature identifier: Uses the AI proxy for generating filter predicates from natural language descriptions you provide.
Data sent: Your natural language description of the filter you want to create.
Note: The predicates generated by this feature are evaluated entirely locally against thread metadata. No additional email content is sent to OpenAI during predicate evaluation.

11. Email Tracking and Recipient Data

Hyperdrive includes a feature that injects a tracking pixel (a 1-pixel transparent GIF image) and wraps hyperlinks in outbound emails to enable detection of email opens and link clicks.

11.1 How Tracking Works

Pixel injection: When you send an email with tracking enabled, Hyperdrive's MIME encoder appends an invisible 1x1 pixel image tag to the HTML body of the email. The image source URL is https://app.hyperdriveone.com/open/{pixelId}, where {pixelId} is a unique UUID generated for that email.
Link wrapping: All hyperlinks (<a href="...">) in the outbound email are rewritten to route through https://app.hyperdriveone.com/click/{linkId}?url={encodedDestination}, where {linkId} is a unique UUID generated for each link.
Pixel and link registration: Before sending, Hyperdrive registers the pixel and all tracked links with the Hyperdrive server, including: pixel identifier, your account identifier, recipient email address, email subject, thread identifier, link identifiers, and destination URLs.
Open detection: When a recipient's email client loads the tracking pixel image, the Hyperdrive server returns a 1x1 transparent GIF and logs an open event with the recipient's IP address, user-agent string, and timestamp. The server sets Cache-Control: no-store, no-cache headers to prevent caching that would cause missed open detections.
Click detection: When a recipient clicks a tracked link, the Hyperdrive server logs the click event (with IP address, user-agent, timestamp, and destination URL) and then issues an HTTP redirect to the original destination URL.
Reporting: Hyperdrive periodically polls the server for open and click events to display tracking reports in the contact pane.

11.2 Data Collected About Email Recipients

Email tracking collects the following information about recipients of your tracked emails. Recipients are third parties who have not agreed to this Privacy Policy, and this data is collected without their explicit knowledge or consent:

Recipient email address (provided by you when sending).
IP address of the recipient's device or email client at the time of each open or click event.
User-agent string of the recipient's email client or browser, which may reveal device type, operating system, and software version.
Timestamps of each open and click event.
Which specific links were clicked and their destination URLs.

Hyperdrive does not automatically notify recipients that email tracking is active. The tracking pixel and link wrapping are designed to be invisible to recipients.

You can disable email tracking at any time via Settings → Privacy → Email Tracking. When tracking is disabled, no tracking pixel is injected and no links are wrapped in outgoing emails. Tracking is enabled by default.

You are solely responsible for complying with all laws, regulations, and policies that govern email tracking, monitoring, consent, and notice in your jurisdiction and the jurisdiction of your recipients. This may include, without limitation:

Laws requiring recipient consent before tracking (such as GDPR in the European Union, which may require consent for tracking technologies).
Employer policies governing email monitoring of employees.
Confidentiality obligations that may prohibit tracking of communications with attorneys, medical professionals, or other privileged parties.
Industry-specific regulations governing electronic communications.

Tracking pixel requests are rate-limited to 120 opens per IP per minute to prevent abuse and database flooding.

Hyperdrive is a tool. Hyperdrive does not provide legal advice, does not guarantee compliance with any particular law or regulation, and is not responsible for your use of tracking features in violation of applicable law.

12. Automated Decision-Making and Profiling

Hyperdrive employs automated classification and decision-making systems that affect which emails you see, how they are organized, and how they are prioritized. While these systems are designed to improve your productivity, you should be aware of the following automated processes:

12.1 Inbox Split Classification

Hyperdrive automatically classifies incoming emails into inbox splits (Important, Team, Newsletters, Transactions, Calendar, Other) using a combination of:

AI-based sender domain classification (via OpenAI, as described in Section 10.7), which categorizes sender domains as newsletters, transactions, or other based on domain names and sample subject lines.
Local heuristic scoring (via the SplitClassifier and ColdPitchDetector modules), which evaluates email metadata against rule-based criteria entirely on your device without any network communication.
Sender relationship analysis, which considers interaction frequency and relationship markers you have set.

These classifications determine which inbox split a given email appears in and may affect the prominence and visibility of emails in your inbox.

12.2 Cold Pitch Detection

Hyperdrive uses both local heuristics and AI classification to detect unsolicited sales or outreach emails ("cold pitches"). The local heuristic system scores emails based on the presence of tracking pixels, scheduling links, sales language patterns, merge tag artifacts, and other indicators. Emails classified as cold pitches may be de-prioritized or categorized differently in your inbox.

12.3 Your Rights Regarding Automated Decision-Making

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Inbox classification does not produce legal effects, but it may affect which communications you see promptly. You can override any automated classification by manually moving emails between splits or adjusting split rules.

13. Local-Only Processing

Certain Hyperdrive features are performed entirely locally on your Mac without sending any content or data to Hyperdrive servers or any third-party service. These include:

Cold pitch heuristic detection: Score-based evaluation of emails for sales outreach characteristics, using locally computed indicators such as tracking pixel presence, scheduling link presence, sales language patterns, and merge tag detection.
Split classification and rule evaluation: Score-based classification of emails into inbox splits using locally stored rules, sender relationship data, label metadata, and generated smart-split predicates.
Smart split predicate evaluation: Once a smart-split predicate is generated (via AI, as described in Section 10.9), the predicate is evaluated against email metadata entirely locally.
Remote image blocking and whitelist enforcement: Content Security Policy generation and enforcement occurs locally.
Full-text search indexing and query execution: The FTS5 search index is built and queried locally.
Email HTML sanitization: Stripping of dangerous HTML tags, attributes, and script content is performed locally before rendering.
Draft auto-saving: Drafts are saved locally with debounced writes.
Optimistic UI updates: Email actions (archive, label, star, etc.) are applied to the local cache immediately before server synchronization.

14. Hardware Identifiers, Device Fingerprinting, and Licensing

14.1 Hardware UUID Collection

Hyperdrive licensing uses a persistent hardware identifier derived from your Mac's platform UUID. Specifically, Hyperdrive reads the kIOPlatformUUIDKey property from the IOPlatformExpertDevice service via Apple's IOKit framework. This UUID is a persistent hardware identifier that is unique to each physical Mac and does not change across operating system reinstalls, user account changes, or application reinstalls.

If the IOKit call is unavailable (which is uncommon), Hyperdrive falls back to generating a random UUID. The fallback UUID is not persisted, which means it would change on each application launch.

14.2 Data Collected for Licensing

On each license activation, validation, or deactivation, the following data is transmitted to the licensing server at app.hyperdriveone.com:

License key (provided by you or generated after purchase).
Machine identifier (hardware UUID as described above).
Machine name (your Mac's user-assigned name, such as "John's MacBook Pro").
Platform (e.g., "macos").
Application version (e.g., "1.0.0").
Product identifier ("hyperdrive").

The combination of hardware UUID, machine name, and email address associated with your license constitutes a strong device-level fingerprint. A SHA-256 fingerprint is computed from the combination of machine UUID, platform, and license identifier and stored server-side for device identity verification. An additional activation_secret_hash (SHA-256) is stored per device activation to authenticate deactivation requests.

14.3 Licensing Enforcement

License activation is validated every 24 hours via a server API call.
A configurable grace period (set server-side in hours) allows offline use when the validation server is unreachable.
Server responses are cryptographically signed using Ed25519 digital signatures. The client verifies the signature using a hardcoded public key to prevent tampering.
Per-IP rate limits are enforced on licensing endpoints: 10 activations per 5 minutes, 10 deactivations per 5 minutes, and 30 validations per 5 minutes.
Device limits are enforced per license, with a default limit configurable per product and an optional per-license override.

14.4 Licensing Event Audit Log

The licensing server maintains an audit log of licensing events, recording: license identifier, event type (activated, deactivated, validated, created, suspended, revoked), machine identifier, IP address, metadata JSON, and timestamp. This audit log is retained indefinitely.

15. Notifications

If you grant notification permission, Hyperdrive may display macOS system notifications that include:

Email notifications: Email subject line and a short message snippet, along with the sender name.
Slack notifications: Slack message context, channel name, and a message snippet.
Reminder notifications: Thread subject and snippet for snoozed or reminded conversations.

Notification content is visible on your screen (including the lock screen, depending on your macOS notification settings) even when the Hyperdrive application is not in the foreground. You can control notification display behavior at two levels:

Within Hyperdrive: Settings provide individual toggles for Gmail notifications, Slack notifications, reminder notifications, and notification sound.
Within macOS System Settings: You can manage notification permissions, display style, and lock screen visibility for Hyperdrive at the operating system level.

16. Data Retention

Hyperdrive's data retention practices depend on where data is stored and the type of data.

16.1 Local Storage Retention

Email and Slack cache: Data stored in the local SQLite database persists until you delete it, remove accounts, or uninstall the application. The local cache can grow without a built-in size limit.
Keychain credentials: OAuth tokens and other credentials stored in the macOS Keychain persist until you disconnect accounts, explicitly clear credentials, or uninstall the application. Keychain items with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute are also removed if you erase the device.
UserDefaults preferences: Preferences persist until you reset them within the application or delete the preference file at ~/Library/Preferences/com.hyperdrive.app.plist.
Search history: Recent search queries (up to 10) persist until manually cleared or until the preference store is reset.
Split configuration: JSON configuration files persist until you modify or delete them.
Debug logs (development builds): Written to $TMPDIR/, which is periodically cleaned by macOS.

16.2 Server-Side Retention with Defined Periods

Data	Retention Period	Mechanism
Contact enrichment cache	30 days	`expires_at` column; records refreshed on re-query after expiry
Sender classification cache (local)	30 days	Local expiry; re-classified via AI after expiry
Unsplash photo cache (local)	24 hours	Refreshed on next inbox-zero event
Rate limiting counters	5-minute sliding window	Automatically recycled

16.3 Server-Side Retention Without Defined Periods

At the time of this Privacy Policy, the following server-side data does not have a defined expiration or automatic deletion schedule:

Data	Server Table	Concern
Email tracking pixel registrations	`pixels`	Recipient metadata (email, subject) retained indefinitely
Email open events	`opens`	Recipient IP addresses and user-agents retained indefinitely
Link click events	`clicks`	Recipient IP addresses and destination URLs retained indefinitely
License activation records	`license_activations`	Device identifiers retained indefinitely
Licensing audit event logs	`license_events`	IP addresses retained indefinitely
AI usage metering logs	`ai_usage`	Account-level usage patterns retained indefinitely
Scheduling bookings	`bookings`	Guest names and email addresses retained indefinitely

Hyperdrive may implement retention limits and automated data lifecycle management in the future. Until such measures are implemented, data may be retained as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and operational integrity.

17. Data Deletion, Export, and Account Controls

17.1 Current Capabilities

At present, the following user-initiated data management capabilities are available:

Local data removal: You can remove all local data by uninstalling Hyperdrive and deleting the Hyperdrive data directories at ~/Library/Application Support/Hyperdrive/ and ~/Library/Caches/Hyperdrive/. Removing the application will also remove the associated macOS Keychain items.
Account disconnection: You can disconnect email and Slack accounts within Hyperdrive, which removes the associated OAuth tokens from the local Keychain and clears local cached data for that account.
License deactivation: You can deactivate your license on a specific device via the licensing server API (POST /api/licenses/deactivate), which removes the device activation record for that machine.
Image whitelist management: You can add, remove, or clear sender and domain entries from the remote image whitelist.
Blocked sender management: You can block and unblock senders.
Search history: You can clear recent search queries.
Server-side data deletion: You can delete all server-side data associated with an email account (including snoozed threads, reminders, scheduled messages, tracking data, AI usage logs, and Gmail credentials) via Settings → Accounts → Delete Server Data or by removing the account. This operation is also available via the server API (DELETE /api/account). Licensing records are preserved.
AI feature toggle: You can enable or disable AI-powered features (draft replies, summaries, rewrites, calendar event extraction) via Settings → Privacy → AI Features. When disabled, no email content is sent to OpenAI. A one-time consent dialog is shown on first launch.
Email tracking toggle: You can enable or disable read receipt tracking via Settings → Privacy → Email Tracking. When disabled, no tracking pixel is injected and no links are wrapped in outgoing emails.

17.2 Current Limitations

At present, the following capabilities are not available:

No user-facing data export tool. There is no mechanism to export a machine-readable copy of all personal data that Hyperdrive holds about you.
No toggle to opt out of AI usage metering. AI usage metering is logged automatically for all AI feature requests processed through the server proxy.

17.3 Requesting Deletion or Export

If you wish to request deletion of your server-side data, export of your data, or exercise any other data subject rights, please contact Hyperdrive at the contact details provided in Section 28.

Hyperdrive will evaluate requests consistent with applicable law, including GDPR, CCPA/CPRA, and other data protection regulations. You may be asked to verify your identity before information is provided, modified, or deleted. Hyperdrive will respond to verified requests within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA).

18. Security Measures

Hyperdrive implements a range of technical and organizational measures designed to protect your information. However, no system can be guaranteed to be completely secure, and Hyperdrive cannot guarantee the absolute security of your data.

18.1 Transport Security

All network communications between the Hyperdrive client and Hyperdrive servers, as well as between Hyperdrive servers and third-party APIs, use HTTPS (TLS encryption in transit). No unencrypted HTTP endpoints are used.

18.2 Credential Storage

OAuth tokens and sensitive credentials on the client are stored in the macOS system Keychain using kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which provides hardware-backed encryption, restricts access to when the device is unlocked, and prevents iCloud Keychain synchronization.
Google Calendar OAuth tokens stored server-side for scheduling features are encrypted at rest using AES-256-GCM with a key derived via PBKDF2 (100,000 iterations).
Scheduling API tokens and deferred-action account tokens are hashed (SHA-256) before storage; plaintext tokens are never persisted.

18.3 Cryptographic Verification

Licensing server responses are digitally signed using Ed25519 (a modern elliptic curve signature algorithm). The Hyperdrive client verifies these signatures using a hardcoded public key, preventing response tampering or replay attacks.

18.4 Authentication and Access Control

Server-side administrative endpoints for licensing are protected by HMAC-based authentication with timestamp-based replay protection (5-minute validity window).
Stripe webhook payloads are verified using HMAC-SHA256 signature verification with a server-side webhook secret. Stripe webhook event IDs are stored server-side for idempotency and replay prevention.
Slack OAuth state parameters are validated to prevent CSRF attacks.
Gmail OAuth uses ASWebAuthenticationSession, which provides system-managed CSRF protection.

18.5 Email Content Safety

Hyperdrive sanitizes all HTML email content before rendering in WKWebView, stripping dangerous elements including <script>, <iframe>, <object>, <embed>, <form>, <svg>, and all on* event handler attributes.
JavaScript execution is disabled in email rendering web views.
Content Security Policy headers restrict resource loading in email views.
Navigation is blocked in email web views to prevent link hijacking.

18.6 Rate Limiting

Per-IP rate limits are enforced on all licensing endpoints.
Slack API retry logic implements Retry-After header support and exponential backoff with jitter.

18.7 Your Security Responsibilities

You are responsible for: - Protecting physical access to your Mac and securing your macOS user account with a strong password. - Keeping your macOS operating system and Hyperdrive application updated. - Using appropriate endpoint security practices (such as FileVault disk encryption). - Protecting your license key and not sharing it with unauthorized users. - Revoking OAuth access from connected services if you suspect unauthorized access (via Google Account settings, Slack app management, etc.).

19. International Data Transfers

Hyperdrive involves international data processing. If you are located outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries. Specifically:

Cloudflare Workers may process your requests at any of Cloudflare's global edge locations, depending on network routing and availability. The specific location may vary per request.
Cloudflare D1 stores data at edge locations selected by Cloudflare.
OpenAI processes AI requests in regions determined by OpenAI's infrastructure, which may include the United States and other locations.
Gravatar (Automattic) processes contact enrichment data, primarily in the United States.
Stripe processes payment data in the United States and other locations, in compliance with PCI DSS.
Unsplash may process data globally.
Google processes Gmail and Calendar data in regions determined by Google's infrastructure.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: Transfers of personal data to countries outside the EEA that have not received an adequacy decision from the European Commission are conducted on the basis of appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable, or reliance on the recipient's participation in recognized frameworks. Hyperdrive does not currently maintain separate Data Processing Agreements (DPAs) with all third-party service providers and may not be able to guarantee that all sub-processors meet EEA adequacy requirements.

If you are located in a jurisdiction that restricts cross-border data transfers, you should evaluate whether use of Hyperdrive is appropriate for your regulatory requirements before using the Service.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR with respect to your personal data:

Right	Description	How to Exercise
Right of access (Art. 15)	You have the right to obtain confirmation of whether we process your personal data and to access a copy of that data, along with information about the purposes, categories, recipients, retention periods, and safeguards.	Contact us at the address in Section 28.
Right to rectification (Art. 16)	You have the right to request correction of inaccurate personal data and completion of incomplete personal data.	Contact us at the address in Section 28.
Right to erasure (Art. 17)	You have the right to request deletion of your personal data where it is no longer necessary, where you withdraw consent, where you object to processing, where data was unlawfully processed, or where deletion is required by law.	Contact us at the address in Section 28. See also Section 17.
Right to restriction (Art. 18)	You have the right to request restriction of processing where accuracy is contested, processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification.	Contact us at the address in Section 28.
Right to data portability (Art. 20)	You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.	Contact us at the address in Section 28.
Right to object (Art. 21)	You have the right to object to processing based on legitimate interests or for direct marketing purposes.	Contact us at the address in Section 28. You can also disable specific features (such as AI features, Slack integration, scheduling) by disconnecting services or avoiding use of those features.
Right not to be subject to automated decision-making (Art. 22)	You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.	See Section 12.3. You can override any automated inbox classification manually.
Right to withdraw consent	Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.	Disconnect services, disable features, or contact us at the address in Section 28.
Right to lodge a complaint	You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.	Contact your local data protection authority. A list of EU data protection authorities is available at the European Data Protection Board website.

Response time: Hyperdrive will respond to verified requests within 30 days, which may be extended by an additional 60 days for complex or numerous requests, in which case we will inform you of the extension and the reasons for it.

Identity verification: To protect your privacy, we may require you to verify your identity before acting on a request. This may include confirming ownership of the email address associated with your account or license.

Current implementation status: As noted in Section 17.2, Hyperdrive does not currently offer self-service tools for all GDPR rights. Until such tools are available, all requests are handled manually via the contact details in Section 28.

21. Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA):

21.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collection, and the categories of third parties with whom we share it.

21.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as where retention is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).

21.3 Right to Correct

You have the right to request correction of inaccurate personal information.

Hyperdrive does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes as those terms are defined under the CCPA/CPRA. Accordingly, there is no need to opt out of sale or sharing.

21.5 Right to Limit Use of Sensitive Personal Information

To the extent Hyperdrive processes sensitive personal information (such as email content), it does so only as necessary to provide the Service you have requested. Hyperdrive does not use sensitive personal information for purposes beyond what is necessary for the Service.

21.6 Right to Non-Discrimination

Hyperdrive will not discriminate against you for exercising any of your CCPA/CPRA rights.

21.7 Categories of Personal Information Collected

For purposes of CCPA disclosure, the following categories of personal information may be collected:

CCPA Category	Examples	Collected
Identifiers	Email address, device identifier, IP address, license key	Yes
Customer records	Name, email address, subscription information	Yes
Commercial information	Subscription status, purchase history via Stripe	Yes
Internet or electronic network activity	Email tracking opens/clicks, AI feature usage, user-agent strings	Yes
Geolocation data	Approximate location via IP address (not precise GPS)	Yes
Professional or employment-related information	Job title, company (via Gravatar enrichment)	Yes
Inferences drawn from personal information	Inbox split classifications, sender relationship scores, AI classifications	Yes
Sensitive personal information	Email content, Slack message content, OAuth credentials	Yes

21.8 How to Exercise Your Rights

To exercise any CCPA/CPRA rights, contact Hyperdrive at the address in Section 28. Hyperdrive will respond to verified requests within 45 days, which may be extended by an additional 45 days for complex requests.

22. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Hyperdrive is a native macOS application and does not operate as a website visited in a browser, so DNT signals from browsers are not applicable to the Hyperdrive application.

For web-based scheduling pages served at app.hyperdriveone.com, Hyperdrive does not currently respond to or alter its practices upon receiving DNT signals, as there is no industry-standard technology for honoring DNT in this context.

23. Children's Privacy

Hyperdrive is not directed to children under the age of 16 (or such other age as may be specified by applicable law) and is intended for use by individuals who can lawfully form a binding contract. Hyperdrive does not knowingly collect, solicit, or process personal information from children under the age of 16.

If you are a parent or guardian and believe that a child under the age of 16 has provided personal information to Hyperdrive through Hyperdrive, please contact us at the address in Section 28, and we will take steps to delete such information from our systems.

In the United States, the Children's Online Privacy Protection Act (COPPA) applies to children under the age of 13. Hyperdrive does not knowingly collect personal information from children under 13 in the United States.

24. Information We Do Not Collect

For transparency, Hyperdrive does not collect or access the following:

Camera or microphone data. Hyperdrive does not request or use camera or microphone permissions.
macOS Contacts (system address book). Hyperdrive does not access your macOS Contacts database. Contact information is derived from email headers and Gravatar enrichment.
Location services. Hyperdrive does not request or use GPS, Wi-Fi-based, or other precise location services.
Bluetooth. Hyperdrive does not use Bluetooth.
Accessibility APIs. Hyperdrive does not use macOS accessibility APIs.
AppleScript or Automation. Hyperdrive does not use AppleScript or macOS automation frameworks.
Browsing history. Hyperdrive does not access or monitor your web browsing history.
Files on your disk (beyond its own data directories). Hyperdrive only reads and writes to its own application support directory, caches directory, and preferences file, plus files you explicitly select via file picker dialogs (such as email attachments).
Clipboard data. Hyperdrive does not monitor or log clipboard contents.

Hyperdrive does not embed any third-party advertising SDKs, analytics SDKs, crash reporting SDKs, or data broker integrations. The only external build dependency is SwiftFormat (a code formatting tool used during development only, not present in production builds).

25. Your Responsibilities

Hyperdrive is a powerful tool that can access, modify, and generate email communications, calendar events, and Slack messages on your behalf. You are responsible for:

Account authorization. Ensuring that you have the legal authority to access the email accounts, Slack workspaces, and calendar accounts you connect to Hyperdrive.
Email tracking compliance. Ensuring that your use of email tracking features complies with all applicable laws and regulations, including laws that may require recipient consent or disclosure. See Section 11.3 for details.
AI content review. Reviewing all AI-generated content (draft replies, rewrites, summaries, event extractions) before sending, accepting, or acting on it. AI-generated content may contain errors, inaccuracies, or inappropriate language.
Workplace policies. Ensuring that your use of Hyperdrive complies with applicable workplace policies, employment agreements, confidentiality obligations, and professional conduct standards.
Scheduling feature accuracy. Verifying that scheduling links, availability windows, and calendar settings are accurate and appropriate before sharing them publicly.
Data sensitivity awareness. Being aware that certain Hyperdrive features transmit portions of your email and Slack content to third-party services (OpenAI, Google, Slack), and ensuring that such transmission is consistent with any data handling obligations, confidentiality agreements, or regulatory requirements that apply to your communications.
Custom AI endpoint. If you configure a custom AI endpoint and API key, you are solely responsible for evaluating the privacy, security, and data handling practices of that endpoint.

26. Server-Side Deferred Actions and Expanded Trust Boundary

Hyperdrive provides server-side deferred actions for cross-device synchronization and reliability. These features significantly expand the data stored on and accessible to Hyperdrive servers compared to a purely local email client. This section describes these capabilities so you can make an informed decision about using them.

26.1 Server-Side Capabilities

The following features are deployed and active when you enable cross-device sync:

Server-side snooze restoration: Server stores snooze records (thread identifier, account identifier, return date, labels to restore) and restores the INBOX label via Gmail API when the snooze fires. This requires the server to call the Gmail API on your behalf.
Server-side scheduled email sending: Server stores full MIME-encoded email content and sends the email via Gmail API at the scheduled time, even when your Mac is offline or closed. The server stores the complete email body until it is sent, and deletes it after successful delivery.
Server-side reminders: Server stores reminder records and fires reminders via push notifications.
Server-side Gmail OAuth token storage: To perform snooze restoration and scheduled sending, the server stores your Gmail OAuth refresh tokens. These tokens grant the server read and write access to your Gmail account (within the scopes you originally authorized). Tokens are encrypted at rest using AES-256-GCM with per-account random salts. However, the server has decryption capability at runtime — the encryption protects against database-level breaches but not against server-side application compromise.
Apple Push Notification service (APNs): Server sends push notifications to your Mac (and future iOS devices) for snooze, reminder, and send-later events. This requires:
Storage of APNs device tokens (pseudonymous device identifiers assigned by Apple, persistent per app install).
A server-side devices table mapping account identifiers to device tokens.
Push notification payloads (containing thread subjects and snippets) transit Apple's APNs infrastructure.

26.2 Privacy Implications

These features represent a significant expansion of the server trust boundary:

Hyperdrive servers hold Gmail OAuth credentials for users who enable cross-device sync. This gives the server the ability to read, modify, and send email on your behalf.
A server-side security breach could expose Gmail access credentials for all users with these features enabled.
Email activity patterns (snooze times, send-later schedules, reminder patterns) are visible to the server.
Full email content (MIME bodies of scheduled messages) is stored server-side until sent.

Hyperdrive requires explicit user consent before enabling features that involve server-side storage of Gmail OAuth credentials or full email content. You may revoke access at any time by deauthorizing Hyperdrive from your Google Account security settings.

27. Changes to This Privacy Policy

Hyperdrive reserves the right to update, modify, or replace this Privacy Policy from time to time to reflect changes in Hyperdrive features, legal requirements, regulatory guidance, or operational practices.

Notification of changes: If changes are material (such as new categories of data collection, new third-party data sharing, or changes to user rights), Hyperdrive will provide notice through one or more of the following means:

An in-application notification or banner within Hyperdrive.
A notice on the Hyperdrive website.
An email to the address associated with your license or account (for material changes).
Updating the "Last Updated" date at the top of this Privacy Policy.

Effective date: Changes will be effective as of the "Last Updated" date shown at the top of the revised Privacy Policy.

Acceptance: Continued use of Hyperdrive after an update to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue use of the Service.

We encourage you to review this Privacy Policy periodically to stay informed about our practices.

28. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or the data practices described herein, please contact:

Hyperdrive One LLC 1431 Porter Rd, Nashville, TN 37206, United States Email: support@hyperdriveone.com

Hyperdrive One LLC is the data controller for the personal data processed through the Service.

When contacting Hyperdrive:

Identity verification: You may be asked to verify your identity before information is provided, modified, or deleted. This is to protect your privacy and prevent unauthorized access to your data.
Response time: Hyperdrive aims to respond to all inquiries within 30 days. For GDPR requests, we will respond within 30 days (extendable by up to 60 additional days for complex requests). For CCPA requests, we will respond within 45 days (extendable by up to 45 additional days).
Data protection inquiries: If your inquiry relates to GDPR, CCPA, or other data protection rights, please specify the right you are exercising and provide sufficient information for us to verify your identity and locate your data.

If you are located in the EEA and are not satisfied with our response to a data protection inquiry, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website (https://edpb.europa.eu/).