Legal

Privacy Policy

Effective Date: February 21, 2026 · Last Updated: March 10, 2026 · Version 2.5

Effective Date: February 21, 2026
Last Updated: March 10, 2026
Product: Hyperdrive, a native macOS email client
Developer: Hyperdrive One LLC
Policy Version: 2.5

This Privacy Policy explains in detail how Hyperdrive One LLC ("we," "us," "our," or "Hyperdrive") collects, uses, stores, shares, discloses, retains, and protects information when you ("you," "your," or "user") use the Hyperdrive macOS application ("Hyperdrive" or "the app"), related server-side services operated by Hyperdrive, and associated websites, APIs, and web-based features (collectively, "the Service").

By downloading, installing, accessing, or using Hyperdrive, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must discontinue use of the Service.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

Table of Contents

  1. Scope and Applicability
  2. Definitions
  3. Summary of Data Collection Practices
  4. Information You Provide Directly
  5. Information Hyperdrive Collects Automatically — Local Storage
  6. Information Collected and Stored on Hyperdrive Servers
  7. How Hyperdrive Uses Information
  8. Legal Bases for Processing
  9. Third-Party Services and Data Sharing
  10. Artificial Intelligence and Machine Learning Features
  11. Email Tracking and Recipient Data
  12. Automated Decision-Making and Profiling
  13. Local-Only Processing
  14. Hardware Identifiers, Device Fingerprinting, and Licensing
  15. Notifications
  16. Data Retention
  17. Data Deletion, Export, and Account Controls
  18. Security Measures
  19. International Data Transfers
  20. Your Rights Under the General Data Protection Regulation (GDPR)
  21. Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)
  22. Do Not Track Signals
  23. Children's Privacy
  24. Information We Do Not Collect
  25. Your Responsibilities
  26. Server-Side Deferred Actions and Expanded Trust Boundary
  27. Changes to This Privacy Policy
  28. Contact Information

1. Scope and Applicability

This Privacy Policy applies to:

This Privacy Policy does not apply to:

2. Definitions

For purposes of this Privacy Policy, the following terms have the meanings set forth below:

3. Summary of Data Collection Practices

Hyperdrive is an email client that necessarily processes sensitive personal communications data. The scope of data collection is broad because providing full-featured email client functionality, AI-assisted productivity features, licensing enforcement, and cross-service integrations requires access to and processing of personal information.

The following is a high-level summary of the categories of information Hyperdrive collects and processes. Each category is described in full detail in subsequent sections of this Privacy Policy.

Category Stored Locally Stored on Server Shared with Third Parties
Email content, metadata, and thread data Yes Yes — scheduled messages stored encrypted until delivery (7-day retention); subjects and recipient addresses in tracking pixels (90-day retention); thread IDs for snoozes, reminders, and classification sync; sender domain classifications synced across devices Yes (Google, OpenAI via proxy)
Slack messages and metadata Yes No (transient only — passed through Server Proxy for AI summarization, not persisted) Yes (Slack, OpenAI via proxy for channel summarization)
OAuth tokens and credentials Yes (Keychain) Yes — Gmail and Zoom refresh tokens stored encrypted for scheduling, deferred sends, snoozes, and reminders No
Licensing and trial data Yes Yes No
Email tracking data (pixels, opens, clicks) No Yes No
Contact enrichment data No Yes (cached 30 days) Yes (Gravatar)
AI feature inputs and outputs Yes (on-device model weights, classification results, summaries cached locally) No (content not logged; cloud AI usage metered) Cloud features only (OpenAI via proxy for compose, rewrite, summarize, sender classification)
Calendar events and attendee data Yes Partially (scheduling bookings) Yes (Google Calendar)
Google Contacts data (names, emails, phone numbers, organizations) Yes (SQLite cache) No Yes (Google People API)
macOS Contacts (system address book) Yes (SQLite cache) No No
User preferences and settings Yes No No
Device identifiers and hardware UUIDs No Yes (licensing) No
IP addresses No Yes (tracking, licensing) Incidentally (Cloudflare, third-party APIs)
Search queries Yes (recent searches) No Yes (if AI search used, via OpenAI proxy)
Sender classification data Yes (on-device ML models, local SQLite cache) Yes — per-account sender domain classifications and per-thread overrides synced for cross-device consistency; opt-in differential-privacy-protected sender category votes if Shared Intelligence enabled Yes (unknown sender emails and sample subjects sent to OpenAI via proxy for batch classification; on-device models used first when available)
Scheduling link and booking data Yes Yes (guest data encrypted at rest) Yes (Google Calendar and Google Meet for event creation; Zoom for meeting creation if configured)

4. Information You Provide Directly

4.1 Account Connection Information

When you connect email, calendar, messaging, or conferencing services to Hyperdrive, you provide authorization for Hyperdrive to access those services on your behalf. As part of this process, Hyperdrive receives and stores the following information locally on your device:

In addition, Gmail and Zoom refresh tokens are transmitted to Hyperdrive's server (app.hyperdriveone.com) to enable server-side features that operate when your Mac is offline or asleep. Specifically:

All server-side tokens are encrypted at rest using AES-256-GCM with keys derived from per-user random salts and environment-specific encryption secrets. See Section 26 for details on server-side deferred actions.

The specific OAuth authorization scopes requested by Hyperdrive are detailed in Section 9.

4.2 Email You Write, Draft, and Schedule

When you compose, draft, reply to, forward, or schedule email within Hyperdrive, the application stores:

Scheduled messages may also be stored server-side for reliable send-later delivery even when your Mac is offline, including the full message content and any file attachments. See Section 26 for details on server-side deferred actions.

Snippet sync: Text snippets are synced to Hyperdrive’s server at app.hyperdriveone.com for cross-device access. Snippet names and text expansion shortcuts are stored in plaintext; snippet body content is encrypted at rest using AES-256-GCM before storage. Soft-deleted snippets (marked with a deleted flag) are purged from the server after 30 days.

Signature sync: Email signatures (HTML and plain-text body representations) are synced encrypted to Hyperdrive’s server at app.hyperdriveone.com for cross-device access. Both the HTML body and plain-text body are encrypted at rest using AES-256-GCM before storage. Platform-specific rich-text data (RTFD) remains device-local only and is not transmitted to the server.

Draft sync: Drafts are synced to Gmail via the Gmail Draft API for cross-device continuity. Draft content transits through and is stored by Google in accordance with Google’s privacy policy. Local draft metadata (including the Gmail draft identifier) is stored in the device-local SQLite database.

Retention and deletion: Draft content is stored locally on your device and is automatically deleted when the draft is sent. Scheduled messages and their attachments are deleted from the server immediately after successful delivery. Scheduled messages that fail or are cancelled are purged within 30 days. Synced snippets are retained on the server until deleted by you or until account disconnection; soft-deleted snippets are purged after 30 days. Synced signatures are retained on the server until replaced by you or until account disconnection.

If you use scheduling links and booking features, Hyperdrive stores:

Retention and deletion: Booking details (including encrypted guest name and email) are automatically purged 30 days after the meeting end time. Scheduling link configuration persists until you delete the link or delete your account. Expired OAuth access tokens are automatically cleared on each server cleanup cycle; refresh tokens persist (encrypted) for ongoing calendar and conferencing access until you disconnect the integration or delete your account, at which point all scheduling data (links, bookings, and tokens) is permanently deleted.

4.4 Inbox Configuration

When you customize your inbox, Hyperdrive stores:

In addition, vector configurations, sender classifications, and thread vector overrides are synced encrypted to Hyperdrive’s server at app.hyperdriveone.com for cross-device consistency. Sender classifications are stored by domain and account. Thread overrides are stored by thread identifier and account. Vector configuration is stored as one encrypted JSON blob per account. All synced classification data is deleted when you disconnect an account.

4.5 Support Communications

If you contact Hyperdrive for support via the web form, you provide:

Your license identifier and license status are automatically attached to the support email sent to our team. The content of support form submissions is not stored in our database; submissions are forwarded via email to our team using Resend (our email delivery provider) and are not retained on our servers after delivery. Your IP address is temporarily recorded for rate limiting purposes and is automatically purged.

If you contact us directly at support@hyperdriveone.com, you may also share device details, screenshots, logs, or other diagnostic information as email attachments.

We use support communications solely to respond to your inquiry and to improve the Service. We do not use support communications for marketing purposes.

4.6 Website Signup and Waitlist

If you provide your email address through the Hyperdrive website — such as by joining the waitlist, signing up for early access, or requesting a download link — Hyperdrive collects and stores:

Your IP address is temporarily recorded for rate limiting purposes and is automatically purged.

How this information is used:

Every product communication email includes an unsubscribe link. You may opt out at any time by clicking the unsubscribe link, after which no further product communications will be sent to your address. Hyperdrive does not sell, rent, or share website signup email addresses with third parties for their own marketing purposes.

5. Information Hyperdrive Collects Automatically — Local Storage

5.1 Local SQLite Database

Hyperdrive maintains a local SQLite database (hyperdrive.sqlite) as a cache and feature store. The database is located at ~/Library/Application Support/Hyperdrive/ and operates at schema version 36 as of the date of this Privacy Policy. The database uses Write-Ahead Logging (WAL mode) for concurrent access. This database stores the following categories of information:

Email data:

Contact data:

Scheduling and workflow data:

AI and classification data:

Slack data (if Slack is connected):

Calendar data (if calendar features are used):

User interface and performance data:

Additional local files (outside the SQLite database but within Application Support):

5.2 Credential Storage (macOS Keychain)

Hyperdrive stores OAuth tokens and related sensitive credentials using the macOS system Keychain, backed by Apple's Security framework (Security.framework). All Keychain items are stored with the accessibility level kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which means:

The following credentials may be stored in the Keychain:

Credential Type Keychain Service Key Sensitivity
Gmail OAuth access token com.hyperdrive.gmail.{account_id} Critical
Gmail OAuth refresh token com.hyperdrive.gmail.{account_id} Critical
Gmail token expiration com.hyperdrive.gmail.{account_id} Low
Gmail account email address com.hyperdrive.gmail.{account_id} Personal
Slack user token, workspace identifier, and workspace name com.hyperdrive.slack.{workspace_id} Critical
Custom AI API key (if configured) com.hyperdrive.ai-api-key Critical
Zoom OAuth access and refresh tokens, token expiration, and Zoom email address (if Zoom is connected) com.hyperdrive.zoom.{account_id} Critical
License key, license identifier, activation identifier, activation secret, lease token, lease signature, and clock-drift guard timestamp com.hyperdrive.license Critical
Trial validation timestamp, days remaining, clock-drift guard timestamp, trial email address, and cumulative clock drift com.hyperdrive.trial Personal
Per-account Bearer tokens for server-side deferred actions (snooze, reminders, scheduled send) com.hyperdrive.deferred Critical
Scheduling API Bearer token (if scheduling links are configured) com.hyperdrive.scheduling.{account_id} Critical

5.3 UserDefaults Preferences

Hyperdrive stores application preferences using macOS UserDefaults, persisted at ~/Library/Preferences/com.hyperdrive.app.plist. This may include:

UserDefaults data is stored in a standard macOS preference file and is not encrypted beyond macOS filesystem-level protections.

5.4 Remote Image Behavior

By default, Hyperdrive blocks all remote images in emails using a Content Security Policy (CSP) that restricts image sources to data: URIs and cid: (Content-ID) inline images only. This default protects you from tracking pixels and remote image-based surveillance embedded in incoming emails.

If you choose to whitelist a specific sender (by email address) or an entire domain for remote image loading, the application relaxes the CSP to permit loading images over HTTP and HTTPS for those specific emails. A domain-level whitelist entry applies to all senders at that domain. When remote images are loaded, your device connects directly to the third-party server hosting those images (Hyperdrive does not proxy remote image requests), and the following information may be revealed to that server:

Whitelist entries are stored locally in the SQLite database, with separate entries for sender-level and domain-level whitelisting. A separate whitelist is maintained for the “view original” email formatting feature, which permits loading the email’s original HTML rendering (including remote resources) for whitelisted senders or domains.

5.5 Unsplash Photo Cache

Hyperdrive caches a single daily photo from Unsplash for its inbox-zero celebration feature. The photo is fetched from the Hyperdrive server (which caches a daily photo selected at midnight UTC) and stored locally in two files within ~/Library/Caches/Hyperdrive/inbox-zero/:

The cache is refreshed when a new daily photo is available, which occurs at minimum once every 24 hours and additionally on application launch and system wake. When a new photo is fetched, any previously cached image files are automatically deleted. This cache does not contain personal information.

6. Information Collected and Stored on Hyperdrive Servers

Hyperdrive uses server-side infrastructure for specific features that require persistent state beyond your local device or that enable functionality when your device is offline. The server infrastructure consists of Cloudflare Workers (for compute), Cloudflare D1 (for managed SQLite database storage at the edge), and Cloudflare R2 (for object storage of file attachments on scheduled messages).

All server-side functionality is served by a single Cloudflare Worker at app.hyperdriveone.com. This Worker handles:

6.1 Email Tracking Data

If you use email tracking features, Hyperdrive stores the following data on Hyperdrive servers:

Pixel registration data (stored when you send a tracked email):

Open event data (stored when a recipient opens a tracked email):

Click event data (stored when a recipient clicks a tracked link):

Retention: All email tracking data — pixel registration records, open events, and click events — is automatically deleted after 90 days via an automated retention cleanup process. See Section 16 for full retention details.

Encryption at rest: When a server-side encryption key is available, recipient email addresses are encrypted using AES-256-GCM before storage (in the recipient_encrypted column). In this case, the plaintext recipient column is set to null. When the encryption key is not configured, recipient email addresses are stored in plaintext. Encrypted recipient data is decrypted server-side when you query your tracking results via the authenticated API.

Data minimization note: Email subject lines are stored in the server-side pixels table. This data is not strictly necessary for open detection (which requires only the pixel identifier) but is stored to provide richer reporting to the sender.

6.2 Contact Enrichment Cache

If contact enrichment is enabled and a contact lookup is performed through Gravatar, the following data is cached server-side:

Contact PII (name, company, title, location, social profile data, and photo URL) is encrypted at rest into a single encrypted blob using AES-256-GCM before storage. The individual plaintext columns are retained for backward compatibility with pre-encryption records but are set to null for new entries. This cache is designed to expire and be refreshed after 30 days.

6.3 Scheduling System Data

For scheduling features, Hyperdrive stores the following server-side:

Google Calendar and Zoom OAuth tokens stored server-side are encrypted at rest using AES-256-GCM with keys derived from per-account random salts and the environment-level encryption key. Booking guest data (name and email) is encrypted using AES-256-GCM with per-row salts.

6.4 Licensing and Trial Data

Hyperdrive stores the following licensing-related data server-side:

6.5 AI Usage Metering

Hyperdrive logs the following information server-side for each AI feature request processed through the server proxy:

Important: AI usage metering logs the metadata about AI requests (which features were used, how many tokens were consumed) but does not log the content of AI requests or responses. The actual email content, prompts, and AI-generated text are not stored server-side.

AI usage metering data is currently stored without a defined expiration period. This data can be queried via an authenticated API endpoint.

6.6 Synced Snippets

Hyperdrive stores the following data server-side for each synced text snippet:

Retention: Synced snippets are retained until deleted by the user or until account disconnection. Soft-deleted snippets (deleted flag = 1) are purged after 30 days. All snippet data for an account is permanently deleted when the account is disconnected via the self-service account deletion endpoint.

6.7 Synced Signatures

Hyperdrive stores the following data server-side for each synced email signature:

Retention: Synced signatures are retained until replaced by the user or until account disconnection. All signature data for an account is permanently deleted when the account is disconnected via the self-service account deletion endpoint.

7. How Hyperdrive Uses Information

Hyperdrive uses the information it collects for the following purposes:

Core email client functionality:

Inbox organization and productivity:

Slack integration:

Scheduling:

Calendar integration:

Contacts integration:

AI-powered features:

Contact enrichment:

Email tracking:

Licensing and subscription management:

Security, integrity, and operations:

Communications:

Hyperdrive processes personal information under one or more of the following legal bases, depending on the specific processing activity and applicable jurisdiction:

Performance of a contract (Article 6(1)(b) GDPR):

Legitimate interests (Article 6(1)(f) GDPR):

When relying on legitimate interests, Hyperdrive has conducted a balancing assessment and concluded that these interests are not overridden by your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests (see Section 20).

Consent (Article 6(1)(a) GDPR):

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Compliance with legal obligations (Article 6(1)(c) GDPR):

Because Hyperdrive processes sensitive communications data, including the content of private emails and messages, you should use Hyperdrive only if you have the legal authority and right to access, process, and transmit the content you access through the Service.

9. Third-Party Services and Data Sharing

Hyperdrive interacts with multiple third-party services to provide its functionality. When you enable features that involve third-party services, data is transmitted to those services as necessary. Hyperdrive does not sell, rent, or trade your personal information to third parties for their own marketing purposes.

9.1 Google (Gmail API, Calendar API, and People API)

When you connect a Google account, Hyperdrive communicates with Google’s Gmail API, Calendar API, and People API over HTTPS using OAuth 2.0 authentication. The OAuth authorization flow uses a system-managed secure browser session.

OAuth scopes requested:

Data transmitted to Google may include:

9.2 Slack API

If you connect a Slack workspace, Hyperdrive communicates with the Slack API over HTTPS. The Slack OAuth token exchange is handled server-side through Hyperdrive servers to keep credentials out of the client application.

OAuth scopes requested: Hyperdrive requests read, write, and history access to public channels, private channels, direct messages, and group direct messages; permission to send messages and post reactions on your behalf; and access to user profile information and email addresses.

Data transmitted to Slack may include:

Slack user tokens do not expire and remain valid until you revoke them through Slack’s app management interface or disconnect the workspace in Hyperdrive.

9.3 OpenAI (via Server Proxy)

If you use cloud-based AI features, Hyperdrive sends data to Hyperdrive servers, which forward requests to OpenAI’s API. The OpenAI API key is stored server-side and is never present in the client application. On-device AI features do not use the server proxy and do not transmit data to OpenAI. The specific data transmitted depends on the feature and is detailed in Section 10.

Hyperdrive servers log metadata about AI requests (account identifier, feature name, model used, token counts, and estimated cost) but do not log or store the content of prompts, email content, or AI-generated responses. Email content passes through the server proxy transiently and is not persisted.

Custom AI tier: If you provide your own API key and optional custom endpoint URL, Hyperdrive sends AI requests directly to the endpoint you configure, bypassing the Hyperdrive proxy. In this configuration, Hyperdrive does not receive, process, or meter your AI requests. You are solely responsible for evaluating the privacy and security practices of any custom endpoint you configure.

9.4 Gravatar (Contact Enrichment)

For contact enrichment, Hyperdrive sends a cryptographic hash of the contact’s email address to the Gravatar API. The email address itself is not sent — only its hash. Gravatar returns publicly available profile information, which may include: name, company, title, location, photo URL, and social profile links.

Contact enrichment data is encrypted at rest and cached server-side for up to 30 days before automatic expiration.

Gravatar’s operator (Automattic) may be able to correlate the hash with known email addresses if those addresses are registered in the Gravatar system.

9.5 Unsplash (Inbox Zero Photos)

Hyperdrive displays photographs from Unsplash for the inbox-zero celebration feature. The Hyperdrive server fetches and caches a daily photo from the Unsplash API. Your device downloads the image directly from Unsplash’s CDN, which exposes your IP address to Unsplash’s infrastructure. No personally identifiable user data is included in requests to Unsplash.

9.6 Stripe (Payments)

If you purchase a Hyperdrive subscription, payment processing is handled entirely by Stripe. Hyperdrive does not receive, process, or store your payment card details, bank account information, or other payment instrument data.

Hyperdrive receives and stores Stripe customer, subscription, and payment intent identifiers for subscription management. Stripe notifies Hyperdrive of subscription lifecycle events (creation, cancellation, updates) via authenticated webhooks.

After successful payment, a license confirmation email is sent to you via Resend, a third-party email delivery service. The confirmation email does not contain your license key. Resend receives your email address and the email content for delivery purposes; Resend’s privacy policy governs their handling of this data.

9.7 Cloudflare (Infrastructure)

Hyperdrive servers run on Cloudflare infrastructure. As part of providing its services, Cloudflare may process IP addresses, request metadata, and timing information. Cloudflare processes data at global edge locations; Cloudflare’s privacy policy governs its handling of this data.

9.8 HuggingFace (Model Download)

On Apple Silicon Macs, Hyperdrive performs a one-time download of an on-device language model from HuggingFace. Only standard HTTP request headers (including your IP address) are transmitted; no email content, account information, or personal data is sent. After the initial download, the model operates entirely offline. HuggingFace’s privacy policy governs their handling of download request metadata.

9.9 Sparkle (Software Updates)

Hyperdrive uses the open-source Sparkle framework for automatic software updates. Sparkle periodically checks for updates from Hyperdrive’s server. Data transmitted is limited to standard HTTP request headers (including app version, macOS version, and your IP address). No system profiling or hardware inventory data is sent. Update binaries are cryptographically verified before installation.

9.10 Services Hyperdrive Does NOT Use

Hyperdrive does not integrate with or transmit data to:

10. Artificial Intelligence and Machine Learning Features

Hyperdrive offers AI-powered features that use a combination of on-device machine learning models and cloud-based language models (OpenAI, accessed through the Hyperdrive server proxy, or your custom endpoint if configured).

On-device AI features process data entirely on your Mac using bundled or locally downloaded ML models. No email content leaves your device for these features. On-device AI features include email classification (sender categorization, cold pitch detection, and inbox vector assignment).

Cloud AI features transmit portions of your email or Slack content to OpenAI for processing through the Hyperdrive server proxy. Cloud AI features include draft reply generation, email rewriting, thread and Slack summarization, calendar event extraction, search query translation, smart vector predicate generation, cloud sender classification, and ambiguous cold pitch body classification.

Cloud sender classification: When Hyperdrive encounters unknown senders not yet in the local classification cache, it may send sender email addresses and up to 3 sample subject lines per sender to OpenAI via the server proxy for batch classification. On-device models and heuristics handle the majority of classifications without transmitting any data. Email bodies are not sent for batch sender classification.

Cold pitch body classification: For emails where on-device heuristic scoring produces an ambiguous cold pitch result (score 2–3 out of 10+), Hyperdrive may transmit up to 500 characters of de-identified email body text to OpenAI via the server proxy for a definitive pitch determination. Before transmission, personally identifiable information is removed: email addresses are replaced with [email], phone numbers with [phone], URLs with [url], and email signatures are stripped. The sender’s domain (not full email address) and the email subject line are also sent. This feature is invoked only for emails from senders you have not previously corresponded with, who have sent fewer than 5 emails, and whose message format and content match cold outreach patterns. The result (cold_pitch or other) is cached locally and synced across devices. Feature identifier: classify_pitch_body. Model: GPT-4.1-mini.

Consent: Draft reply generation, email rewriting, thread and Slack summarization, calendar event extraction, and search query translation are gated by the AI consent panel (Settings → Privacy); disabling AI in settings prevents these features from functioning. Smart vector predicate generation requires explicit user action to invoke but is not gated by the AI consent panel. Cloud sender classification and cold pitch body classification run automatically when AI features are enabled. On-device AI features run automatically without a separate consent gate, as no data leaves your device.

10.1 Cloud AI Features — Data Sent per Feature

When you use a cloud AI feature, Hyperdrive sends limited portions of your content to the AI provider through the server proxy. The following summarizes what data is sent for each feature:

10.2 Email Classification Pipeline

Hyperdrive classifies emails into inbox vectors using a multi-layer pipeline that prioritizes on-device processing. Most emails are classified without any data leaving your device.

On-device processing (no data transmitted): Your manual overrides always take precedence. Deterministic rules, heuristic scoring, and bundled machine learning models classify the majority of emails entirely on-device. On Apple Silicon Macs, a locally downloaded language model provides additional classification for ambiguous cases.

Cloud classification (data transmitted to the AI provider via server proxy): For senders not yet in the local classification cache, Hyperdrive may send sender email addresses and a small number of sample subject lines per sender in batches. No email body text is sent for batch sender classification. For cold pitch detection, when on-device heuristic scoring is ambiguous, up to 500 characters of de-identified email body text (with email addresses, phone numbers, URLs, and signatures removed) may be sent for a definitive classification. See Section 10 for full details on cold pitch body classification data handling.

Local caching: All classification results are cached locally indefinitely.

10.3 Smart Vector Predicate Generation

When you create a smart vector, Hyperdrive sends your natural language filter description and a sample of thread metadata (sender addresses, subject lines, dates, and short snippets) to the AI provider to generate a filter predicate. During refinement, only the current filter definition and your instructions are sent — no email content. Generated predicates are evaluated entirely locally against thread metadata thereafter.

10.4 Shared Classification Intelligence (Opt-In)

Hyperdrive offers an optional, opt-in feature that improves classification accuracy by aggregating anonymized sender category votes across participating users.

What is shared: When you opt in, your device periodically contributes sender category votes. Only a cryptographically hashed sender identifier (using a periodically rotating salt) and a category vote with differential privacy noise applied on-device are transmitted. Raw email addresses are never transmitted. Email content, bodies, subject lines, recipient information, and thread data are never shared.

Privacy protections: Differential privacy provides a mathematical guarantee that individual contributions cannot be determined from aggregate data. Results are only returned once a minimum vote threshold is reached per sender. This feature is disabled by default and requires explicit opt-in via Settings → Privacy → Shared Classification Intelligence. You may opt out at any time. Previously contributed votes cannot be individually withdrawn due to differential privacy aggregation.

11. Email Tracking and Recipient Data

Hyperdrive includes a feature that injects a tracking pixel (a 1-pixel transparent GIF image) and wraps hyperlinks in outbound emails to enable detection of email opens and link clicks.

11.1 How Tracking Works

  1. Pixel injection: When you send an email with tracking enabled, Hyperdrive appends an invisible 1x1 pixel image to the HTML body of the email.

  2. Link wrapping: All hyperlinks in the outbound email are rewritten to route through the Hyperdrive server, which records the click and redirects the recipient to the original destination.

  3. Pixel and link registration: When you send a tracked email, Hyperdrive registers the pixel and tracked links with the server. Registered data includes your account identifier, recipient email address, email subject, thread identifier, and destination URLs.

  4. Open detection: When a recipient’s email client loads the tracking pixel, the server logs an open event with a truncated IP address, user-agent string, and timestamp.

  5. Click detection: When a recipient clicks a tracked link, the server logs the click event (truncated IP, user-agent, timestamp, and destination URL) and redirects to the original URL.

  6. Reporting: Hyperdrive periodically polls the server for open events and displays a recent-opens feed in the contact pane.

11.2 Data Collected About Email Recipients

Email tracking collects the following information about recipients of your tracked emails. Recipients are third parties who have not agreed to this Privacy Policy, and this data is collected without their explicit knowledge or consent:

Hyperdrive does not automatically notify recipients that email tracking is active. The tracking pixel and link wrapping are designed to be invisible to recipients.

You can disable email tracking at any time via the “Enable read receipt tracking” toggle in Settings → Privacy. When tracking is disabled, no tracking pixel is injected and no links are wrapped in outgoing emails. Tracking is enabled by default.

You are solely responsible for complying with all laws, regulations, and policies that govern email tracking, monitoring, consent, and notice in your jurisdiction and the jurisdiction of your recipients. This may include, without limitation:

Hyperdrive is a tool. Hyperdrive does not provide legal advice, does not guarantee compliance with any particular law or regulation, and is not responsible for your use of tracking features in violation of applicable law.

12. Automated Decision-Making and Profiling

Hyperdrive employs automated classification and decision-making systems that affect which emails you see, how they are organized, and how they are prioritized. While these systems are designed to improve your productivity, you should be aware of the following automated processes:

12.1 Inbox Vector Classification

Hyperdrive automatically classifies incoming emails into inbox vectors using a combination of on-device models, heuristics, and — for unknown senders not resolved on-device — cloud-based classification. Your manual overrides always take precedence. The majority of classifications are resolved entirely on-device without any network communication. See Section 10.2 for details on what data is transmitted for cloud classification.

These classifications determine which inbox vector a given email appears in and may affect the prominence and visibility of emails in your inbox.

12.2 Cold Pitch Detection

Hyperdrive automatically detects unsolicited sales and outreach emails ("cold pitches") using on-device heuristic analysis. When on-device scoring produces an ambiguous result, up to 500 characters of de-identified email body text may be transmitted to an AI provider for a definitive classification. Emails classified as cold pitches may be de-prioritized or categorized differently in your inbox. See Section 10 and Section 10.2 for details on what data is transmitted.

12.3 Your Rights Regarding Automated Decision-Making

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Inbox classification does not produce legal effects, but it may affect which communications you see promptly. You can override any automated classification by manually moving emails between vectors or adjusting vector rules.

13. Local-Only Processing

Certain Hyperdrive features are performed entirely locally on your Mac without sending any content or data to Hyperdrive servers or any third-party service. These include:

14. Hardware Identifiers, Device Fingerprinting, and Licensing

14.1 Hardware UUID Collection

Hyperdrive licensing uses a persistent hardware identifier derived from your Mac’s platform UUID. This UUID is unique to each physical Mac and does not change across operating system reinstalls, user account changes, or application reinstalls. If the platform UUID is unavailable, Hyperdrive falls back to a randomly generated identifier that is not persisted across launches.

14.2 Data Collected for Licensing

Licensing operations transmit data to the licensing server at app.hyperdriveone.com. The exact fields vary by operation:

License activation, validation, and deactivation:

Trial start and validation: Your email address, product identifier, and machine identifier are transmitted. Your email is stored only as an irreversible hash on the server.

Checkout (purchase): Your email address, product identifier, selected plan, machine identifier, and machine name are transmitted.

License recovery: Your email address and a time-limited verification code are transmitted. Recovery codes expire after 10 minutes and are automatically deleted within 24 hours.

The combination of hardware UUID, machine name, and email address constitutes a device-level fingerprint. A hashed fingerprint is stored server-side for device identity verification.

14.3 Licensing Enforcement

14.4 Licensing Event Audit Log

The licensing server maintains an audit log of licensing events, recording the license identifier, event type, machine identifier, truncated IP address, and timestamp. This audit log is retained indefinitely.

15. Notifications

If you grant notification permission, Hyperdrive may display macOS system notifications that include:

Notification content is visible on your screen (including the lock screen, depending on your macOS notification settings) even when the Hyperdrive application is not in the foreground. You can control notification display behavior at two levels:

  1. Within Hyperdrive: Settings provide individual toggles for Gmail notifications, Slack notifications, reminder notifications, and notification sound.
  2. Within macOS System Settings: You can manage notification permissions, display style, and lock screen visibility for Hyperdrive at the operating system level.

16. Data Retention

Hyperdrive's data retention practices depend on where data is stored and the type of data.

16.1 Local Storage Retention

16.2 Server-Side Retention with Defined Periods

Data Retention Period Mechanism
Contact enrichment cache 30 days expires_at column; records refreshed on re-query after expiry
Sender classification cache (local) 30 days Local expiry; re-classified via on-device classification pipeline after expiry
Unsplash photo cache (local) 24 hours Refreshed via midnight timer and system wake events; server rotates photo daily
Rate limiting counters 1–1,440 minute sliding windows (varies by endpoint) Automatically recycled; stale records cleaned after 1 hour
Email tracking pixel registrations 90 days Automated deletion via automated retention cleanup; pixel registration records, open events, and click events older than 90 days are permanently deleted
Email open events 90 days Automated deletion via automated retention cleanup
Link click events 90 days Automated deletion via automated retention cleanup
Stale device registrations 90 days Automated deletion via automated retention cleanup; devices not seen in 90 days are removed
Admin access logs 90 days Automated deletion via automated retention cleanup
Completed scheduled messages 7 days (sent) / 30 days (failed or cancelled) Automated deletion via automated retention cleanup; associated R2 attachments are also deleted
Completed snoozes and reminders 30 days Automated deletion via automated retention cleanup after snooze has fired or been cancelled, or after reminder has fired, been skipped, or been cancelled
Synced thread overrides 365 days Automated deletion via automated retention cleanup
License recovery codes 10 minutes (expiry) / 24 hours (used codes) Automated deletion via automated retention cleanup; expired codes and codes used more than 24 hours ago are permanently deleted
Synced snippets Until deleted by user or account disconnection Deleted on user action or account disconnection via self-service account deletion endpoint
Soft-deleted snippets (deleted flag = 1) 30 days Purged after 30 days from soft-deletion
Synced signatures Until replaced by user or account disconnection Deleted on user action or account disconnection via self-service account deletion endpoint
Stripe webhook idempotency records 7 days Automated deletion via automated retention cleanup

16.3 Server-Side Data Retained Indefinitely

The following categories of server-side data do not have a defined expiration or automatic deletion schedule and are retained indefinitely:

Category What is retained Justification
Licensing and billing records License records (email address, HMAC-hashed license key, Stripe identifiers, license status, timestamps), trial records (HMAC-hashed email, machine identifier, truncated IP address), and device activation records. License and trial records are not deleted by the self-service account data deletion endpoint. Fraud prevention, subscription management, and legal compliance
Audit and security logs Licensing event logs (event type, machine identifier, truncated IP address, timestamps) and application download logs (truncated IP address, user agent, timestamp). Security monitoring and dispute resolution
AI usage metering Account-level feature usage patterns (feature name, model, token counts, estimated cost, timestamp). Content of AI requests is not retained. Cost management and service planning
Shared Classification Intelligence votes (opt-in only) Device identifier, cryptographically hashed sender token, differentially private noised category, and salt epoch. Votes are not deleted by the self-service account data deletion endpoint and cannot be individually withdrawn due to differential privacy aggregation (see Section 10.4). Aggregate classification accuracy across participating users

Hyperdrive may implement retention limits for these categories in the future. Until such measures are implemented, data is retained as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security and operational integrity.

17. Data Deletion, Export, and Account Controls

17.1 Current Capabilities

At present, the following user-initiated data management capabilities are available:

17.2 Current Limitations

At present, the following capabilities are not available:

17.3 Requesting Deletion or Export

You can export your server-side data at any time using the Export Data button in Settings → Accounts. For server-side data deletion, use the Delete Server Data button in the same location, or contact Hyperdrive at the contact details provided in Section 28.

Hyperdrive will evaluate requests consistent with applicable law, including GDPR, CCPA/CPRA, and other data protection regulations. You may be asked to verify your identity before information is provided, modified, or deleted. Hyperdrive will respond to verified requests within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA).

18. Security Measures

Hyperdrive implements a range of technical and organizational measures designed to protect your information. However, no system can be guaranteed to be completely secure, and Hyperdrive cannot guarantee the absolute security of your data.

18.1 Transport Security

18.2 Credential Storage

18.3 Cryptographic Verification

18.4 Authentication and Access Control

18.5 Email Content Safety

18.6 Rate Limiting

18.7 Your Security Responsibilities

You are responsible for:

19. International Data Transfers

Hyperdrive involves international data processing. If you are located outside the United States, your data may be transferred to, stored in, and processed in the United States or other countries. Specifically:

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: Transfers of personal data to countries outside the EEA that have not received an adequacy decision from the European Commission are conducted on the basis of appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable, or reliance on the recipient's participation in recognized frameworks. Hyperdrive does not currently maintain separate Data Processing Agreements (DPAs) with all third-party service providers and may not be able to guarantee that all sub-processors meet EEA adequacy requirements.

If you are located in a jurisdiction that restricts cross-border data transfers, you should evaluate whether use of Hyperdrive is appropriate for your regulatory requirements before using the Service.

20. Your Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR with respect to your personal data:

Right Description How to Exercise
Right of access (Art. 15) You have the right to obtain confirmation of whether we process your personal data and to access a copy of that data, along with information about the purposes, categories, recipients, retention periods, and safeguards. Contact us at the address in Section 28.
Right to rectification (Art. 16) You have the right to request correction of inaccurate personal data and completion of incomplete personal data. Contact us at the address in Section 28.
Right to erasure (Art. 17) You have the right to request deletion of your personal data where it is no longer necessary, where you withdraw consent, where you object to processing, where data was unlawfully processed, or where deletion is required by law. Contact us at the address in Section 28. See also Section 17.
Right to restriction (Art. 18) You have the right to request restriction of processing where accuracy is contested, processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification. Contact us at the address in Section 28.
Right to data portability (Art. 20) You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. Use the Export Data button in Settings → Accounts, or contact us at the address in Section 28.
Right to object (Art. 21) You have the right to object to processing based on legitimate interests or for direct marketing purposes. Contact us at the address in Section 28. You can also disable specific features (such as AI features, Slack integration, scheduling) by disconnecting services or avoiding use of those features.
Right not to be subject to automated decision-making (Art. 22) You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. See Section 12.3. You can override any automated inbox classification manually.
Right to withdraw consent Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal. Disconnect services, disable features, or contact us at the address in Section 28.
Right to lodge a complaint You have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. Contact your local data protection authority. A list of EU data protection authorities is available at the European Data Protection Board website.

Response time: Hyperdrive will respond to verified requests within 30 days, which may be extended by an additional 60 days for complex or numerous requests, in which case we will inform you of the extension and the reasons for it.

Identity verification: To protect your privacy, we may require you to verify your identity before acting on a request. This may include confirming ownership of the email address associated with your account or license.

Current implementation status: Hyperdrive provides self-service tools for data deletion (Section 17.1) and data export (Section 17.1). For other GDPR rights not covered by in-app controls, requests are handled manually via the contact details in Section 28.

21. Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA):

21.1 Right to Know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collection, and the categories of third parties with whom we share it.

21.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as where retention is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech).

21.3 Right to Correct

You have the right to request correction of inaccurate personal information.

21.4 Right to Opt Out of Sale or Sharing

Hyperdrive does not sell your personal information and does not share your personal information for cross-context behavioral advertising purposes as those terms are defined under the CCPA/CPRA. Accordingly, there is no need to opt out of sale or sharing.

21.5 Right to Limit Use of Sensitive Personal Information

To the extent Hyperdrive processes sensitive personal information (such as email content), it does so only as necessary to provide the Service you have requested. Hyperdrive does not use sensitive personal information for purposes beyond what is necessary for the Service.

21.6 Right to Non-Discrimination

Hyperdrive will not discriminate against you for exercising any of your CCPA/CPRA rights.

21.7 Categories of Personal Information Collected

For purposes of CCPA disclosure, the following categories of personal information may be collected:

CCPA Category Examples Collected
Identifiers Email address, device identifier, IP address, license key Yes
Customer records Name, email address, subscription information Yes
Commercial information Subscription status, purchase history via Stripe Yes
Internet or electronic network activity Email tracking opens/clicks, AI feature usage, user-agent strings Yes
Geolocation data Approximate location via IP address (not precise GPS) Yes
Professional or employment-related information Job title, company (via Gravatar enrichment) Yes
Inferences drawn from personal information Inbox vector classifications, sender relationship data, AI classifications Yes
Sensitive personal information Email content, Slack message content, OAuth credentials Yes

21.8 How to Exercise Your Rights

To exercise any CCPA/CPRA rights, contact Hyperdrive at the address in Section 28. Hyperdrive will respond to verified requests within 45 days, which may be extended by an additional 45 days for complex requests.

22. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Hyperdrive is a native macOS application and does not operate as a website visited in a browser, so DNT signals from browsers are not applicable to the Hyperdrive application.

For web-based scheduling pages served at app.hyperdriveone.com, Hyperdrive does not currently respond to or alter its practices upon receiving DNT signals, as there is no industry-standard technology for honoring DNT in this context.

23. Children's Privacy

Hyperdrive is not directed to children under the age of 16 (or such other age as may be specified by applicable law) and is intended for use by individuals who can lawfully form a binding contract. Hyperdrive does not knowingly collect, solicit, or process personal information from children under the age of 16.

If you are a parent or guardian and believe that a child under the age of 16 has provided personal information to Hyperdrive through Hyperdrive, please contact us at the address in Section 28, and we will take steps to delete such information from our systems.

In the United States, the Children's Online Privacy Protection Act (COPPA) applies to children under the age of 13. Hyperdrive does not knowingly collect personal information from children under 13 in the United States.

24. Information We Do Not Collect

For transparency, Hyperdrive does not collect or access the following:

Hyperdrive does not embed any third-party advertising SDKs, analytics SDKs, crash reporting SDKs, or data broker integrations. Production dependencies include on-device machine learning libraries and models (which process data entirely locally) and the Sparkle framework (for software updates).

25. Your Responsibilities

Hyperdrive is a powerful tool that can access, modify, and generate email communications, calendar events, and Slack messages on your behalf. You are responsible for:

26. Server-Side Deferred Actions and Expanded Trust Boundary

Hyperdrive provides server-side deferred actions that operate when your Mac is offline or asleep. These features require storing certain data on Hyperdrive servers as described below.

26.1 Server-Side Capabilities

The following features are deployed and active when you enable cross-device sync:

26.2 Data Stored Server-Side

When these features are enabled:

These features require explicit user consent before activation. You may revoke access at any time by deauthorizing Hyperdrive from your Google Account security settings.

27. Changes to This Privacy Policy

Hyperdrive reserves the right to update, modify, or replace this Privacy Policy from time to time to reflect changes in Hyperdrive features, legal requirements, regulatory guidance, or operational practices.

Notification of changes: If changes are material (such as new categories of data collection, new third-party data sharing, or changes to user rights), Hyperdrive will provide notice through one or more of the following means:

Effective date: Changes will be effective as of the "Last Updated" date shown at the top of the revised Privacy Policy.

Acceptance: Continued use of Hyperdrive after an update to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue use of the Service.

We encourage you to review this Privacy Policy periodically to stay informed about our practices.

28. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or the data practices described herein, please contact:

Hyperdrive One LLC 1431 Porter Rd, Nashville, TN 37206, United States Email: support@hyperdriveone.com

Hyperdrive One LLC is the data controller for the personal data processed through the Service.

When contacting Hyperdrive:

If you are located in the EEA and are not satisfied with our response to a data protection inquiry, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at the European Data Protection Board website (https://edpb.europa.eu/).