Privacy Policy

Last updated: march 15, 2024

  1. INFORMATION WE COLLECTHyperion Technologies Ltd. ("Hyperion," "we," "us," or "our") collects information necessary to provide our financial crime detection services. This includes account information such as company details and user credentials, transaction monitoring data, screening results, and customer due diligence information. We automatically collect technical data including IP addresses, browser types, and platform usage analytics to maintain service security and performance.
  2. DATA PROCESSING AND USEWe process collected data primarily to deliver our financial crime detection services and meet regulatory obligations. This processing includes risk screening, transaction monitoring, and generating compliance reports. We also use data to maintain platform security, improve our services, and generate aggregated analytics. All processing activities are conducted in compliance with applicable data protection laws.
  3. DATA STORAGE AND SECURITYHyperion maintains ISO27001 certification for our information security management system. All client data is encrypted both in transit and at rest using industry-standard encryption protocols. Our infrastructure is hosted in secure data centers located in [jurisdiction]. We implement strict access controls, regular security assessments, and comprehensive audit logging to protect client data.
  4. DATA SHARING AND DISCLOSUREWe limit data sharing to specific circumstances necessary for service operation. This includes sharing with trusted service providers who are bound by strict confidentiality agreements. We may disclose data to regulatory authorities or law enforcement agencies when legally required. Our professional advisors access data only under confidentiality obligations and solely for providing their professional services.
  5. CLIENT DATA RIGHTSEach client maintains control over their data and may exercise their rights to access, correct, or export their information through our platform interface. Clients may request deletion of their account data subject to regulatory retention requirements. We respect clients' rights to object to certain processing activities and withdraw any previously given consent.
  6. GDPR COMPLIANCEOur data processing activities comply with GDPR requirements, including maintaining valid legal bases for processing, implementing data minimization practices, and ensuring purpose limitation. We apply appropriate safeguards for any cross-border data transfers and maintain records of processing activities as required by GDPR Article 30.
  7. DATA RETENTIONWe retain active account data throughout the subscription period. Upon account termination, we delete client data within 30 days unless longer retention is required by law. System backups containing client data are retained for 90 days to ensure service reliability. We maintain certain records for extended periods to comply with regulatory obligations.
  8. COOKIES AND TRACKINGOur service uses essential cookies for platform functionality and user authentication. We employ performance monitoring tools and analytics solely to maintain and improve service quality. Users can control cookie preferences through their browser settings, though disabling essential cookies may impact service functionality.
  9. CHANGES TO THIS POLICYWe may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify clients of material changes via email at least 30 days before they take effect. Continued use of our services after policy updates constitutes acceptance of the changes.