Privacy Policy

Last Updated: January 22, 2026

        Your privacy is our priority. HypeSave uses zero-knowledge encryption to ensure your sensitive
        data remains yours alone. We cannot see your passwords, payment cards, or personal credentials – they are
        encrypted on your device before any data leaves your phone.
    

1. Introduction

HypeSave ("we," "our," or "us") operates the HypeSave mobile application (the "App"). This Privacy Policy explains how we collect, use, and safeguard your information when you use our App.

By using HypeSave, you agree to the collection and use of information in accordance with this policy.

2. Zero-Knowledge Security Architecture

🔒 Your Data, Your Keys
HypeSave employs a zero-knowledge architecture, meaning we have no ability to access your sensitive data.

2.1 How It Works

End-to-End Encryption: Your passwords, payment cards, delivery addresses, and hypermarket credentials are encrypted on your device using AES-256 encryption before being stored.
Password Protection: Your password is hashed using Argon2id (the most secure password hashing algorithm), and we store only the hash – never your actual password.
Device-Only Master Key: Encryption keys are derived locally on your device using PBKDF2 (100,000 iterations) and stored securely in your phone's Keychain/Keystore. The master key never leaves your device.
Ciphertext Storage: Our servers store only encrypted blobs. Without your device and password, this data is unreadable – even to us.
Credit Card Security: Payment card details are encrypted locally and tokenized. We never see or store your full card numbers in plaintext.

2.2 What This Means For You

If our servers were ever compromised, attackers would only find encrypted data they cannot decrypt.
We cannot recover your password if you forget it – you are in complete control.
Your hypermarket login credentials are stored encrypted in your personal vault on your device.

3. Information We Collect

3.1 Information Stored Locally (On Your Device Only)

Account Password: Encrypted with Argon2id hashing
Payment Cards: AES-256 encrypted, stored in your secure vault
Delivery Addresses: Encrypted in your local vault
Hypermarket Credentials: Encrypted credentials for partner stores (Carrefour, Panda, Lulu, Tamimi, Danube)
Shopping Lists: Your cart items and preferences

3.2 Information We Receive (Encrypted)

Encrypted Vault Blobs: Synced for backup purposes – we cannot decrypt these
Phone Number: For OTP verification and account identification
Email Address: For account recovery communication

3.3 Automatically Collected Information

Device Information: Device type, operating system for app compatibility
Usage Analytics: Anonymous usage patterns to improve the app
Location Data: Only when you permit, for delivery zone verification

4. AI Shopping Agent

        🤖 Your Personal Shopping Assistant

        HypeSave includes an AI-powered shopping agent that automates grocery shopping on your behalf – similar to how
        AI assistants like ChatGPT can perform tasks for users.
    

4.1 How the AI Agent Works

When you use HypeSave's Smart Cart feature, our AI agent:

Compares Prices: Automatically scans prices across Carrefour, Panda, Lulu, Tamimi, and Danube hypermarkets
Optimizes Your Cart: Splits your shopping list across stores to find the best total price
Automates Checkout: With your permission, places orders on your behalf using your securely stored credentials
Manages OTP Verification: Handles one-time password flows required by hypermarkets
Tracks Deliveries: Monitors your orders and notifies you of status updates

4.2 Your Control Over the Agent

You must explicitly authorize the agent to place orders
You can review and modify cart contents before any purchase
You can disable automated features at any time
All actions are logged and visible in your order history

4.3 Agent Data Handling

The agent uses your encrypted credentials only during active shopping sessions
Cart optimizations are performed using only product pricing data – not your personal information
Order confirmations and delivery details are shown to you and stored encrypted in your vault

5. How We Use Your Information

We use the collected information to:

Compare grocery prices across partner hypermarkets
Optimize your shopping cart for maximum savings
Facilitate checkout and order placement via the AI agent
Verify delivery availability to your address
Send order confirmations and delivery updates
Improve our services and user experience
Respond to customer support requests

6. Data Security

We implement multiple layers of security:

Zero-Knowledge Architecture: Sensitive data encrypted before leaving your device
AES-256 Encryption: Military-grade encryption for all stored data
Argon2id Password Hashing: State-of-the-art password protection
Secure HTTPS: All network communications are encrypted
Keychain/Keystore Integration: Master keys protected by your device's secure enclave
JWT Token Security: Short-lived access tokens with secure refresh mechanisms

7. Data Retention

We retain your account information for as long as your account is active. You may request deletion of your account and all associated encrypted data at any time through the app or by contacting us.

8. Your Rights

You have the right to:

Access: View all data stored about you (note: encrypted data can only be decrypted on your device)
Correction: Update or correct your information
Deletion: Request complete deletion of your account and data
Portability: Export your data in a portable format
Withdraw Consent: Disable AI agent features or opt out of analytics

9. Children's Privacy

HypeSave is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

10. Third-Party Services & Content

10.1 User-Authorized Agent Model

HypeSave functions as your personal shopping agent, similar to how AI assistants like ChatGPT operate when performing tasks on behalf of users. Key points:

No Third-Party Content Storage: HypeSave does not store, embed, or redistribute content from hypermarkets. All product information, prices, and images are fetched in real-time at your request.
User-Directed Access: When you browse products or place orders, the app accesses hypermarket websites on your behalf – just like a browser would.
Agent Authorization: You authorize HypeSave to act as your agent when you use the app. The app executes your shopping decisions, it does not own or license the content it displays.

10.2 Hypermarket Interactions

When the AI agent places orders on your behalf:

Your delivery address is shared with the selected hypermarket (Carrefour, Panda, Lulu, Tamimi, Danube) for order fulfilment
Payment is processed through the hypermarket's secure payment gateway
Each hypermarket has their own privacy policy governing their handling of your data
HypeSave acts as an intermediary executing your authorized requests

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or email.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@hype-save.com
Website: https://hype-save.com

13. Governing Law

This Privacy Policy is governed by the laws of the Kingdom of Saudi Arabia. Any disputes arising from this policy shall be subject to the jurisdiction of Saudi Arabian courts.