Legal · Privacy

Privacy Policy

Last updated May 12, 2026.

The short version

  • We collect what we need to run Hylo — account info, your uploads, generation history, and payment confirmations.
  • We don't sell your data. We don't train our own AI models on your uploads.
  • Your uploads are sent to our AI generation provider to produce outputs. The provider processes them under their commercial terms and doesn't use them to train models.
  • You can export or delete your data anytime by emailing hello@tryhylo.com.

1. Who we are

Hylo (“Hylo,” “we,” “us”) is the data controller of personal information collected through tryhylo.com and the Hylo app. You can reach us for privacy matters at hello@tryhylo.com.

2. What we collect

  • Account information. Email address, password hash, name (if you provide one), profile picture (Google OAuth), and your account preferences.
  • Brand kit. Brand name, colors, voice, product categories — anything you set up during onboarding to enrich your generations.
  • Uploads. The product images, logos, and reference photos you upload for generation.
  • Generation history. Prompts, settings, generated outputs, and your edits, kept in your private library.
  • Payment information. Order IDs, transaction status, and the last 4 digits / payment-method type. We don't see or store your full card number — that stays with the payment provider.
  • Usage data. Pages visited, features used, generation success rates, approximate location (from IP), browser and device type.
  • Support correspondence. Emails and messages you send to us.

3. Why we use it

We use the data above to: provide the service (authenticate you, generate images, store your library), process payments and grant credits, send transactional and account emails, prevent fraud and abuse, improve Hylo (debug crashes, understand what features work), and comply with our legal obligations. We don't use your data for advertising profiles or sell it.

4. Who has access (sub-processors)

To run Hylo we work with a small number of trusted third-party service providers. Each is bound by a data-processing agreement that requires them to keep your data secure and use it only to provide their service to us. By category, they include providers for:

  • cloud hosting, storage, and content delivery
  • AI image and video generation
  • authentication and database
  • payment processing (regionalized by currency)
  • transactional email
  • privacy-conscious product analytics and error tracking

For a list of the specific providers we use at any given time, email hello@tryhylo.com and we'll share the current list.

5. Your uploads and AI training

When you generate an image or video, your uploaded inputs and the assembled prompt are sent to our AI generation provider for processing. Under the provider's commercial terms, they do not use the data you send to train their models.

Hylo does not train its own AI models. We don't aggregate your uploads into a training set, share them with other customers, or use them for any purpose other than delivering the output you requested.

6. Cookies and tracking

We use cookies and similar technologies for essential functions (keeping you logged in), and for analytics (understanding which features people use). See our Cookie Policy for the full list and your options for opting out.

7. How long we keep data

  • Account and brand kit data: until you delete your account.
  • Generations and library assets: until you delete them or delete your account.
  • Payment records: 7 years (required for tax / accounting compliance).
  • Logs and error reports: typically 30–90 days.

8. Your rights

Depending on where you live, you may have rights to:

  • Access — a copy of the personal data we hold about you.
  • Correct — ask us to fix inaccurate data.
  • Delete — ask us to delete your account and associated data.
  • Export — receive your data in a machine-readable format.
  • Object / restrict — ask us to stop or limit specific uses.
  • Withdraw consent — for any processing based on consent (e.g. marketing emails).
  • Lodge a complaint — with the data-protection authority in your country.

To exercise any of these, email hello@tryhylo.com from the address on your account. We'll respond within 30 days (DPDP / GDPR standard).

9. International transfers

Hylo is operated from India, with infrastructure distributed globally through trusted cloud providers. When data is transferred outside your home country, we rely on the appropriate legal mechanism (e.g., the EU Standard Contractual Clauses for transfers from the EU) and ensure each provider offers an equivalent level of protection.

10. Security

We use HTTPS everywhere, encrypted password storage, row-level access controls on every database table, presigned URLs for file access, and webhook signature verification on payment events. No system is 100% secure; if you believe your account has been compromised, contact us immediately at hello@tryhylo.com.

11. Children

Hylo is not intended for users under 16. We don't knowingly collect personal data from children. If you believe a minor has created an account, please contact us and we'll close it.

12. Changes

We'll update this Privacy Policy when our practices change. The “Last updated” date above always reflects the current version. For material changes, we'll also email account holders.

Contact

Privacy questions or data requests: hello@tryhylo.com · General support: hello@tryhylo.com