1. Who We Are
Hyper Parameter Oasis ("we", "us", "our") is operated by Ruan Haarhoff,
based in South Africa. We can be reached at
[email protected].
This Privacy Policy explains what personal data we collect, why we collect it,
how we use it, and your rights regarding it. It applies to all users of
hyperparameter-oasis.ai and its API.
2. What Data We Collect
We collect the following categories of data:
-
Account data: your email address and a hashed password,
provided when you register
-
API usage data: records of API calls made, including
timestamps, token consumption, and request metadata (e.g. IP address,
user agent)
-
Experiment data: parameter configurations and numerical
result values you submit via the API
-
Payment data: transaction records (amount, date, token
quantity) processed via our payment provider. We do not store card numbers
or payment credentials — these are handled entirely by our payment provider
-
Technical data: server logs, error reports, and session
tokens necessary to operate the Service securely
3. What We Do Not Collect
We do not collect:
- Your model weights, training data, or proprietary datasets
- Personal data about individuals within your datasets or experiments
- Sensitive personal data (health, financial, biometric, etc.)
- Data from third-party tracking or advertising networks
4. Why We Collect It (Legal Bases)
We process your data on the following legal bases:
-
Contract performance: account data, API usage data, and
payment records are necessary to provide the Service you have signed up for
-
Legitimate interests: technical and usage data is processed
to maintain security, prevent abuse, and improve the Service
-
Legal obligation: we may retain certain records as required
by applicable law
5. How We Use Your Data
Your data is used to:
- Operate and deliver the Service
- Authenticate your account and secure API access
- Manage your token balance and process payments
- Improve the platform's optimization engine using aggregated,
anonymised experiment history
- Detect and prevent fraud and abuse
- Respond to support requests
- Meet legal and regulatory obligations
6. Third-Party Processors
We share data with third parties only where necessary to operate the Service:
-
Payment provider (Paddle): payments are processed by Paddle.com
Market Limited ("Paddle"), who act as Merchant of Record for all transactions.
Paddle receive your email address and payment details directly. Their privacy
policy governs their data use and can be found at
paddle.com/legal/privacy
-
Hosting infrastructure: the Service runs on Google Cloud
Platform (GCP). Data is stored and processed on GCP servers
-
Cloudflare: network traffic passes through Cloudflare for
security and performance purposes
We do not sell, rent, or share your personal data with any third party for
marketing or advertising purposes.
7. Data Retention
We retain your data for as long as your account is active, plus:
- Payment and transaction records: 7 years (legal/tax obligation)
- API usage logs: 12 months rolling
- Server and security logs: 90 days rolling
- Experiment data: retained until you delete your account or request deletion
8. International Transfers
We are based in South Africa. Your data may be processed on servers located
in the United States or European Union via our infrastructure providers.
Where data is transferred outside your jurisdiction, we rely on our providers'
compliance frameworks (including Standard Contractual Clauses where applicable)
to ensure adequate protection.
9. Your Rights
Depending on your location, you may have the following rights regarding your
personal data:
- Access: request a copy of the data we hold about you
- Correction: ask us to correct inaccurate data
- Deletion: request deletion of your account and associated data,
subject to legal retention obligations
- Portability: receive your experiment data in a structured,
machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request that we limit processing in certain
circumstances
To exercise any of these rights, contact us at the address below. We will respond
within 30 days. If you are in the EU or UK, you have the right to lodge a complaint
with your local data protection authority.
10. Cookies and Local Storage
We use session cookies strictly necessary to authenticate your account. We do not
use tracking cookies, advertising cookies, or third-party analytics cookies.
We use browser local storage to remember your UI preferences (e.g. colour theme).
No personal data is stored in local storage.
11. Security
We implement reasonable technical and organisational measures to protect your data,
including encrypted connections (TLS), hashed password storage, and restricted
access to production systems. No system is completely secure; in the event of a
data breach that affects your rights, we will notify you as required by law.
12. Children
The Service is not directed at children under 16. We do not knowingly collect
personal data from anyone under 16. If you believe we have done so inadvertently,
please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will indicate the date
of the most recent update at the top of this page. Continued use of the Service
after changes are posted constitutes acceptance of the updated policy. For
material changes, we will attempt to notify you by email.