Skip to main content

Privacy Policy

Last updated: 8 June 2026

1. Who We Are

Hypno Admin Pro is operated by Dante Harker (“we”, “us”, “our”). You can contact us at info@hypnoadminpro.com.

Our roles on the US service. You are responsible for your professional relationship with your clients and for the client information you enter. We provide the software platform and act as a business associate when we handle protected health information on your behalf, under our HIPAA-aligned infrastructure and agreements. See our Security, Privacy & Support page for plain-English detail.

The Hypno Admin Pro website and application software were created by Ammati (ammati.com).

2. What Data We Collect

Account information

When you register, we collect your name and email address. Authentication is handled by Amazon Cognito; we do not store your password directly.

Content you create

Scripts, client records, session notes, audio files, and other content you create within the Service are stored in your account.

Payment information

Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never store your card details. Stripe's privacy policy governs their handling of your payment data.

Usage data

We track how many times you use AI-powered features (e.g. script generations, audio creations) to enforce trial limits. For the public website and app shell we use Vercel Web Analytics (aggregated page views and related technical data) and Vercel Speed Insights (anonymous performance metrics such as Web Vitals). Per Vercel's documentation, these products do not use analytics cookies and do not identify you personally; data is used in aggregate to run and improve the Service.

3. How We Use Your Data

  • To provide and operate the Service.
  • To process your subscription and payments.
  • To send you service-related emails (e.g. trial expiry reminders, important updates).
  • To enforce usage limits during your trial period.
  • To improve and develop the Service.

We use your data only to provide and improve the Service, process payments, send service-related messages, and enforce trial and plan limits. We do not sell your personal data.

4. AI Processing

When you use AI features (script generation, affirmations, etc.), the prompts and parameters you provide are sent to OpenAI for processing. OpenAI's API data usage policy applies. We do not send your client names, personally identifiable information, or session notes to AI providers unless you explicitly include them in a prompt.

Reflection Room: Conversations in the Reflection Room are processed by OpenAI. By default a conversation is not saved — it exists only in your browser session and is discarded when you leave the page. If you choose to save and link a conversation to a client (or to “General”), the thread and its messages are stored securely in your account so you can return to them later. Saved threads are private to your account under account-scoped access controls in the application, and you can delete any thread at any time.

5. Data Storage & Security

On the US service, account data is stored in AWS RDS, files in AWS S3, and authentication in Amazon Cognito — under our HIPAA Business Associate Agreement with AWS. All connections use HTTPS encryption. Access is scoped in application code so you can only reach your own workspace.

For a plain-English overview of security, support, breach preparedness, AI processing, and compliance boundaries, see our Security, Privacy & Support page.

6. Third-Party Services

We use the following third-party services that may process your data:

  • Amazon Web Services — authentication (Cognito), database (RDS), and file storage (S3).
  • OpenAI — AI content generation (scripts, affirmations, audio voice synthesis).
  • Stripe — payment processing and subscription management.
  • Resend — transactional email delivery (for example booking confirmations and reminders, which may include a client's name, email, and appointment details).
  • Trigger.dev — runs background jobs such as script and audio generation.
  • Google Cloud Text-to-Speech — optional voice synthesis used only when you choose an AI-voice option to turn script text into audio.
  • Vercel — hosting, deployment, Web Analytics (aggregated traffic), and Speed Insights (anonymous performance data). See Vercel's Web Analytics privacy information and Speed Insights privacy information.
  • Google — where you connect Google features (for example Google Calendar), Google may process data according to your Google account settings. Our commitment under the Google API Services User Data Policy (including Limited Use) is stated on our Google API limited use disclosure.

7. Your Rights

You can access, correct, export, and delete your account data from the Service. Email info@hypnoadminpro.com if you need help exercising your rights under applicable US privacy law.

If you store client health information in the Service, you remain responsible for your professional and HIPAA obligations toward your clients; we support those obligations as your business associate where a BAA is in place.

8. Data Retention

We retain your account and content data for as long as your account is active. If you cancel your subscription, your data remains accessible for 90 days. After that, we may delete it. If you request account deletion, we will remove all your personal data within 30 days.

9. Cookies and similar technologies

We use essential first-party cookies so the Service can work: for example, Cognito authentication and session cookies when you sign in, and a short-lived cookie to remember UI preferences (such as sidebar layout) where applicable. These are strictly necessary for the Service you have asked us to provide.

Vercel Web Analytics and Speed Insights are configured as described in section 2; according to Vercel, they do not use third-party or advertising cookies for analytics. We do not use advertising or social tracking cookies.

If we introduce any new non-essential cookies or similar technologies (for example optional marketing or cross-site tracking), we will update this policy and, where applicable law require it, ask for your consent before they run.

10. Children

The Service is not intended for anyone under 18 years of age. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or through the Service. The “Last updated” date at the top will always reflect the most recent version.

12. Governing Law

This Privacy Policy is governed by the laws of England and Wales, regardless of your country of residence or where you access the Service. This is without prejudice to your UK data protection rights described in this policy, or any mandatory rights under the law of your country that cannot lawfully be excluded.

13. Contact

For any privacy-related queries, please contact us at info@hypnoadminpro.com.