HyperCloud PRIVACY POLICY

Last Updated: 2026.06.23

 

Introduction

Welcome to HyperCloud platform! Your privacy matters to us.

This Privacy Policy explains how HyperStrong International (Germany) GmbH ("we," "us,", "our", or "HyperStrong International") collects, uses, and shares your personal data when you use our Services.

Scope

This Policy applies to personal data we collect when you use or interact with the following services (collectively, the "Services"):

The Entity Responsible for Your Personal Data

The entity responsible for your personal data is HyperStrong International (Germany) GmbH, located at

Updates

We recognize that data privacy is an ongoing responsibility. We may update this Policy from time to time to reflect changes in our new practices or to comply with new applicable laws. If we make changes, we will notify you by revising the "Last Updated" date at the top of the policy. If we make material changes, we will provide you with additional notice (such as sending you an email, providing a prominent notice on our Services, or via other appropriate communication channels). We encourage you to review this Policy whenever you access the Services or otherwise interact with us to stay informed. Where required by applicable law, we will obtain your consent for material changes. Otherwise, your continued use of the Services after the updated policy takes effect indicates your acknowledgment of the changes. If you do not agree to the updated policy, you must stop accessing or using the Services.

Language

If this Policy is available in more than one language, and there is any conflict between versions, the English version controls unless applicable law requires otherwise.

Supplemental Terms

This Policy applies globally, but local laws may require different treatment of your data. Please check the Supplemental Terms section to see if specific terms apply to your region. If there is a conflict between this Policy and the Supplemental Terms, the Supplemental Terms will prevail for users in that region.

This Privacy Policy will help you understand:

  1. What Data We Collect
  2. How We Use Your Data
  3. How We Share Your Data
  4. Data Transfers
  5. Your Rights and Choices
  6. Data Security and Retention
  7. Children's Privacy
  8. Updates
  9. Contact Us
  10. Supplemental Terms

1. What Data We Collect

Generally, we collect your personal data in three ways: (1) data you provide to us directly; (2) data we automatically collect; and (3) data from other sources (for example, third parties, publicly available sources, or data we infer or derive from existing data). The specific types of data we collect depend on how you use our Services, and the data types and collection channels are described below.

Data You Provide to Us

When youPersonal data we collect
Create an account, assign roles, or configure access permissionsAccount and business contact information, such as name, phone number, email address, company name, job title, user type, account role, authentication credentials, such as password credentials stored in hashed form, and invitation code.
Maintain account information or change passwordsAccount management information, such as name, phone number, email address, company name, job title or role, and authentication credentials, such as password credentials stored in hashed form.
Sign in to the ServicesLogin credentials and authentication information, such as username, password credentials stored in hashed form, and related authentication records.
Request account deletionAccount deletion request information, such as user account, name, phone number, email address, deletion request ID, request time, processing status, and deletion operation log.
Create or maintain power station project informationPower station project information, such as power station name, power station location or address, and latitude and longitude coordinates of the power station. To the extent that such information does not identify any natural person, it is not personal data.
Configure recipients for equipment alarms or offline alertsNotification recipient information, such as recipient name, account used for app push notifications, phone number for SMS notifications, email address for email notifications, and WeCom account or webhook address for group notifications.
Configure recipients for O&M reportsReport recipient information, such as recipient name, account used for app push notifications, phone number for SMS notifications, email address for email notifications, and WeCom account or webhook address for group notifications.
Create, assign, track, or close alarm work ordersWork-order information, such as reporter name and contact phone number, handler account and name, work-order handling records, troubleshooting notes, operating steps, closure reason, and creation or update time.
Use fault retrieval or troubleshootingSearch and retrieval information, such as querying operator account, query time, and query content, including fault codes, fault descriptions, or other information entered for troubleshooting.
Enter or configure electricity price information or templatesConfiguration operation information, such as operator name and account, operation time, operation type, configuration change details, electricity price template creator account, and creation time.
Use the AI assistantAI assistant conversation information, such as conversation account, conversation content entered by the user, equipment numbers, fault descriptions or other information included in the conversation, conversation time, and AI response content. Please do not include unnecessary personal data or sensitive personal data in AI assistant conversations.
Create, assign, execute, review, or archive inspection and O&M tasksInspection and O&M records, such as inspection plan information, assigned personnel information, inspector name and account, execution time, inspection item names and results, inspection conclusions and recommendations, on-site inspection photos, electronic signature data where applicable, report numbers, and related creation, update, submission, and archiving records.
Use remote strategy dispatch or equipment operation featuresRemote operation and strategy dispatch records, such as operator name and account, operation time, operation type, target equipment number, operation result status, and related operation logs.

Automatically Collected Data

When you use our Services, we automatically collect certain information about your device and how the Services are used. We collect this information to operate the Services, keep them secure, maintain login status, send necessary service notifications, troubleshoot faults, improve system reliability, and support audit and traceability requirements.

CategoryPersonal data we collect
Login and authentication informationUsername, user account or ID, login IP address, authentication events, login time, and related security records.
Platform and app operation logsUser account or ID, operation time, operation type and content, client IP address, accessed page or feature path, feature operations, and related system activity records.
Work-order and O&M activity recordsCreation, assignment, handling, update, and closure records generated when users operate alarm work orders or O&M features.
Fault retrieval logsQuerying operator account, query time, query content, fault code, fault description, and related retrieval or tracing records generated when users search fault records or troubleshooting information.
Remote operation and strategy dispatch logsOperator name and account, operation time, operation type, target equipment number, operation result status, and related operation logs generated when users configure charge/discharge strategies, issue remote commands, perform start/stop control, execute equipment operations, or review operation results.
Electricity price configuration logsOperator name and account, operation time, operation type, configuration change details, template creator account, and creation time generated when users configure electricity price strategies or templates.
Mobile app device and push notification informationMobile device identifier, operating system version, app version number, push notification token, and the user account bound to the device.
Web session and cookie informationSession token, user account ID, login IP address, browser User-Agent string, access time, accessed page or feature path, operation records, username, first-time visit status, and consent records.
Service notifications and message logsRecords relating to alarm notifications, work-order notifications, inspection-task notifications, O&M report notifications, and related push or message logs.

We use cookies and similar technologies on the web platform. Cookies are small text files sent by the server to the user's browser and stored on their device. Essential cookies are used to maintain login status, support session security, and provide the Services. Where we use non-essential cookies or similar technologies, we will obtain consent where required by applicable law. You can adjust your choices and withdraw or change your consent anytime via Cookie Settings without affecting the lawfulness of processing before withdrawal. Please see our Cookie Notice for full details.

Data From Other Sources

We may receive or generate certain personal data from the following sources in connection with the provision and administration of the Services:

2. How We Use Your Data

We use your personal data to operate, provide, maintain, and improve our Services. Depending on how you use our Services, we process this data to deliver core functionalities, fulfill your requests, and provide necessary customer support. Furthermore, we may use your data to safeguard our platform, enforce our policies, analyze service performance, and comply with applicable legal obligations.

In particular, we use your personal data for the following purposes:

3. How We Share Your Data

We value your trust and want to be transparent about the categories of recipients with whom we share personal data and the purposes for which we do so. We share your personal data only where necessary to operate, provide, maintain, secure, and improve the Services, to support your organization's use of the Services, or where required or permitted by applicable law.

Where service providers process personal data on our behalf, they do so under our instructions and contractual safeguards. Where a recipient processes personal data as an independent controller, it is responsible for its own processing of your personal data and may provide its own privacy policy.

Your Organization and Authorized Users

The Services are provided in a B2B context. This means that your organization, its authorized administrators, and other authorized users may be able to access certain information relating to your use of the Services, depending on their roles and permissions.

For example, we may share or make available to your organization and authorized users account information, role and permission information, power station project information, inspection plans, inspection records, inspection reports, alarm work-order records, O&M report information, remote operation records, electricity price configuration records, fault retrieval records, and other records necessary to administer the Services, manage O&M activities, maintain traceability, and support service delivery.

Service Providers and Business Partners

We share data we collect with service providers and business partners as necessary to help us perform business operations and for business purposes. These third parties include:

Business Changes

If our company goes through a business change—such as selling a website/app, merging with another company, reorganizing, selling assets, or, in rare cases, bankruptcy—we may share all of your information we have collected as part of that deal.

Our Company Family (Affiliates)

We may share your data with our parent company or subsidiaries. If we do, they must follow the rules in this Policy.

Law and Safety

We may disclose the personal data we collect when we are required to do so by law, such as in response to court orders, subpoenas, legal process, or inquiries from law enforcement or government authorities. We may also use or share such personal data to protect the rights, safety, and security of us, our affiliates, our users, or the public. We may also share personal data where necessary to enforce any terms applicable to the Services, exercise or defend legal claims, or comply with applicable law.

With Your Consent

We will share your personal data with other third parties only if we have your explicit permission to do so.

4. Data Transfers

We store the data described in the "What Data We Collect" section in servers located in EU. To provide our Services, your data may be transferred to and processed by entities outside your country. We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.

5. Data Security and Retention

We take the security of your data seriously. We use appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse.

Our commitment to safeguarding your data is validated by the following independent certifications and assessments:

No method of data transmission or storage is 100% secure. While we work to protect your data, we cannot guarantee absolute security. Please safeguard your account information, including your username and password, and notify us promptly of any unauthorized use.

We store your data for as long as needed to provide our Services and meet legal requirements. Our retention periods are determined by the nature of the service, legal record-keeping needs, and the necessity of resolving disputes or enforcing agreements, as governed by law.

We may retain personal data where required to meet legal, accounting, or reporting obligations, or where retention is necessary for archiving in the public interest or for scientific, historical, or statistical research purposes.

6. Your Rights and Choices

You have rights and choices when it comes to your personal data.

Your rights may include:

These rights are not absolute and are subject to conditions or limitations as specified in applicable laws.

To exercise any of your rights, you can submit a request by email at cloud@hyperstrong.com. We will respond to your request consistent with applicable law. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

If a request is clearly unreasonable or excessive (for example, repeated requests), we may not act on it. We may also charge a reasonable fee to cover the time and effort needed to respond. We encourage you to "Contact us" if you are not satisfied with how we have responded to any of your rights requests.

Account Settings

You may be able to access, review, update, and correct certain account information through your account settings. In a B2B context, some account information, roles, permissions, and notification settings may be managed by your organization or its authorized administrators.

Account Deletion

You may request deletion or deactivation of your account through your account settings or by contacting us. After your account is deleted, we will delete or anonymize your personal data in accordance with applicable law, our contractual obligations, and our retention rules.

AI Training and Optimisation Choices

Where required by applicable law, we will ask for your consent before using AI assistant conversation data for model optimisation, model training, product improvement, or non-essential personalisation. You may withdraw your consent at any time through the relevant settings or by contacting us.

Device Permissions

You can control certain data collection through your device settings. For example, you can turn off push notifications, camera access, photo or file access, or other permissions at any time. If you turn off a permission, some features may not work properly.

7. Children's Privacy

Our Services are intended for a general audience and are not directed at children or teens under the age of 18 or the applicable age limit in your jurisdiction. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us. If we become aware that personal data has been collected from a child without verifiable parental consent, we will delete such data.

8. Updates

We recognize that data privacy is an ongoing responsibility. We may update this Policy from time to time to reflect changes in our data processing practices or to comply with new data protection laws. If we make changes, we will notify you by revising the "Last Updated" date at the top of the Policy. If we make material changes, we will provide any additional notice required by applicable law. We encourage you to review this Policy whenever you access the Services or otherwise interact with us to stay informed about our latest data processing practices. The updated Policy will take effect from the date stated above or otherwise notified to you. Where required by applicable law, we will obtain your consent before applying material changes to processing activities that require consent.

9. Contact Us

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue:

10. Supplemental Terms

European Economic Area (EEA), Switzerland, and UK

For users residing in European Economic Area (EEA), Switzerland, and UK, these jurisdiction-specific terms shall apply to you. In the event of any inconsistency between this Appendix and the main text, this Appendix shall prevail.

Data Controller, Collection, Use, Disclosure, and Retention of Personal Data

For information regarding the Data Controller and their contact details, the categories of personal data we process, the purposes of processing, the categories of recipients of personal data, and the criteria used to determine the retention period of personal data, please refer to the following sections of the main Privacy Policy:

Legal Basis for Processing

We can only use your personal data when we have a valid legal reason, also known as a "legal basis". We use different legal bases depending on why we use your personal data. The legal bases we rely on include contractual necessity, legitimate interests (ours, yours or those of another party), consent, compliance with a legal obligation, performing a task in the public interest, and protection of vital interests.

Here we explain the legal bases we rely on when we process your personal data for the purposes set out in "How We Use Your Data" in the main Privacy Policy.

Necessary to Perform Our Contract with You

Where you enter into Terms with us, or where processing is necessary to provide the Services requested by you in connection with you or your organization's use of the Services, we use your personal data to:

  1. create, register, and maintain your user account;
  2. assign roles, configure access permissions, manage account tiers, and administer enterprise-level user access;
  3. verify your identity, authenticate your login, maintain your login session, and grant access to platform functions;
  4. manage your account information, support password changes, disable accounts, and process account deletion requests;
  5. create and maintain power station projects, manage station location or address information, support GIS map display, and manage the operational lifecycle of stations and equipment;
  6. configure and send equipment alarm messages, offline alerts, work-order notifications, inspection-task notifications, O&M reports, and other necessary operational notifications;
  7. create inspection plans, assign executing personnel, record inspection execution and results, collect on-site inspection photos, collect electronic signatures where applicable, and generate and archive inspection reports;
  8. create, assign, track, process, and close alarm work orders, record troubleshooting steps and handling results, and provide feedback on O&M progress and results;
  9. support remote strategy dispatch and equipment operation, including charge/discharge strategy configuration, start/stop control, operation execution, and operation result recording;
  10. support fault retrieval, troubleshooting, fault knowledge-base searches, historical fault record searches, and operation-log tracing where this is necessary to provide the Services;
  11. record electricity price entry, electricity price template creation, configuration changes, and related operation records;
  12. provide the AI assistant as a core service feature, including responding to user queries, maintaining conversation context, storing conversation history, and enabling users to review previous conversations;
  13. manage mobile app device information and push notification tokens to provide service-related mobile notifications; and
  14. maintain essential web sessions and essential cookies that are necessary for login, session continuity, platform access, and service security.

Necessary for Our Legitimate Interests

We use your data where this is necessary to achieve legitimate interests — whether belonging to us, you, or a third party — provided these interests are not outweighed by your interests or fundamental rights and freedoms. We use the information we collect to:

  1. process account deletion requests, disable or close relevant user accounts, maintain deletion request records, processing status records, and deletion operation logs, where necessary to manage the user lifecycle, evidence compliance, prevent unauthorized or erroneous account deletion, resolve disputes, and protect our legal rights;
  2. support fault retrieval, troubleshooting, fault knowledge-base searches, historical fault record searches, and operation-log tracing, where necessary to identify, diagnose, and resolve equipment or platform issues, maintain the reliability and safety of the Services, support O&M traceability, and assist your organization in maintaining energy-storage equipment;
  3. monitor, secure, troubleshoot, and maintain the AI assistant and related platform functions, including detecting misuse, preventing abuse, investigating technical issues, and maintaining service reliability, where necessary to protect the security and integrity of the Services and to ensure that the AI assistant operates safely and reliably;
  4. record platform and app login behavior, feature operations, access logs, operation logs, system activity records, crash records, and related audit records, where necessary for security monitoring, access control, compliance auditing, incident investigation, service continuity, troubleshooting, performance analysis, limited feature usage analysis, and improvement of the Services, provided that we will obtain consent where required by applicable law for non-essential analytics, personalization, cookies, or similar technologies.

Your Consent

We ask for your consent where required for specific purposes. Where we rely on consent, you may withdraw your consent at any time through the relevant settings, preference center, consent mechanism, or by contacting us, without affecting the lawfulness of processing based on consent before its withdrawal.

We rely on consent to:

  1. use AI assistant conversation data for model optimisation, model training, product improvement, or non-essential personalisation, where such use is not necessary to provide the core AI assistant service;
  2. use non-essential cookies or similar technologies, where required by applicable law; and
  3. send marketing communications or use personal data for marketing purposes, if such features are introduced and consent is required by applicable law.

Compliance with a legal obligation

We may use your data where it is necessary to comply with a legal obligation. This includes situations where we have obligations to communicate with you, take measures to ensure the safety of our users, or comply with a valid legal request such as an order or disclosure request from regulators, law enforcement agencies or courts.

To perform a task in the public interest

We may use your data where it is necessary to perform a task in the public interest, including undertaking research, preventing and detecting crime, safeguarding children and promoting public safety, security, and integrity as laid down by applicable law.

To protect someone's vital interests

We may use your data where it is necessary to protect your or someone else's life, physical integrity, or safety. This could also include providing law enforcement agencies or emergency services with information in urgent situations to protect health or life.

International Data Transfers

Your personal data may be transferred to, accessed from, or processed by entities outside your home country, including our service providers, affiliates, and business partners, for the purposes described in this Privacy Policy in connection with your use of the Services. Where applicable, we may rely on an adequacy decision for transfers to certain destinations. However, where personal data is transferred outside the EEA, the UK, or Switzerland to a country that has not been recognised as providing an adequate level of protection, we rely on appropriate safeguards and/or other valid transfer mechanisms, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, Swiss adaptations to the Standard Contractual Clauses, or other valid mechanisms under applicable law. We also implement supplementary measures where required. You may contact us to request a copy of, or further information about, the safeguards we use for international data transfers. The EU Standard Contractual Clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.

Your Rights

As a resident of the EEA, UK, or Switzerland, you have the following rights:

If you wish to exercise these rights, please use the contact information in "Contact Us" in the main Privacy Policy. To ensure data security (e.g., to prevent unauthorized data processing), we may require you to provide necessary additional information for identity verification. We will respond within the statutory timeframe.

Data Protection Officer (DPO)

For EEA privacy matters, we have designated a Data Protection Officer. If you have any questions or concerns about our privacy practices, please contact our DPO: