Privacy Policy

Effective Date: February 22, 2025

1. Overview

HypnoPilot (“we,” “us,” or “our”) is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your personal information when you access our website https://hypnopilot.com/ (“Platform”) and our services. By using our services, you acknowledge that you have read and agree to this Privacy Policy.

2. Who We Are

HypnoPilot is operated by Paul Kunad as a sole proprietorship. We provide business management, automation, and marketing tools for hypnotherapists.

Business Address:

📍 HypnoPilot, Paul Kunad, HypnoPilot, Schlossstraße 21/1, 88353 Kisslegg, BW, Germany

📧 Email: [email protected]

As a Germany-based company, we comply with General Data Protection Regulation (GDPR) (EU 2016/679) and other applicable data protection laws.

3. What Data We Collect

When using HypnoPilot, we collect the following types of personal data:

a. Data You Provide to Us

Account Information

Name, email, phone number, and business details.

Payment Information

Billing details, but we do not store credit card information. Payments are processed by Stripe, Authorize.net, NMI, Square, and PayPal.

Client Data

Information you input about your own clients, including appointment history, communication logs, and notes.

b. Data We Collect Automatically

Usage Data – How you interact with our platform (e.g., page visits, time spent on features). Device Information – Browser type, IP address, and operating system. Cookies & Tracking Technologies – To enhance the user experience and for analytics purposes. You can manage cookie preferences in your browser settings.

4. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve user experience and analyze platform performance. These include:

Essential Cookies – Necessary for the website to function properly. Analytics Cookies – Help us understand how visitors interact with the website (e.g., Google Analytics). Marketing Cookies – Used for personalized advertising and tracking interactions with marketing campaigns.

You can modify your cookie settings in your browser preferences.

a. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, or smartphone) when you visit a website. They help websites remember your preferences, improve functionality, and provide insights into how users interact with the site. Cookies can be session-based (deleted when you close your browser) or persistent (stored for a set period).

b. Why Do We Use Cookies?

We use cookies to:

• Ensure the website functions properly.

• Provide a seamless user experience.

• Analyze visitor behavior to improve our services.

• Personalize content and marketing.

• Store user preferences for a better experience.

We use different types of cookies for various purposes:

Essential Cookies

These are necessary for the website to function properly and cannot be disabled. They include login authentication and security cookies.

Functional Cookies

These cookies store your preferences to personalize your experience. Such as language and region.

Analytics Cookies

These help us understand how visitors use our website by tracking page visits, time spent, and interactions. This data helps us improve our platform.

c. Managing Cookies

You can manage or disable cookies through your browser settings.

Here are links to manage cookies for popular browsers:

5. How We Use Your Data

We process your data for the following purposes:

Providing & improving services – To personalize your experience and optimize our tools. Billing & transactions – To process payments through third-party payment processors. Support & communication – To respond to inquiries and provide customer assistance. Marketing & updates – To inform you about service improvements and offers (you can opt out anytime). Legal compliance – To comply with applicable laws and regulations.

6. Who We Share Your Data With

We do not sell your data. However, we may share your information with:

• Service Providers – Third-party vendors that help us operate the Platform (e.g., payment processors, hosting providers, customer support).

• Legal Authorities – If required by law or necessary for fraud prevention.

• Business Transfers – If HypnoPilot is acquired or merged with another entity.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of the Text Message services.

7. Mobile Information & Data Privacy

HypnoPilot respects your privacy and is committed to protecting your mobile information.

• No mobile information (including phone numbers and SMS opt-in data) will be shared with third parties or affiliates for marketing or promotional purposes.

• We may share mobile information with subcontractors or service providers strictly for support services, such as customer service, account management, or technical support.

• Mobile data, including text messaging opt-in data and consent, will not be shared with any third party outside of the permitted support services.

Your SMS and mobile communication preferences remain secure and private, and we only use them for essential service-related communications.

8. Third-Party Services & Data Processing

HypnoPilot utilizes third-party service providers to ensure a secure, efficient, and high-performing platform. By using HypnoPilot, users acknowledge that HypnoPilot is our platform, designed and optimized specifically for hypnotherapists, while certain underlying infrastructure and data processing functions are securely managed by trusted third-party providers. CRM, automation and communication services are powered by GoHighLevel, Inc., which serves as our data processor under GDPR. Additionally, Cloudflare, Inc. is used as our hosting provider and data processor for websites created and managed through HypnoPilot, ensuring website security, performance optimization, and data protection. These third-party service providers ensure system reliability, compliance, and data protection in accordance with applicable laws. Users also agree to the Privacy Policies and Data Processing Agreements (DPA) of these providers, including:

GoHighLevel Data Processing Agreement

GoHighLevel Privacy Policy

GoHighLevel Terms of Service

Cloudflare Privacy Policy
Cloudflare Terms of Service

Additionally, payment processing is handled by Stripe, Authorize.net, NMI, Square, and PayPal. You can review their privacy policies here:

Stripe Privacy Policy

Authorize.net Privacy Policy

NMI Privacy Policy

Square Privacy Policy

PayPal Privacy Policy

9. Protection Against Spam and Abuse

To protect our forms from spam and abuse, HypnoPilot uses Google reCAPTCHA v3. This technology is implemented through our service provider and helps us verify that form submissions are made by real people. The use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Service.

10. Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

Right to Access

Request a copy of the data we hold about you.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Deletion

Request deletion of your data under certain conditions.

Right to Restrict Processing

Limit how we use your data.

Right to Data Portability

Receive your data in a structured format.

Right to Object

Opt out of certain data processing activities.

To exercise these rights, contact us at [email protected].

11. Data Storage & Deletion

User accounts that are canceled will remain inactive for 60 days. After 60 days, all account data will be permanently deleted unless reactivated. Users can also request immediate deletion of their account.

12. Communications & Marketing Compliance

HypnoPilot allows users to send automated client communication (e.g., booking confirmations, reminders, follow-ups) from their own accounts, using the phone numbers and email addresses they have purchased and set up. However, users must review and approve their messages to ensure compliance with:

GDPR (data protection & consent). TCPA (SMS & call regulations in the U.S.). CAN-SPAM Act (email marketing laws in the U.S.).

We do not initiate or control messages on behalf of users. Users are responsible for obtaining client consent and ensuring compliance.

13. Security Measures

We take reasonable measures to protect your personal data, including:

SSL encryption for data transmission. Access controls to limit unauthorized access. Periodic security checks to help keep your data safe and up to date. All stored data is protected with 256-bit encryption.

However, no method of data transmission is 100% secure. You use the platform at your own risk.

14. Updates to This Privacy Policy

We may update this policy from time to time. If we make significant changes, we will notify active users via email and update the effective date above.