Privacy Policy

Last Updated: February 6, 2026

1. Data Controller
2. Data Protection Officer
3. General Information
4. What Data We Collect
5. Purpose of Data Processing
6. Legal Basis
7. Data Retention
8. Data Sharing
9. International Data Transfers
10. Cookies and Tracking
11. Your Rights
12. Data Security
13. Minors
14. Changes to This Policy
15. Contact

1. Data Controller

The data controller responsible for processing on this website is:

HyperUnlock
Untere Dammstr. 24
42653 Solingen
Germany

Email: contact@hyperunlock.com
Telegram: @hyperunlock
Website: hyperunlock.com

2. Data Protection Officer

For data protection inquiries, you can contact us using the contact details above.

3. General Information

The protection of your personal data is important to us. This Privacy Policy informs you about what data we collect, for what purpose, and on what legal basis. We process your data exclusively in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

4. What Data We Collect

4.1 Data You Provide

When using our services, we collect the following data that you provide to us:

Contact Information: Email address, Telegram username
Payment Information: Processed via PayPal or Paddle (we do not store credit card details)
Device Information: Xiaomi model, IMEI (if required), serial number, current ROM version
Technical Data: Bootloader status, error messages, device logs (when necessary for troubleshooting)
Communication Data: Messages via Telegram or email related to service delivery

4.2 Cookies and Analytics

Our website uses cookies for essential functionality and analytics. For detailed information about cookies, please see our Cookie Policy.

5. Purpose of Data Processing

We process your data for the following purposes:

Purpose	Description
Contract Fulfillment	Providing technical services (bootloader unlock, unbrick, ROM installation)
Communication	Contact, support, instructions, and service updates
Payment Processing	Processing payments via third-party providers
Security	Protection against fraud and abuse
Legal Obligations	Compliance with tax and legal obligations
Service Improvement	Analysis and optimization of our services

6. Legal Basis

The processing of your data is based on the following legal bases under GDPR:

Art. 6(1)(b) GDPR (Contract Performance): Processing to fulfill our contractual obligations to you
Art. 6(1)(c) GDPR (Legal Obligation): Processing to comply with legal obligations (e.g., tax law, accounting requirements)
Art. 6(1)(f) GDPR (Legitimate Interest): Processing to protect our legitimate interests (e.g., security, fraud prevention, service improvement)
Art. 6(1)(a) GDPR (Consent): When you have given us explicit consent for specific processing activities

7. Data Retention

We store your personal data only as long as necessary for the respective purposes:

Data Type	Retention Period
Contract Data	Duration of contract fulfillment + 3 years (tax retention obligation)
Communication Data	Until complete service delivery + 6 months
Payment Data	10 years (commercial retention obligation)
Device Data	Until complete service delivery + 30 days

8. Data Sharing

Your data will only be shared with third parties in the following cases:

8.1 Payment Service Providers

PayPal: Payment processing
Paddle.com: Payment processing and invoicing

These service providers process your payment data according to their own privacy policies and GDPR requirements.

8.2 Hosting Provider

Our website is hosted by [Your Hosting Provider]. The hosting provider has access only to server data necessary for website operation.

8.3 Communication Platforms

Telegram: For the provision of our services, we communicate via Telegram. Telegram processes your data according to their privacy policy. We use Telegram because it offers end-to-end encryption for secure communication.

8.4 Legal Obligations

We may disclose your data if we are legally obligated to do so (e.g., upon official request by law enforcement or tax authorities).

9. International Data Transfers

Some of our service providers (e.g., Telegram, PayPal, Paddle) have servers outside the EU. Data transfer is based on:

EU Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Your explicit consent
Appropriate safeguards as required by GDPR

We ensure that all international data transfers comply with GDPR requirements and that your data receives adequate protection.

10. Cookies and Tracking

Our website uses cookies for essential functionality and analytics. We use cookies managed through Iubenda's consent solution.

You can manage and reject cookies through our cookie consent banner or in your browser settings. However, rejecting cookies may affect the functionality of the website.

For detailed information about the cookies we use, please see our Cookie Policy.

11. Your Rights

You have the following rights regarding your personal data:

11.1 Right of Access (Art. 15 GDPR)

You have the right to obtain information about the personal data we process about you, including details about the processing activities.

11.2 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate or incomplete personal data.

11.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your personal data, provided there are no legal retention obligations or other legitimate grounds for continued processing.

11.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data under certain circumstances.

11.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller.

11.6 Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data based on legitimate interests (Art. 6(1)(f) GDPR).

11.7 Withdrawal of Consent (Art. 7(3) GDPR)

If processing is based on your consent, you can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of processing based on consent before its withdrawal.

11.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Competent Supervisory Authority for Germany:
[Your competent state data protection authority]
Or the data protection authority of your place of residence

General contact for German data protection authorities:
www.bfdi.bund.de

11.9 How to Exercise Your Rights

To exercise any of your rights, please contact us using the contact information provided in Section 15. We will respond to your request within 30 days.

12. Data Security

We implement technical and organizational security measures to protect your data:

SSL/TLS Encryption: Encrypted data transmission on our website (HTTPS)
Access Controls: Restricted access to personal data on a need-to-know basis
Data Backup: Regular backups for data security and business continuity
Encrypted Communication: Secure communication via Telegram (end-to-end encryption available)
Secure Payment Processing: Payments processed through PCI-DSS certified third-party providers
Regular Security Updates: Software and systems kept up-to-date with security patches
Employee Training: Staff trained on data protection and security best practices

Despite all security measures, absolute security cannot be guaranteed. Please do not transmit highly sensitive data through unencrypted channels. For sensitive communications, we recommend using Telegram's end-to-end encrypted secret chats.

13. Minors

Our services can be used by persons of any age. However, minors under 16 years of age require the consent of their legal guardians for us to process their personal data.

If we determine that we have processed personal data from minors under 16 without appropriate parental consent, we will delete this data promptly.

If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately.

14. Changes to This Policy

We reserve the right to change this Privacy Policy to adapt it to changed legal situations or changes to our services and data processing practices.

When we make material changes to this Privacy Policy, we will notify you by updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

15. Contact

If you have questions about data protection, wish to exercise your rights, or have any concerns about how we handle your personal data, please contact us:

Website: hyperunlock.com
Email: contact@hyperunlock.com
Telegram: @hyperunlock
Postal Address:Untere Dammstr. 24, 42653 Solingen, Germany

Response Time: We will respond to your inquiry within 30 days as required by GDPR. If your request is complex or we receive multiple requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for the delay.