Privacy Policy

Hibernate is operated by Hibernation Labs LLC, a Delaware limited liability company. When this policy says “we,” “us,” or “Hibernate,” it means Hibernation Labs LLC.

Contact: hello@usehibernate.com

Hibernate locks you out of your own Instagram account for a period you choose, by changing your account’s login credentials and holding them until your timer ends.

To do this, we have to handle data that’s more sensitive than a typical SaaS handles: your Instagram login email and password. We want to be upfront about that.

Information you give us directly

• Your real email address — so we can release your password back to you when your timer ends, and so you can log in to your Hibernate dashboard.
• Backup email addresses (optional) — if you add them, we send the released password to all of them.
• The Instagram email alias and password we generate — created by us, encrypted at rest, and stored against your account until release.
• Verification codes sent by Instagram to the alias we generated — received via our inbound-email provider, displayed to you during setup, then discarded.
• Payment information — handled directly by Stripe, our payment processor. We never see your card number; we only receive a confirmation that a payment succeeded.

Information collected automatically

• Product analytics via PostHog and Google Analytics — pages visited, actions taken in the app, approximate location derived from IP, browser and device type.
• Server logs — IP address, timestamps, and request paths, retained for security and debugging.

The Instagram email and password we generate on your behalf are encrypted at rest in our database. We do not display them in our dashboard, our admin tools, or in any internal logs after they are generated.

We are continuously hardening this part of the product. Our goal is that the credentials are not accessible to us in plaintext before your timer expires.

• To run the detox you paid for (the core service).
• To send you transactional emails: receipts, your released password when the timer ends, and account notifications.
• To respond to your support requests.
• To analyze usage and improve the product (via PostHog and Google Analytics).
• To comply with legal obligations.

We do not sell your data, and we do not use it for advertising or share it with advertisers.

We use the following third-party processors:

• Supabase — database and authentication hosting.
• Stripe — payment processing.
• Postmark — transactional email (outbound) and email alias intake (inbound).
• Vercel — application hosting.
• PostHog and Google Analytics — product analytics.

We may also disclose data when required by law, to enforce our Terms, or to protect the rights, safety, or property of Hibernate or others.

• Active accounts: we retain your data as long as your account exists.
• Instagram credentials we hold: deleted from active storage within 30 days after a successful release.
• Account deletion on request: within 30 days of your request, deleted from active systems. Encrypted backups may retain copies for up to 60 additional days.

Depending on where you live, you may have rights to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain uses. To exercise any of these rights, email hello@usehibernate.com.

Please note: deleting your Hibernate account does not shorten an in-progress detox. The credentials we hold will still be released on schedule (or sooner, if you request deletion mid-detox — in which case we will release them to your registered email immediately).

For users in the European Economic Area, United Kingdom, and Switzerland: our legal basis for processing your data is (a) the performance of our contract with you (running the detox you paid for), (b) our legitimate interests in operating and improving the service, and (c) your consent where required (for analytics cookies). You have the right to lodge a complaint with your local data protection authority.

We use cookies and similar technologies for authentication and analytics. Where required by law, we will ask for your consent before setting analytics cookies.

Hibernate is not intended for anyone under 18. We do not knowingly collect data from children.

We may update this policy from time to time. We’ll post the new version here and update the “Last updated” date. If changes are material, we’ll notify active users by email.

Questions, complaints, or requests: email hello@usehibernate.com.