Sign in · iHYPE.org

01 · Get in

Sign up. Or sign in.

Sign up · 2 steps

Welcome to iHYPE.

Free forever. No tiers. No upsell.

Email

Username

Password 8+ chars, 1 letter, 1 number

By continuing, you agree to the charter and privacy promise. We never sell data.

Returning · 2 steps

Welcome back.

Email or username + password. We'll send you a code.

Email or username

Password

02 · Verify

Check your inbox.

We sent a 6-digit code to . Expires in 10 minutes.

Wrong inbox? Go back

03 · Switch perspectives

One account. Every lens.

The role pill in the nav opens a switcher. Each role lights up the part of the platform that role uses — its own colors, its own tools, its own surfaces. Same account underneath.

iHYPE

M Maya Fan ▾

Switch perspective maya@…

F

Fan

Listening · attending · hyping

Active

A

Artist · "Phantom Ridge"

Tour · payouts · releases

→

P

Promoter · "Slow Burn"

Show curation · affiliate $

→

+ Add another role · Venue

Account settings Sign out

Discovering for you Fan view

×1.0 local

Recommendations weighted to your county. 12 friends are active. 4 shows in your area this week. The HYPE wallet shows your balance, your given, and what's still inside its 90-day fade.

Local recs Friends pulse Tickets My HYPE

Phantom Ridge · tour planner Artist view

12 hot cities

HYPE concentration heatmap, suggested 6-stop tour route, venue capacity matches with projected fill rates. Payout dashboard shows pending and cleared earnings on the 45% split.

Tour planner Releases Payouts Audience map

State Theatre · booking radar Venue view

23 open dates

Local artists with HYPE momentum that haven't played here yet. Compatible promoters by audience overlap. Door-scan dashboard for live events. Format-trend signals (late-night DJ sets ↑84%).

Booking radar Door scanner Calendar Payouts

Slow Burn · show creator Promoter view

8 trending matches

Trending artists scored against your past show content. Trending songs for your next mixtape, ranked by audience demo match. Affiliate dashboard shows the 10% you've earned on referred ticket sales.

Show creator Mixtape builder Affiliate $ Audience

04 · Defense in depth

Built for the scene. Hardened against abuse.

Every dollar wasted on bot traffic is a dollar that didn't go to an artist. Here's the stack of defenses we run.

Layer 01 · Account creation

Sign-up integrity

✓MFA required. Every account verifies with a 6-digit code. Single-use, expires in 10 min, 3 attempts.

✓Disposable-email blocklist. Burner addresses rejected with a friendly nudge.

✓Phone reputation scoring. VOIP and known-spam ranges face stricter rate limits.

✓Behavioral challenge. Suspicious sessions get a CAPTCHA. Humans almost never see one.

✓Device fingerprint cap. Max 3 new accounts per device per week.

Layer 02 · Session

Sign-in & session

✓Passwordless by default. Passkeys, magic links, hardware keys. No password DB to leak.

✓TLS 1.3 everywhere. Strict HSTS. Certificate pinning on mobile.

✓Session binding. Tokens scoped to device fingerprint. Stolen cookies useless elsewhere.

✓Anomaly alerts. New-country sign-ins ping the registered method.

✓30-day idle expiry. Refresh tokens rotate every use.

Layer 03 · HYPE integrity

Engagement integrity

✓Proof-of-listen. HYPE earned from songs requires verified player completion events.

✓Attendance = QR scan. +10 HYPE only fires on a real door scan.

✓One tap per source per 30 days. The HYPE rate limit itself is the strongest defense.

✓Coordinated-inauthentic detection. Bot networks clustered and rolled back silently.

✓Charts use only verified HYPE. Accounts under review don't count.

Layer 04 · Money

Money & payouts

✓Stripe Radar. Card fraud scoring on every charge. High-risk holds for review.

✓Velocity caps. Per-card and per-account limits. Reseller bots can't hoard.

✓Payout KYC. Artists, venues, promoters verify identity before receiving money.

✓Refund integrity. Refunds debit all parties proportionally.

✓System changes gated. Algorithm and payout-rule changes need board approval.

05 · Public rate limits

We don't hide them. They're on the docs.

Sign-up attempts

5

per IP / hour

OTP requests

3

per address / 10min

Sign-in attempts

10

per IP / hour

Ticket purchases

8

per account / event

06 · Admin access

Even admins can't browse you.

Just-in-time access — not standing access. Hardware-key auth, scoped permissions, time-limited tokens, public audit logs.

Admin · break-glass

Just-in-time access · how it works

Staff don't have always-on access to user data. Every operation requires hardware-key auth, scoped permission, time-limited tokens, and a public audit entry. No admin code is shared. No one has standing read access.

Step 01 · Authenticate

Username + hardware key

No SMS fallback for admin accounts. Hardware key (WebAuthn) only. Failed attempts trip an alarm channel.

Step 02 · Request scope

What you need, for how long

e.g. "moderation queue read · 2 hours" or "single-account view for fraud appeal #4291 · 30 min." No "all users" scope exists.

Step 03 · Approval

Auto-grant or peer review

Routine scopes auto-grant. High-risk scopes (financial data, identity exports) require a second admin's approval.

Step 04 · Public log

Anonymized · in the dashboard

Every grant publishes to The Glass Wall feed: "scope X, duration Y." Pattern of abuse visible from outside.

What no admin can do without governance approval: change the recommendation algorithm, the 45/45/10 split, the HYPE rules, rate limits, mass-delete accounts, modify the charter. Those are board-vote decisions with public changelogs.