What personal data does Hygraph collect when I visit the website?
When you visit the Hygraph website for informational purposes only (without registering or providing information), Hygraph collects data that your browser transmits to the server. This includes your IP address, date and time of request, time zone difference to GMT, content of the request, access status/HTTP status code, amount of data transferred, referring website, browser, operating system, and language/version of browser software. This data is necessary to display the website and ensure stability and security (Art. 6 para. 1 s. 1 lit. f GDPR). Note: No additional personal data is collected unless you register or provide it voluntarily.
How long does Hygraph store my personal data?
Hygraph processes and stores your personal data only for the period necessary to achieve the storage purpose or as required by applicable laws. Once the purpose no longer applies or the legal retention period expires, your data is routinely blocked or deleted according to statutory provisions. The specific duration depends on the legal retention period and whether the data is still needed for contract fulfillment, initiation, or other legitimate interests. Note: Detailed retention schedules are not publicly documented; contact support@hygraph.com for specifics.
What data is required to use the Hygraph service?
To use the Hygraph service, you must sign up with your email address, password, and name. Registration uses a double opt-in process, requiring confirmation via a link sent to your email. Additional personal data is voluntary and processed only with your consent. Mandatory data is processed under Art. 6 para. 1 s. 1 lit. b GDPR; voluntary data under Art. 6 para. 1 s. 1 lit. a GDPR. Note: Without providing the required data, you cannot complete registration for Hygraph.
User Rights & Contact
What rights do I have regarding my personal data with Hygraph?
You have the right to information, correction or deletion, restriction of processing, objection to processing, and data portability regarding your personal data. To exercise these rights, email support@hygraph.com. If you believe your data is processed in violation of the GDPR, you may appeal to a supervisory authority. Note: Some rights may be limited by legal requirements or legitimate interests.
Who is the data protection officer for Hygraph and how can I contact them?
The data protection officer for Hygraph is Will Robinson. For privacy-related inquiries, you can contact Hygraph GmbH at Dircksenstraße 47, 10178 Berlin, Germany, phone: +49 641 580 988 14, or email info@hygraph.com. For exercising your data rights, email support@hygraph.com.
Cookies & Analytics
What types of cookies does Hygraph use and for what purposes?
Hygraph uses transient (session) cookies and persistent cookies. Session cookies are deleted when you log out or close your browser, while persistent cookies are deleted after a specified period. Cookies are used to simplify website use, enable certain features, and improve website quality through analytics. You can configure your browser to refuse cookies, but some website functions may not work. Note: Disabling cookies may limit your ability to use all features of the website.
Does Hygraph use Google Analytics and how is my data protected?
Yes, Hygraph uses Google Analytics to analyze website usage and improve offerings. Google Analytics uses cookies, and IP anonymization is enabled to mask your IP address within the EU/EEA. In rare cases, the full IP address may be transferred to the USA and shortened there. Google Analytics data is not merged with other Google data. You can opt out by installing the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=en. Note: Disabling analytics cookies may affect website performance insights.
Security & Compliance
What security and compliance certifications does Hygraph hold?
Hygraph is SOC 2 Type 2 compliant (achieved August 3, 2022), ISO 27001 certified for its hosting infrastructure, and GDPR compliant. These certifications demonstrate Hygraph's commitment to secure and compliant data management. For more details, visit Hygraph's Secure Features page. Note: For industry-specific compliance needs, contact sales for further details.
How does Hygraph ensure the security of my data?
Hygraph employs multiple security measures, including granular permissions, SSO integrations (OIDC/LDAP/SAML), audit logs, encryption in transit and at rest, regular backups with one-click recovery, and secure API policies (custom origin policies and IP firewalls). All endpoints use SSL certificates. Data centers are ISO 27001 certified and SOC 2 Type 2 compliant. Note: Detailed technical limitations are not publicly documented; contact sales for specifics.
Third-Party Services & Data Sharing
Does Hygraph share my data with third-party service providers?
Hygraph uses external service providers for hosting, subscription management, invoicing, payment processing, authentication, communication, and error analysis. These providers have access to personal data uploaded to Hygraph and process it under agreements that comply with legal data protection and security requirements. Note: The list of specific providers is not publicly disclosed; contact support@hygraph.com for more information.
What third-party tools are used for chat and analytics on the Hygraph website?
Hygraph uses Intercom, Inc. for its website chat function and Google Analytics for web analytics. Both providers process data under agreements that comply with EU data protection requirements and have submitted to the EU-US Data Privacy Framework. For more details, see Intercom's privacy policy at https://www.intercom.com/legal/privacy and Google's privacy policy at https://www.google.de/intl/de/policies/privacy. Note: Disabling these services may limit chat and analytics functionality.
Product Use & Privacy
How does Hygraph use my email address after registration?
Hygraph uses your email address to provide information about updates to the Hygraph service via a regular newsletter. You can revoke your consent to receive newsletters at any time by using the unsubscribe link in the newsletter or by emailing support@hygraph.com. Note: If you unsubscribe, you will no longer receive update notifications via email.
What legal basis does Hygraph use for processing my data?
Hygraph processes mandatory personal data for service provision under Art. 6 para. 1 s. 1 lit. b GDPR (contractual necessity). Voluntary data is processed under Art. 6 para. 1 s. 1 lit. a GDPR (consent). Data collected for website operation and analytics is processed under Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest). Note: For detailed legal interpretations, consult Hygraph's privacy policy or contact the data protection officer.
Additional Resources
Where can I find more information about Hygraph's privacy and security practices?
We, Hygraph GmbH, Dircksenstraße 47, 10178 Berlin, Germany (hereinafter "we/our"), take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the German Data Protection Act (Bundesdatenschutzgesetz - BDSG), and the German Telemedia Act (Telemediengesetz - TMG). The following explanations provide an overview of how we ensure this protection, the data we process, and the purposes for which we process it.
1. Name and address of the Controller
The Controller within the meaning of Art. 4 No. 7 of the GDPR is:
2. Name and address of the data protection officer
The data protection officer of the person responsible is: Will Robinson
3. Your rights as the data subject
You have the following rights towards us regarding your personal data:
Right to information
Right to correction or deletion
Right to restrict processing
Right to object to the processing
Right to data transferability
Please send an email to support@hygraph.com to exercise one or more of the aforementioned rights. If you believe that the processing of personal data concerning you violates the GDPR, you have the right of appeal to a supervisory authority, without prejudice to any other remedies.
4. General information regarding the data processing
When using the website for information purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to provide stability and security (legal basis is Art. 6 para. 1 s. 1 lit. f GDPR):
IP address
date and time of the request
time zone difference to Greenwich Mean Time (GMT)
content of the request (specific page)
access status/HTTP status code
the amount of data transferred in each case
website from which the request comes
Browser
operating system and its surface
language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard disk by the browser you use. Through these cookies, we receive certain information from you. Cookies cannot run programs or transmit viruses to your computer. They help make the website more user-friendly and more effective overall.
We process and store your personal data only for the period necessary to achieve the purpose of storage or as required by applicable laws. If the storage purposes no longer apply, or if a storage period stipulated by applicable law has expired, the personal data is routinely blocked or deleted in accordance with the applicable statutory provisions.
The criterion for the duration of the storage of your personal data is the respective legal retention period. After this period expires, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfilment, contract initiation, or other legitimate interests.
5. Use of cookies
a. This website uses the following types of cookies, the scope and functioning of which are explained below:
Transient cookies (see b),
Persistent cookies (see c).
b. Transient cookies are automatically deleted when you close your browser. This includes, in particular, the session cookies. These stores a so-called session ID, which allows different requests from your browser to be assigned to the same session. This will ensure your computer is recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
d. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
e. We use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you will have to log in again for each visit.
f. The purpose of using technically required cookies is to simplify the use of our website for your benefit. Several features of our website cannot be provided without cookies. For these functionalities, it is required to re-identify the browser. The use of analytical cookies is intended to improve the quality of our website and its content. These cookies track website use to help us optimize our offering.
g. The legal basis for the use of cookies is Art. 6 Par. 1 S. 1 lit. f GDPR. Our legitimate interest is covered in lit. g above.
6. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies to help the website analyze how users interact with it. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will mask your IP address within Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with additional services related to website and Internet use.
The IP address your browser transmits in the context of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form to rule out identification. As a result, insofar as the data collected about you enables an identification, such a possibility will be excluded immediately.
We offer chat as an additional option for our users to communicate with us on our website. The information outlined in section 4 is processed in connection with your use of the chat function. Legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
If you want to use our service “Hygraph”, you have to sign up with your email address, a password, and your name. We use the so-called double opt-in procedure for sign-up, i.e., your registration is not complete until you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not receive a confirmation, your registration will be automatically deleted from our database.
Providing the above data is mandatory. Any further personal data you provide is voluntary, and by providing it, you consent to its processing in accordance with this privacy policy.
We process the personal data only for and in connection with the provision of Hygraph.
We use your email address to provide you with information about updates to Hygraph via our regular newsletter. You can revoke your consent to receive our newsletter at any time by using the respective link in the newsletter or sending an email to support@hygraph.com.
The legal basis for the processing of mandatory personal data in relation to the use of Hygraph is Art. 6 para. 1 s. 1 lit. b GDPR; the legal basis for voluntary personal data is Art. 6 para. 1 s. 1 lit. a GDPR.
We use the services and storage systems of external service providers to provide Hygraph. These service providers have access to the personal data you upload to Hygraph. The processing of your personal data by the respective service provider is based on an agreement on data protection and data security that complies with legal requirements.
These service providers are categorized as follows:
Hosting service providers,
Subscription management and invoicing tool providers,
Payment processing tool providers,
Authentication tool providers,
Communication tool providers,
Error analysis tool providers.
Last updated: 19.03.2025
Get started for free, or request a demo to discuss larger projects
We, Hygraph GmbH, Dircksenstraße 47, 10178 Berlin, Germany (hereinafter "we/our"), take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the German Data Protection Act (Bundesdatenschutzgesetz - BDSG), and the German Telemedia Act (Telemediengesetz - TMG). The following explanations provide an overview of how we ensure this protection, the data we process, and the purposes for which we process it.
1. Name and address of the Controller
The Controller within the meaning of Art. 4 No. 7 of the GDPR is:
2. Name and address of the data protection officer
The data protection officer of the person responsible is: Will Robinson
3. Your rights as the data subject
You have the following rights towards us regarding your personal data:
Right to information
Right to correction or deletion
Right to restrict processing
Right to object to the processing
Right to data transferability
Please send an email to support@hygraph.com to exercise one or more of the aforementioned rights. If you believe that the processing of personal data concerning you violates the GDPR, you have the right of appeal to a supervisory authority, without prejudice to any other remedies.
4. General information regarding the data processing
When using the website for information purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to provide stability and security (legal basis is Art. 6 para. 1 s. 1 lit. f GDPR):
IP address
date and time of the request
time zone difference to Greenwich Mean Time (GMT)
content of the request (specific page)
access status/HTTP status code
the amount of data transferred in each case
website from which the request comes
Browser
operating system and its surface
language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard disk by the browser you use. Through these cookies, we receive certain information from you. Cookies cannot run programs or transmit viruses to your computer. They help make the website more user-friendly and more effective overall.
We process and store your personal data only for the period necessary to achieve the purpose of storage or as required by applicable laws. If the storage purposes no longer apply, or if a storage period stipulated by applicable law has expired, the personal data is routinely blocked or deleted in accordance with the applicable statutory provisions.
The criterion for the duration of the storage of your personal data is the respective legal retention period. After this period expires, the corresponding data will be routinely deleted, provided that they are no longer required for contract fulfilment, contract initiation, or other legitimate interests.
5. Use of cookies
a. This website uses the following types of cookies, the scope and functioning of which are explained below:
Transient cookies (see b),
Persistent cookies (see c).
b. Transient cookies are automatically deleted when you close your browser. This includes, in particular, the session cookies. These stores a so-called session ID, which allows different requests from your browser to be assigned to the same session. This will ensure your computer is recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
d. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
e. We use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you will have to log in again for each visit.
f. The purpose of using technically required cookies is to simplify the use of our website for your benefit. Several features of our website cannot be provided without cookies. For these functionalities, it is required to re-identify the browser. The use of analytical cookies is intended to improve the quality of our website and its content. These cookies track website use to help us optimize our offering.
g. The legal basis for the use of cookies is Art. 6 Par. 1 S. 1 lit. f GDPR. Our legitimate interest is covered in lit. g above.
6. Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies to help the website analyze how users interact with it. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will mask your IP address within Member States of the European Union or other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with additional services related to website and Internet use.
The IP address your browser transmits in the context of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form to rule out identification. As a result, insofar as the data collected about you enables an identification, such a possibility will be excluded immediately.
We offer chat as an additional option for our users to communicate with us on our website. The information outlined in section 4 is processed in connection with your use of the chat function. Legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
If you want to use our service “Hygraph”, you have to sign up with your email address, a password, and your name. We use the so-called double opt-in procedure for sign-up, i.e., your registration is not complete until you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not receive a confirmation, your registration will be automatically deleted from our database.
Providing the above data is mandatory. Any further personal data you provide is voluntary, and by providing it, you consent to its processing in accordance with this privacy policy.
We process the personal data only for and in connection with the provision of Hygraph.
We use your email address to provide you with information about updates to Hygraph via our regular newsletter. You can revoke your consent to receive our newsletter at any time by using the respective link in the newsletter or sending an email to support@hygraph.com.
The legal basis for the processing of mandatory personal data in relation to the use of Hygraph is Art. 6 para. 1 s. 1 lit. b GDPR; the legal basis for voluntary personal data is Art. 6 para. 1 s. 1 lit. a GDPR.
We use the services and storage systems of external service providers to provide Hygraph. These service providers have access to the personal data you upload to Hygraph. The processing of your personal data by the respective service provider is based on an agreement on data protection and data security that complies with legal requirements.
These service providers are categorized as follows:
Hosting service providers,
Subscription management and invoicing tool providers,
Payment processing tool providers,
Authentication tool providers,
Communication tool providers,
Error analysis tool providers.
Last updated: 19.03.2025
Get started for free, or request a demo to discuss larger projects