Skip to main content

Privacy Policy

9 April 2026

Open Hippo prioritizes the protection of your privacy and the security of your personal data.

This Privacy Policy is designed to help you understand how we collect and process your personal data when you use our website or contact us. We believe that you have the right to control your personal data. As such, we have outlined the various rights you have regarding your personal data, including your right to object to certain uses, and your right to access, update, or delete your data.

1. Definitions

"Open Hippo" or "We": refers to Open Hippo GmbH, a German entity registered at the Register Court of Augsburg under Register Number HRB 39923, with its corporate seat at Garmischer Allee 15, 86438 Kissing, Germany.

"User", "Customer" or "You": refers to any person who subscribes to, accesses, or uses Our Services.

"Privacy Policy": refers to this document describing the Processing activities carried out by Open Hippo as Data Controller.

"Processing": refers to any operation relating to Your Personal Data (for instance: collection, use, access, transfer, deletion, etc.).

"Personal Data" or "User Data": refers to any data that directly or indirectly relates to You.

"Data Controller": refers to the person who makes decisions about Your Personal Data.

2. Who is responsible for data protection?

Open Hippo is responsible for handling your personal data. In accordance with Article 37 of the German Federal Data Protection Act, Open Hippo is not obliged to designate a Data Protection Officer. Due to Open Hippo's location, the competent data protection supervisory authority is the Bavarian State Office for Data Protection Supervision. For current contact information, please refer to their website: https://www.lda.bayern.de.

3. What Personal Data do we collect and why?

Following the principle of data minimization, we aim to reduce the collected data to a minimum. However, personal data is collected when you use the website and our services and when you contact Open Hippo.

3.1 What personal data is collected when visiting the website?

When you visit our website and our services, your IP address, browser information, timestamp, and comparable information are saved as part of the server logs. We process server logs on the basis of our legitimate interest to ensure the security and proper functioning of our website and services. This data is not processed for any other purposes.

3.2 What personal data is collected when using Hippo Token?

In addition to the data collected as described in section 3.1, when you use our Hippo API service, called Hippo Token, we collect and store usage data including consumed tokens and credits, subscription data, as well as your contact information. Payment data is stored by our third-party payment processor (as described in section 4.2). We process this data on the basis of our legitimate interest to provide our services, ensure accurate billing, and monitor service usage.

3.3 Do you track my usage of the website and services?

We use self-hosted analytics tools to track your usage of our website and services. This includes monitoring which pages are accessed, how long you spend on each page, and which elements you interact with. We collect this data solely to improve our website functionality and enhance our services. This tracking is conducted entirely through our own infrastructure, meaning your data remains within our systems and is not forwarded to any third parties. The data is stored securely on our servers and is retained only as long as necessary for analysis purposes, typically no longer than 12 months.

3.4 What happens to my data when I contact you in writing?

When you contact us in writing by mail or email we process your personal data on the basis of our legitimate interest to respond to your inquiries. The data you provide when contacting us remains with us until you request deletion, revoke your consent for storage, or the purpose for data storage no longer applies.

4. Who do we forward your Personal Data to?

4.1 Google

We use Google Workspace, a product provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Workspace includes services such as Gmail for business email, Google Meet for video conferencing, and other collaboration tools. Google has committed to processing your personal data solely in accordance with our instructions. For more information on Google's GDPR compliance, please visit: https://cloud.google.com/privacy/gdpr.

4.2 Stripe

To ensure efficient and secure payment processing, we use a service provided by Stripe Payments Europe, Limited (SPEL), located at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. The payment page and the manage subscription page is not part of our website and is hosted by Stripe. It is accessible via an external link. By choosing to subscribe to our services and providing your payment details, you consent to the terms and conditions set forth by Stripe. When you provide your payment details, such as your credit card number, expiration date, and billing address, this information is securely transmitted to Stripe for processing. It's important to note that by using Stripe's services, you are subject to their privacy policy and terms of service, which we recommend reviewing before proceeding with a transaction. For further information on Stripe's data protection practices, please visit Stripe's privacy policy page.

Stripe is a U.S.-based company, and we ensure that only necessary transactional information, such as the details of the services used (e.g., Hippo Token credits) and the timestamp of the transaction, is shared with Stripe. No additional information related to the processing or usage of our services is disclosed. If you have any concerns or prefer alternative arrangements, please contact us directly at team@openhippo.io.

4.3 Supabase

We use Supabase, a backend-as-a-service platform provided by Supabase Inc., to power our API services including user authentication, profile management, and API key storage. Supabase provides the infrastructure for our database, authentication system, and API services that enable core functionality of our API services.

When you create an account, log in, or use our services, your personal data such as email address, profile information, authentication tokens, and API keys are processed and stored through Supabase's infrastructure. We have configured our Supabase instance to use European servers exclusively, ensuring that your data remains within the EU jurisdiction and is subject to European data protection standards.

We process this data on the basis of our legitimate interest to provide secure and reliable services, as well as to fulfill our contractual obligations when you use our API services. Supabase acts as a data processor on our behalf and processes your personal data solely in accordance with our instructions and the terms of our data processing agreement.

Supabase has implemented appropriate technical and organizational measures to ensure the security of your personal data, including encryption at rest and in transit, regular security audits, and compliance with industry standards. For more information about Supabase's data protection practices and security measures, please visit their privacy policy at https://supabase.com/privacy.

5. What external services do we use?

5.1 Calendly

We offer you the option to book a meeting with us. The booking page is provided by Calendly LLC, 271 17th St. NW, Ste 1000, Atlanta, Georgia, United States of America. The booking page is not part of our website and is only accessible via an external link. For further information, please visit https://calendly.com/legal.

5.2 LinkedIn

Open Hippo maintains a social media presence on LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We do not actively collect or process any data from our LinkedIn page. We recommend reviewing LinkedIn's Privacy Policy.

6. What rights do you have as a user?

Under data protection law, you as a user have the following rights regarding your personal data:

  • the right to information
  • the right to rectification and deletion
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability

You have the right to withdraw your consent at any time, where we rely on consent as a legal basis for processing. If you wish to exercise your rights, you can inform us by email at team@openhippo.io, or by mail to:

Open Hippo GmbH, Garmischer Allee 15, 86438 Kissing, Germany

You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.