New: Hypersign is now eIDAS 2.0 ready verifiable credentials and EUDI Wallet compliance built in. See case studies →
← Legal, Privacy & Security
Privacy

Cookies Policy

Last updated: June 30, 2026

This policy explains how Hypersign uses cookies and similar technologies on hypersign.id and all Hypersign-operated websites — what each category does, how you control them, and how we respond to browser-based privacy signals.

1. What are cookies?

Cookies are small text files placed on your device by a website you visit. They store information such as the website's name, a unique session or user identifier, and your preferences. "Similar technologies" include pixels, web beacons, software development kit (SDK) identifiers in mobile contexts, local storage, and server-set tokens that perform the same functions as cookies.

First-party cookies are set by Hypersign itself. Third-party cookies are set by services Hypersign embeds — for example, a YouTube video player embedded in a product demo or explainer page.

2. How we use cookies

We use cookies to:

  • Keep the site functional — load balancing, session continuity, and security.
  • Remember your cookie-consent choices across visits.
  • Measure how visitors use the site — page views, navigation paths, and performance.
  • Attribute marketing campaigns — understand which channel or source brought you to hypersign.id.
  • Enable embedded media — YouTube video players and external demo embeds.
  • Support fraud and abuse prevention on the marketing site itself.

No advertising profiles. We do not use cookies on the marketing site for behavioral advertising profiles, cross-context behavioral advertising, or for any form of sale or sharing of personal information as defined by the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

3. Categories of cookies we use

The table below summarises each category, who sets it, and whether consent is required before it activates.

4. Your choices — the cookie banner

On your first visit to hypersign.id, a cookie banner is shown with two equally prominent options:

Cookie Preferences

We use cookies to keep the site functional, measure performance, and attribute marketing. You can accept all, reject non-essential, or manage each category individually.

Accept allReject allManage preferences

A Manage preferences option lets you accept or reject each non-essential category individually — analytics, attribution, and embedded media. No non-essential cookie is set before you click Accept.

You can change your choices at any time by reopening the cookie banner via the "Cookie settings" link in the site footer, or by clearing the hypersign_consent cookie directly in your browser.

You can also block or delete cookies entirely in your browser settings. Blocking strictly necessary cookies will break parts of the site — forms and sessions will not work. Blocking analytics, attribution, or embedded-media cookies will not affect core site functionality.

5. Browser-based privacy signals — Global Privacy Control (GPC) and Do Not Track (DNT)

Global Privacy Control (GPC)

When your browser sends a Global Privacy Control signal (Sec-GPC: 1), Hypersign treats it as an opt-out of sale and sharing under the CCPA/CPRA and as an opt-out of analytics and attribution cookies. The GPC signal is recorded against the hypersign_consent cookie so that no analytics, attribution, or embedded-media cookie is set on that browser, regardless of any earlier banner choice.

GPC is the recommended signal. Most modern browsers and privacy extensions — DuckDuckGo, Brave, Firefox Privacy, and others — emit a GPC signal automatically. If your browser or extension supports GPC, your opt-out preference is applied automatically without using the cookie banner.

Do Not Track (DNT)

The legacy Do Not Track header has no industry-standard interpretation and is not formally recognised under any current data-protection or consumer-privacy law. Hypersign does not rely on the DNT header — please use the cookie banner or send a GPC signal instead. Most modern privacy tools that previously emitted DNT now emit GPC in its place.

6. Special considerations for minors

We do not target advertising or use advertising cookies in any section of our website intended for younger users. If a business customer uses Hypersign for age-related identity verification, that customer's own notices and consent flows — not this policy — govern that interaction. The Hypersign marketing site itself is not directed at children under the age of 16.

7. International transfers

Some of the providers used to operate hypersign.id may process cookie-derived data outside the European Economic Area (EEA). Where such transfers occur, Hypersign relies on the European Commission's 2021 Standard Contractual Clauses (SCCs) and each provider's own published transfer safeguards to ensure an adequate level of protection for your personal data.

The primary infrastructure operated by Hypermine Labs UG (the Hypersign entity contracting with EU and EEA customers) is hosted in the EEA, with the default region being AWS eu-central-1 (Frankfurt, Germany).

8. Updates to this Cookies Policy

Hypersign reviews and refreshes this policy at least every six months and whenever our cookie usage materially changes. The effective date at the top of this page reflects the last refresh. When we make material changes, we update the banner on hypersign.id so returning visitors are re-prompted to review their choices.

9. Contact and complaints

For questions or requests about this Cookies Policy or the personal data processed through cookies, contact our Privacy team:

Supervisory authority complaints

If you believe Hypersign has handled cookies or personal data unlawfully, you have the right to lodge a complaint with a data-protection supervisory authority. Hypersign's lead supervisory authority is:

AuthorityBayerisches Landesamt für Datenschutzaufsicht (BayLDA)
JurisdictionBavaria, Germany — lead supervisory authority for Hypermine Labs UG
Websitelda.bayern.de

You may also lodge a complaint with the data-protection authority in your country of habitual residence or place of work. The European Data Protection Board maintains a directory of all EU supervisory authorities at edpb.europa.eu.