4. Your choices — the cookie banner
On your first visit to hypersign.id, a cookie banner is shown with two equally prominent options:
A Manage preferences option lets you accept or reject each non-essential category individually — analytics, attribution, and embedded media. No non-essential cookie is set before you click Accept.
You can change your choices at any time by reopening the cookie banner via the "Cookie settings" link in the site footer, or by clearing the hypersign_consent cookie directly in your browser.
You can also block or delete cookies entirely in your browser settings. Blocking strictly necessary cookies will break parts of the site — forms and sessions will not work. Blocking analytics, attribution, or embedded-media cookies will not affect core site functionality.
5. Browser-based privacy signals — Global Privacy Control (GPC) and Do Not Track (DNT)
Global Privacy Control (GPC)
When your browser sends a Global Privacy Control signal (Sec-GPC: 1), Hypersign treats it as an opt-out of sale and sharing under the CCPA/CPRA and as an opt-out of analytics and attribution cookies. The GPC signal is recorded against the hypersign_consent cookie so that no analytics, attribution, or embedded-media cookie is set on that browser, regardless of any earlier banner choice.
GPC is the recommended signal. Most modern browsers and privacy extensions — DuckDuckGo, Brave, Firefox Privacy, and others — emit a GPC signal automatically. If your browser or extension supports GPC, your opt-out preference is applied automatically without using the cookie banner.
Do Not Track (DNT)
The legacy Do Not Track header has no industry-standard interpretation and is not formally recognised under any current data-protection or consumer-privacy law. Hypersign does not rely on the DNT header — please use the cookie banner or send a GPC signal instead. Most modern privacy tools that previously emitted DNT now emit GPC in its place.
6. Special considerations for minors
We do not target advertising or use advertising cookies in any section of our website intended for younger users. If a business customer uses Hypersign for age-related identity verification, that customer's own notices and consent flows — not this policy — govern that interaction. The Hypersign marketing site itself is not directed at children under the age of 16.
7. International transfers
Some of the providers used to operate hypersign.id may process cookie-derived data outside the European Economic Area (EEA). Where such transfers occur, Hypersign relies on the European Commission's 2021 Standard Contractual Clauses (SCCs) and each provider's own published transfer safeguards to ensure an adequate level of protection for your personal data.
The primary infrastructure operated by Hypermine Labs UG (the Hypersign entity contracting with EU and EEA customers) is hosted in the EEA, with the default region being AWS eu-central-1 (Frankfurt, Germany).
8. Updates to this Cookies Policy
Hypersign reviews and refreshes this policy at least every six months and whenever our cookie usage materially changes. The effective date at the top of this page reflects the last refresh. When we make material changes, we update the banner on hypersign.id so returning visitors are re-prompted to review their choices.
9. Contact and complaints
For questions or requests about this Cookies Policy or the personal data processed through cookies, contact our Privacy team:
Privacy & Cookies
privacy@hypermine.de
→Legal & Contracts
legal@hypermine.de
→Security
security@hypermine.de
→Supervisory authority complaints
If you believe Hypersign has handled cookies or personal data unlawfully, you have the right to lodge a complaint with a data-protection supervisory authority. Hypersign's lead supervisory authority is:
You may also lodge a complaint with the data-protection authority in your country of habitual residence or place of work. The European Data Protection Board maintains a directory of all EU supervisory authorities at edpb.europa.eu.