Privacy notice
Controller
Hipothesis ("we", "us") processes personal data in line with the EU/UK GDPR and other laws that apply to you, depending on your region.
What we process
Depending on how you use the service, we may process:
- Identity & contact: name, email, phone, locale.
- Order data: briefs, deadlines, uploads, pricing, payment status.
- Communications: in-app messages and support tickets.
- Technical: IP address, device/browser data, security logs.
- Financial metadata: invoices and payment references processed by payment providers.
Purposes and legal bases
- Providing the marketplace and fulfilling contracts (Art. 6(1)(b) GDPR).
- Security, fraud prevention, and service improvement (legitimate interests, Art. 6(1)(f)).
- Compliance with legal obligations (Art. 6(1)(c)).
- Where required, consent for marketing or sensitive brief materials (Art. 6(1)(a) / Art. 9).
Recipients
We share data with infrastructure vendors, assigned writers where needed to deliver an order, payment processors, and authorities when legally required. Transfers outside your region use appropriate safeguards (e.g. SCCs) where applicable.
Retention
We keep data as long as your account is active and as required for legal, tax, and dispute resolution purposes, then delete or anonymise it.
Your rights
You may request access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your supervisory authority. Contact: hello@hipothesis.com.
