Data privacy policy

Hyperize is a venture of MING Labs GmbH. All personal data processed via hyperize.ai is handled by MING Labs GmbH as the responsible entity under the GDPR.

MING Labs GmbH
Schwanthalerstr. 13, Aufgang II
80336 München, Germany

Tel: +49 89 9017 6725
Email: hello@hyperize.ai
CEO: Matthias Roebel
Commercial Register: Amtsgericht München, HRB 190328

MING Labs GmbH has appointed an external data privacy officer covering all of its operations, including Hyperize:

Schmid Datensicherheit GmbH
Heidestr. 4
92637 Weiden / Opf.
Germany
Phone: +49 (0) 961/4712941

To contact the data privacy officer directly by email, please write to dsb.minglabs@schmid-datensicherheit.de.

To contact MING Labs GmbH directly about privacy issues, please write to gdpr@minglabs.com.

This policy informs users of the website hyperize.ai about the character, scope, and purposes of personal data processed by the responsible entity, MING Labs GmbH. It also applies to outbound links to external online presences such as social-media profiles operated by Hyperize, regardless of the domains, systems, platforms, and devices on which the website is run.

With regard to the terms used — such as "personal data", "user", or "processing" — we refer to Article 4 of the General Data Protection Regulation (GDPR).

Personal data of users is processed solely in accordance with the relevant data protection regulations. Pursuant to Article 13 GDPR, we inform you about the legal basis of our data processing operations. Unless the legal basis is specified within this policy, the following shall apply:

  • The legal basis for processing personal data with separate consent is Article 6(1)(a) and Article 7 GDPR;
  • The legal basis for processing data to fulfil our services and to execute contractual measures is Article 6(1)(b) GDPR;
  • The legal basis for processing personal data to fulfil our legal obligations is Article 6(1)(c) GDPR;
  • The legal basis for processing personal data to preserve our legitimate interests is Article 6(1)(f) GDPR.

Personal data may only be transferred to third parties on the basis of legal permissions and within legal requirements. We only transfer user data to third parties where this is required for contractual purposes under Article 6(1)(b) GDPR or when we make use of services within our legitimate interests under Article 6(1)(f) GDPR. Where third parties are engaged in the processing of personal data under a data-processing agreement, this happens on the basis of Article 28 GDPR.

Where we make use of third-party services to provide our own services, we take appropriate measures to ensure the protection of personal data according to the relevant legal requirements. This may include the transfer of personal data to servers outside the EU. In such cases, processing happens on the basis of special guarantees such as the EU–U.S. Data Privacy Framework (DPF, adequacy decision of 10 July 2023) where the receiving processor is DPF-certified, the EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914), or further safeguards under Article 44 ff. GDPR.

Contacting us

For questions and matters of any kind, you may contact us via email or, where applicable, social-media channels. When doing so, the data and information provided by the person contacting us will be processed as far as this is necessary to reply to a specific request. This can include personal data such as name, email address, phone number, and content data such as text input. The processing is carried out in accordance with Article 6(1)(f) GDPR (legitimate interest), and where applicable to fulfil contractual purposes or take pre-contractual measures (Article 6(1)(b) GDPR).

Retention: Data from contact enquiries is deleted once the request is fully concluded, unless statutory retention obligations apply (in particular handelsrechtliche and steuerrechtliche Aufbewahrungspflichten under §§ 147 AO, 257 HGB — typically 6 or 10 years). In that case processing is restricted to fulfilling those obligations.

Access data and log files

We run automated access logs on our server(s), i.e., access data is collected. This data includes the name of the website/file called, date and time of the call, data volume transferred, report on successful call, browser type and version, operating system, referrer URL (the previously visited website), IP address, and the provider.

Data is collected on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR — namely for maintenance and optimization of our services as well as for security reasons (e.g., investigation of abusive acts).

Retention: Log files are stored for a maximum of 30 days and then deleted, unless retention beyond that period is required for investigating a specific security incident or abusive act. In that case, the affected log entries are isolated and stored only as long as necessary to complete the investigation.

Cookies

We make use of cookies on our website only to the extent necessary to run the site (e.g., to display the website correctly) and to store your preferences from the cookie banner where applicable. Cookies are pieces of information that are transferred from our web server to the web browser of the user and stored for future calls.

Legal basis for processing essential cookies is our legitimate interest in accordance with Article 6(1)(f) GDPR. Where we ever use non-essential cookies, the legal basis is your prior consent in accordance with Article 6(1)(a) GDPR.

Most browsers accept cookies automatically. You can still configure your browser in a way that no cookies are stored on your computer, or so that a notification appears each time a new cookie is about to be installed. Completely deactivating cookies can, however, lead to limited functionality of our website.

Web analytics (Plausible)

We use Plausible Analytics to understand, on an aggregate level, how our website is used — for example, which pages are visited and which sources refer visitors. Plausible is a privacy-focused web analytics service that works without cookies and does not collect or store personal data that could identify you. No information is stored in your browser for this purpose, and the data is neither shared with nor sold to third parties.

Plausible uses no persistent identifiers and no cross-site tracking. To count unique visitors within a single day, it derives a one-way hash from the incoming IP address and the browser user-agent combined with a daily-rotating salt; the raw IP address is not written to disk, and the salt is discarded every 24 hours, so visitors cannot be recognized across days or across websites. All resulting metrics are stored only in aggregate form.

The analytics script and its measurement requests are served from our own domain hyperize.ai; your browser does not contact a separate analytics domain.

The legal basis for this processing is our legitimate interest in the needs-based design and continuous improvement of our website in accordance with Article 6(1)(f) GDPR. Because Plausible does not process data that identifies you and stores no information on your device, no separate consent is required.

The analytics data is processed on our behalf by the provider as a processor under Article 28 GDPR:

  • Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia. Plausible is an EU company and hosts all data exclusively on servers within the European Union, so no transfer to a third country takes place. Details: plausible.io/data-policy.

Retention: Plausible stores only aggregated, non-personal usage statistics, which we retain for as long as they remain useful for analysis. As no personal data is stored, no person-related deletion is required.

Outbound links to external platforms

Our website includes outbound links to selected online profiles on third-party platforms (in particular LinkedIn). We implement these as simple linked text or graphic links rather than embedded plug-ins, which prevents data from being processed by the linked platforms when you only visit our website. A connection to the respective platform is established only as a corresponding link is clicked. Opening up one of the respective platforms via the link buttons is voluntary and constitutes an act of consent.

Once you are redirected to a platform, data is collected and processed by the responsible provider. Please review the privacy policies of the individual providers for details on the applicable data protection regulations:

  • LinkedIn — operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Parent: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. linkedin.com/legal/privacy-policy.

The Hyperize DAX 40 Agent Success Index measures publicly accessible digital touchpoints of corporate brands. The data processed and published in the index — brand names, public URLs, public API responses, and Hyperize's own scoring observations — is non-personal corporate information. Where the underlying public surfaces incidentally expose personal data (e.g., names of public spokespeople, executives, or support contacts published by the brand itself), Hyperize does not collect, store, or publish such personal data beyond what is strictly necessary for editorial identification. The full editorial framing is covered on the imprint page.

All of your browser's communication with our services is secured via an encrypted SSL/TLS connection in order to protect your data against unauthorized access by third parties. Only selected administrators can access your data, and only to the extent necessary to maintain the services.

Apart from that, we take appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological development.

Data stored by us will be deleted once it is no longer required for the intended purpose and provided that no legal retention obligations object to a deletion. If user data cannot be deleted due to further and lawful purposes, the processing of this data will be limited, i.e., data is locked and not processed for other purposes.

You have the following rights:

  • in accordance with Article 15 GDPR, to receive information about your personal data processed by us upon request;
  • in accordance with Article 16 GDPR, to immediately request rectification of inaccurate or incomplete personal data stored by us;
  • in accordance with Article 17 GDPR, to request deletion of personal data stored by us as long as its processing is not required to exercise freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to claim, exercise, or defend legal rights;
  • in accordance with Article 18 GDPR, to request limitation of processing of your personal data;
  • in accordance with Article 20 GDPR, to receive information on your personal data provided to us in a structured, common, and machine-readable format, or to request its transmission to another responsible entity;
  • in accordance with Article 7(3) GDPR, to revoke your consent once given to us, effective for the future;
  • in accordance with Article 77 GDPR, to complain to a supervisory authority. You can do this by approaching the supervisory authority of your usual place of residence or place of work, or the supervisory authority of our registered office. The competent authority for our registered office is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany — lda.bayern.de.

Provided that your personal data is processed based on legitimate interests under Article 6(1)(f) GDPR, you have the right under Article 21 GDPR to lodge an objection against the processing of your personal data when there are valid reasons arising out of your particular situation, or where the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specification of a particular situation. If you want to make use of your right of objection, send us an email to the address mentioned above.

Provided that you have given consent under Article 6(1)(a) GDPR, you have the right to withdraw this consent at any time with effect for the future. Withdrawing consent does not affect the lawfulness of data processing performed before your withdrawal and based on your previous consent. If you want to make use of your right of withdrawal, send us an email to the address mentioned above.

No automated decision-making within the meaning of Article 22 GDPR — including profiling that produces legal effects concerning you or similarly significantly affects you — takes place when you visit our website or otherwise interact with us through the channels described in this policy.

We reserve the right to make changes to this data privacy policy from time to time to meet the obligations of changed legal positions or to extend the scope of functions of our website. You should therefore review this policy on a regular basis to stay informed about the protection of your data. By continuing the use of our services, you agree with this policy in its current version.

Last updated: 2026-06-04