Privacy Policy

Scope: hephar.io & tools.hephar.io

This privacy policy applies to all services provided by Hephario GmbH across our domains hephar.io and tools.hephar.io.

Data controller

Hephario GmbH
Graf-Starhemberg-Gasse 5/1/30-31
1040 Vienna, Austria
FN 676823d · Handelsgericht Wien
Email: legal@hephar.io

1. Introduction

This privacy policy informs you about how Hephario GmbH (“we” or “us”) processes personal data when you visit our websites at hephar.io and tools.hephar.io (“websites”). We take the protection of your personal data seriously and process it in compliance with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act (TKG).

2. Data Controller & Data Protection Contact

The data controller responsible for processing your personal data is:

Hephario GmbH
Graf-Starhemberg-Gasse 5/1/30-31
1040 Vienna, Austria
FN 676823d · Handelsgericht Wien
Email: legal@hephar.io

You may contact our data protection contact at the above address or via email at legal@hephar.io.

3. Data Processing When Visiting Our Websites

3.1 Server Log Files

When you access hephar.io or tools.hephar.io, your browser automatically transmits certain information to our servers. This data is stored in server log files and includes:

  • IP address (anonymised after processing)
  • Date and time of access
  • URL of the requested page
  • HTTP status code
  • Amount of data transferred
  • Referrer URL (if applicable)
  • Browser type and operating system

Legal basis: Art. 6(1)(f) GDPR in conjunction with § 96(3) TKG. The storage in log files is necessary to ensure the functionality of the website, to optimise it, and to ensure the security of our information technology systems.

Retention period: Log files are deleted automatically after 7 days, unless a longer retention is required for evidence purposes in the event of a security incident.

3.2 Hosting & Content Delivery Network (CDN)

Our websites (hephar.io and tools.hephar.io) are hosted within the European Union. We use BunnyCDN as our Content Delivery Network to improve loading times and ensure reliable content delivery across Europe.

BunnyCDN is a EU-based CDN provider (headquartered in Slovenia). BunnyCDN processes server log data as described in section 3.1, with the following privacy safeguards:

  • All server logs are automatically anonymised — IP addresses are not stored in their original form
  • All processing takes place within the European Union
  • No personal data is transferred to third countries
  • Data retention follows the same 7-day policy as our hosting provider

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable and fast website delivery).

3.3 Local Processing on tools.hephar.io

Certain tools on tools.hephar.io process data locally in your browser without transmitting it to our servers. These include:

  • Smart Segmentation & Face Detection: ML inference runs entirely client-side using WebAssembly. No images or biometric data leave your device.
  • EXIF Viewer: Reads metadata (including GPS coordinates) from photos entirely within your browser. No data is uploaded or stored.
  • Background Remover: Background removal processing occurs locally. Image data does not leave your browser.

While these tools operate locally and we have no access to your data, please be aware that they may process sensitive information (e.g., GPS location data in EXIF metadata, or facial features for detection). All processing is temporary and data is not persisted or transmitted.

4. Cookies & Local Storage

Our website uses the following technically necessary storage mechanisms:

4.1 Cookies

We use a single technically necessary cookie:

  • cookie_consent — Stores your cookie consent preferences. This cookie is exempt from consent requirements under § 96(3) TKG as it is strictly necessary for the provision of the service.

4.2 Local Storage

We use browser local storage for the following user preferences:

  • lang — Your selected language preference (EN/DE)
  • theme — Your selected colour theme (light/dark)

This data is stored exclusively on your device and is never transmitted to our servers.

4.3 No Analytics or Tracking Cookies

We do not use any analytics services (such as Google Analytics), tracking pixels, social media widgets, or any form of user profiling. No third-party cookies are set by our website.

5. Contact by Email

If you contact us via email (e.g., to talk@hephar.io, career@hephar.io, or legal@hephar.io), the personal data you provide (name, email address, message content, and any attachments) is processed for the purpose of handling your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Retention period: Data is stored for the duration necessary to process your inquiry and, if applicable, the resulting business relationship. After termination, data is retained only as long as required by applicable legal retention obligations (typically 7 years under § 212 UGB for business correspondence).

6. Your Rights as a Data Subject

Under the GDPR and the Austrian DSG, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You may request information about whether and which of your personal data we process, as well as a copy of such data.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate personal data concerning you.
  • Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data where the legal requirements are met.
  • Right to restriction of processing (Art. 18 GDPR): You may request the restriction of processing under certain conditions.
  • Right to data portability (Art. 20 GDPR): You may request to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to the processing of your personal data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3) GDPR): If processing is based on your consent, you may withdraw it at any time with effect for the future.

To exercise your rights, please contact us at legal@hephar.io. We will respond to your request without undue delay and in any case within one month.

Right to lodge a complaint: If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with the supervisory authority. In Austria, the competent authority is:

Österreichische Datenschutzbehörde
Barichgasse 40–42
1030 Wien
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: www.dsb.gv.at

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include, in particular, encryption, access controls, and regular security assessments.

8. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our practices or applicable law. The updated version will be published on this page with a revised “Last updated” date. We recommend reviewing this policy periodically.

9. Contact

If you have any questions or concerns regarding this privacy policy or the processing of your personal data, please contact us at:

Hephario GmbH
Graf-Starhemberg-Gasse 5/1/30-31
1040 Vienna, Austria
Email: legal@hephar.io

Last updated: May 2026

← Back to Impressum