Skip to main content
Features
Pricing
FEATURED
NEW PLAYBOOK

The 30-Day AI Visibility Sprint

Transform your brand's digital footprint with our curated editorial framework.

Download Free →
Log in
Start for Free
Book Demo

GDPR Compliance

Last updated: March 23, 2026

1. Our Commitment

Hema is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements.

2. Lawful Basis for Processing

We process personal data under the following legal bases:

  • Contractual necessity: Processing required to deliver our AI visibility services
  • Legitimate interest: Analytics and service improvement
  • Consent: Marketing communications and optional analytics cookies
  • Legal obligation: Tax, accounting, and regulatory compliance

3. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at hello@tryhema.com. We will respond within 30 days.

4. Data We Collect

  • Account data: Name, email, company name, billing address
  • Usage data: Feature usage, session logs, platform interactions
  • Technical data: IP address, browser type, device information

5. Data Storage & Transfers

Data is stored on secure cloud infrastructure. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our service providers.

6. Sub-Processors

We use the following sub-processors to deliver our services:

  • Vercel: Hosting and edge delivery (US)
  • Firebase / Google Cloud: Database and authentication (US/EU)
  • Stripe: Payment processing (US/EU)
  • Resend: Transactional email (US)
  • PostHog: Product analytics (EU)

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.

8. Data Protection Officer

For GDPR-related inquiries, contact our data protection team at hello@tryhema.com.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.