Privacy Policy

We at MediHippo help you master any topic – whether it’s Anatomy, Physiology, or Biochemistry, we’ll get every bit of content into your Medi-brain.
To do that, we need a few pieces of information from you. Don’t worry – we take good care of your data.

Here are the most important things you should know:

We only collect your personal data when and to the extent necessary to provide our services to you.

We do not share your personal data with anyone, unless it’s necessary to provide and improve our services, fulfill legal requirements, or protect the rights, property, and safety of MediHippo, our users, and the public.

We only store your personal data for as long as necessary to operate our services.

Privacy Policy for MediHippo

Effective Date: 2023-04-10; Last Updated: 2025-05-02

Whether you’ve been using MediHippo for a while or are completely new – please take a moment to learn how we handle your data.

This privacy policy is intended to help you understand how we collect and use personal information that you provide to us on medihippo.de and the official app. This privacy policy describes:

What information we collect and why
How we use and share this information
How to contact us if you have questions

1. What data do we collect?

1.1 Data you provide to use the service:

We collect data from you when you create your MediHippo account, log in, complete surveys, upload content, or otherwise use our services.

Note: Content from questions or flashcards is stored only locally on your device and is not transmitted to our servers.

When creating an account, we ask for your email address, date of birth, and your first and last name so we can provide our service. Without this information, we unfortunately cannot offer you access to MediHippo.

If you complete a financial transaction with MediHippo, such as subscribing to a premium membership, we’ll need a few additional details like your credit card number, billing address, and the full name of the billing contact to process the transaction.

If you use a file sharing service to exchange study sets, we store your access so you don’t have to reconnect on any of your devices.

Of course, you’re free to withhold certain information, but please note that some MediHippo services may not be available if that information is required.

1.2 Data to improve your user experience

You can provide us with additional data to enhance your user experience. These optional data points are only processed with your consent and/or for services you request. This includes things like your responses to surveys, participation in promotions or marketing activities, suggestions, recommendations, or other interactions while using the service.

1.3 Data we collect automatically when you use MediHippo

We automatically collect information about you and your use of the service, for example when you create or import a study set or interact with your or other users’ content. We may collect the following types of data:

1.3.1 Device data

Like most website operators, MediHippo collects information on how users visit our site and what devices they use. We collect device-specific information (such as hardware model, operating system, device IDs like IDFA and UDID, and mobile network details). MediHippo may associate your device IDs or other device-related data with your MediHippo account to ensure smooth performance across devices.

1.3.2 Geolocation data

We can estimate your approximate location based on your IP address to provide a better user experience. We do not access location sensors like GPS or Bluetooth beacons when you download or use our apps or services.

1.3.3 Log data

When you use MediHippo, we automatically collect and store log data.
This includes details about how you use our service, such as data on search queries, clicks, page navigation, and study activity.

This may include information such as:

Browser type
Language settings and time zone
Referring websites and the date/time of each visit
Internet connection details such as IDA or mobile provider
IP address (Internet Protocol address)
Login and logout times

1.4 Data from other sources

We also store data from external sources, which we combine with data you provide. We have no control over how third parties process your personal data and are not responsible for it. Any requests for disclosure should be directed to those third parties.

We may collect the following types of data from third parties:

1.4.1 Apple Sign In and Google Login

You can sign in to our website using Apple Sign In or Google Login. These services verify your identity and allow you to share personal information, such as your name, birth date, and email address, which we can use to prefill our sign-up form.

1.4.2 Other users

MediHippo may receive information about you from other users. For example, if someone uses our referral service to invite a friend, we may ask for the friend’s name and email address to send the invitation on their behalf. You may contact us at support@medihippo.de to request removal of this data from our systems.

1.4.3 Other partners and companies

In rare cases, MediHippo may receive information about you from other sources, such as partners, service providers, or other third parties.

2. How We Use Your Data

When you use MediHippo, we collect data about you for various reasons. This helps us design our website and app to best suit your needs.

2.1 Analyzing, Improving, and Developing Our Service

We use the data we collect in connection with you to operate, improve, and develop our service. This includes providing, maintaining, securing, and enhancing our services, developing new features, and protecting MediHippo and our users. These insights help us better understand how you use the platform, allowing us to personalize content and offer tailored suggestions. We also conduct surveys, market research, feature testing, and analyze data to improve or develop products and services and to fix issues.

Here are two examples of how we use this information:

Providing, maintaining, and improving our service
The data we collect allows us to register you, host your content, and provide access to our learning tools. It also helps us understand how you and others use MediHippo, which guides the development of new features and services.

Measuring, tracking, and analyzing trends and usage data
To further develop and improve our products and provide a consistent, safe, and smooth experience, we collect certain data that allows us to analyze your usage and how the service is performing.

2.2 Communication Between You and Us

We also use the data we collect to provide helpful details about the service and assist you as needed.

This includes:

Conducting surveys and collecting feedback about the service, helping us evaluate the performance of new updates.

Supporting you and responding to inquiries. We send requested information and support communications, such as tech tips, security alerts, and other administrative notices to help with any problems you may experience with MediHippo or your account.

2.3 Securing the Service and Maintaining a Trustworthy Environment

We use the data collected from you to ensure that MediHippo remains a secure and protected platform for all users. This includes enforcing our policies and complying with applicable laws and regulations.

This includes:

Preventing fraudulent, criminal, and abusive activity as well as ensuring the safety and integrity of the service. This involves identifying, detecting, preventing, or reporting fraud, illegal activity, misrepresentations, security threats or breaches, and taking other actions to protect your account.

Protecting our rights and property, and the rights and property of third parties, and enforcing our Terms of Use or any other agreements or policies.

Verifying your identity, when necessary, to protect the security and integrity of the service and your account.

Complying with all applicable laws and legal obligations. This includes responding appropriately to lawful requests from government or legal entities.

Contacting you to resolve disputes, collect fees, or provide assistance with your use of the service.

2.4 Advertising and Analytics

MediHippo and our external advertising partners may show ads when you visit our website. To display ads for products or services that might interest you, MediHippo or its partners may use information (excluding your name or email address) that we have collected or that has been collected from your devices or other websites you visit, to serve relevant ads.

2.5 Third-Party Analytics

We may use third-party services that collect data on how users interact with our site. These third parties may use various technologies like cookies, tracking pixels, or others to collect data such as your IP address, device ID, installed apps, browser, visited pages, time spent on MediHippo, clicked links, and completed actions (e.g., study sessions).
MediHippo and these third parties use this data to analyze user behavior, determine content popularity, and better understand how you use our service.

2.6 Other Uses

We may use data for other purposes, which we will communicate to you via the service from time to time. If we intend to use your data for purposes not consistent with the original intent, we will inform you beforehand and, where necessary, obtain your consent.

2.7 Legal Basis for Data Processing

We process your personal data only when permitted by law. The main legal bases under the General Data Protection Regulation (GDPR) include:

• Art. 6(1)(a) GDPR – Consent: e.g., for participating in surveys, marketing activities, or using optional features.
• Art. 6(1)(b) GDPR – Contract performance or pre-contractual steps: e.g., for registration, using the service, synchronization, or payment processing.
• Art. 6(1)(c) GDPR – Legal obligation: e.g., data retention required for invoicing or tax purposes.
• Art. 6(1)(f) GDPR – Legitimate interest: e.g., for security measures, internal analysis, service improvement, or fraud prevention.

When we ask for your consent, we do so transparently and for a specific purpose. You may revoke your consent at any time with future effect (see Section 9).

3. How We Use Cookies and Similar Technologies

Cookies are small text snippets sent by the websites you visit to your browser. Some cookies used in our service come from us, while others may be set by third-party service providers. Most desktop and mobile browsers accept cookies by default. However, you can change your browser settings to disable automatic acceptance or to notify you each time a cookie is set.

Cookies help us secure the registration process, store your personal and account settings, analyze and aggregate user activity, and deliver relevant MediHippo-related information.

When you use MediHippo, we immediately start collecting data about you and your activity. By using our service, you consent to us collecting and using this data in accordance with this privacy policy. These technologies also help analyze trends, administer the website, track navigation paths, and gather demographic information about our user base. We may receive reports from these companies either individually or in aggregated form.

3.1 Mobile Analytics, Tracking Pixels, or Social Media Widgets

We currently do not use traditional analytics tools such as pixels, social media widgets, or mobile analytics.

3.2 Local Storage

External partners that help us provide certain features on our website or display advertisements based on your browsing activity may use your local storage to collect and store data. Some web browsers may provide their own management tools for removing local storage data. Please refer to your browser’s documentation and settings for more information.

3.3 Cookie Consent and Consent Banner

When you first visit our web app, we display a notice (consent banner) asking for your permission to use certain cookies and analytics tools. You can choose which non-essential cookies or services (e.g., for statistics, advertising, or personalization) you wish to allow.

Your consent is voluntary and can be withdrawn at any time via the cookie settings in the footer or through your browser.

These technologies are only used based on your prior explicit consent in accordance with Art. 6(1)(a) GDPR.

4. Who Do We Share Your Data With?

In principle, MediHippo does not share your data with others unless one of the following conditions applies:

You have given us your consent
We only share your personal data with companies, organizations, or individuals outside of MediHippo when you have explicitly given us your consent.

For external processing
MediHippo provides partners, trusted organizations, vendors, and affiliated companies with personal and other data so they can process it on our behalf. Some of these contractors and affiliates may be located outside your home country. Our service providers process the data in accordance with our instructions, this privacy policy, and any applicable confidentiality and security measures. By using MediHippo, you agree that these companies may process your data on our behalf, regardless of their location.
If you would like a full list of the service providers and partners we work with, feel free to contact us at info@medihippo.de.

To comply with legal requirements and prevent harm
MediHippo may share personal data with external companies, organizations, or individuals when we have a good-faith belief that access to, or disclosure, storage, or use of such data is reasonably necessary to:

• Comply with applicable laws, regulations, legal proceedings, or enforceable government requests.
• Enforce our Terms of Use, including investigating potential violations.
• Detect, prevent, or otherwise address fraud, security issues, or technical problems.
• Protect the rights, property, or safety of MediHippo, our users, or the public, as required or permitted by law.

For publication or research purposes
Occasionally, MediHippo may share non-personal data in aggregated or anonymized form—for example, by publishing a report on trends in usage of our website.

5. International Data Transfers

Some of our service providers and partners (e.g., Apple, Google, Stripe) are based outside the European Union (EU) or the European Economic Area (EEA), particularly in the United States. In these cases, we ensure that your data is protected in accordance with the GDPR.

To ensure this, we use:

• The EU Commission’s adequacy decision (e.g., for the U.S. under the EU-U.S. Data Privacy Framework), or
• The Standard Contractual Clauses approved by the EU Commission pursuant to Art. 46 GDPR.

If you would like more information about the safeguards used in our international data transfers, feel free to contact us at info@medihippo.de.

6. How Long Do We Keep Your Data?

MediHippo retains your data as long as your account is active or as long as needed to fulfill legitimate business purposes or legal obligations. When these conditions no longer apply, MediHippo deletes the data following our standard deletion procedures. Non-personal data, such as anonymized or aggregated information, may be stored and used indefinitely.

6.1 How We Handle the Deletion Process

When you delete your account or specific data, we first ensure it is no longer visible. We then initiate the secure deletion of your personal data from our systems.
Our system is designed to prevent unintentional or malicious deletion, which may delay the full removal of data from our active servers. Some copies may remain temporarily in our backup systems to ensure secure and protected deletion. Planned maintenance, unexpected outages, software errors, or logging issues may also impact the timing of deletion.

6.2 Support Requests and Communication with Our Users

Records of support requests and other communications between you and us—such as support emails, survey responses, or submitted feedback—are retained indefinitely. This helps us improve support processes, maintain accurate business records, and identify usage trends.
To clarify requests, respond appropriately, or help other users, we reserve the right to publish such communications.

7. How Do We Protect Your Data

The security of your personal data is important to us, and we take all reasonably appropriate precautions to protect your data from unauthorized access, use, or destruction.

We follow generally accepted industry standards to protect the personal data provided to us, both during transmission and after it is received. For example, our website is protected by HTTPS encryption, and when you enter your credit card information on our order forms, that data is encrypted and protected by our external payment processors.

If we become aware of a breach of system security affecting your user data that could reasonably be used for unauthorized purposes, we will promptly notify you so you can take appropriate action.

Procedure in the Event of a Data Breach

In the event of a data breach, we comply with applicable legal requirements. If we learn or have reason to believe that your data has been compromised by unauthorized access and is being or could be used for unauthorized purposes, we will promptly notify you and, if necessary, notify the appropriate governmental authorities so that you can take appropriate measures.

8. Handling of Data from Minors

MediHippo is not intended for users who have not yet reached the legal age of majority. We do not knowingly collect data from children. If you are not yet of legal age, you should not download or use MediHippo or provide us with any personal information.

We reserve the right to request proof of age at any time to ensure that minors are not using our services. If we learn that a minor is using our services, we may deny access, block the account, and delete any stored data. If you believe that a minor has provided us with data, please contact us at info@medihippo.de.

9. Withdrawal of Your Consent to Data Processing

Some data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. A simple email to info@medihippo.de is sufficient.
The lawfulness of data processing carried out before the withdrawal remains unaffected.

10. Right to File a Complaint with a Supervisory Authority

If you believe your data protection rights have been violated, you have the right to file a complaint with the competent supervisory authority.
The appropriate authority is the data protection officer of the federal state where our company is located. You can find a list of data protection officers and their contact information at the linked page.

11. Right to Data Portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or a third party, in a machine-readable format. If you request a direct transfer of the data to another controller, this will only be done if technically feasible.

12. Right to Access, Rectification, Blocking, and Deletion

Within the scope of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, recipient, and the purpose of data processing. You also have the right to correct, block, or delete this data.
For this and other questions related to personal data, you can contact us at any time using the contact details provided in the legal notice (Impressum).

Still Have Questions?

If you have general questions about our services or about the data we collect and how we use it, please contact us at:

Privacy Contact Information HippoSphere UG Junkerstraße 3A 52064 Aachen info@medihippo.de