top of page

TERMS OF SERVICE

TRUST AND COMPLIANCE GDPR

TRUST AND COMPLIANCE DPA

TRUST AND COMPLIANCE HIPPOCLOUD 

 

Trust, Security & Compliance Summary
GDPR-Aligned • Secure Infrastructure • Responsible AI- Healthcare Aligned

AI Communication Platform • Secure 

   Data Protection at a Glance

  • GDPR (UK & EU) aligned

  • HIPAA-aligned safeguards (usa)

  • No data stored or processed in Hong Kong

  • Data hosted in EU & USA only

  • No AI training on client data

  • Encrypted data transmission

  • Role-based access control

  Translation: Your data stays controlled, secure, and predictable.

  How Our AI Works

HippoCloud uses artificial intelligence to:

  • Respond to enquiries

  • Capture leads

  • Support bookings

Important:

  • AI is assistive only

  • Outputs may not always be perfect

  • All decisions remain under human control

  No black box. No hidden behaviour.

  Healthcare-Safe Design

  • Not a medical system

  • No clinical decision-making

  • No surgical or treatment use

  • Built for admin + communication only

  You stay compliant. We stay in our lane.

  Data Handling Principles

We follow strict principles:

  • Purpose limitation → data only used for service delivery

  • Data minimisation → only necessary data processed

  • Retention control → data deleted or anonymised after use

  • No reuse → not used for AI training or resale

  Data Location & Transfers

  • Data stored in:

    • European Union

    • United States

  • Transfers:

    • UK ↔ EU ↔ USA

  • Safeguards:

    • Standard Contractual Clauses (SCCs)

    • UK IDTA

  No data flows through Hong Kong infrastructure

  Security Measures

We implement:

  • Encryption in transit

  • Secure cloud infrastructure

  • Access control systems

  • Authentication protections

  Built to modern SaaS security standards.

  Legal Structure

HippoCloud operates with a clear legal framework:

  • Client = Data Controller

  • HippoCloud = Data Processor

We process data:

  • Only on your instructions

  • Only to deliver the service

  Key Documents Available

We provide:

  • Terms of Service

  • Privacy Policy

  • Data Processing Agreement (DPA)

  Transparency & Consent

You remain in control of:

  • Customer disclosures

  • Consent collection

  • Communication policies

We recommend informing users that:

  • AI may respond

  • Communications may be recorded

  What We Don’t Do 

We do NOT:

  • Sell your data

  • Train AI on your data

  • Provide medical advice 

  • Guarantee business results

   No hidden agendas.

  Data Protection Contact

For any privacy or compliance officer enquiries contact

help@hippocloud.co.uk

Contract terms for HippoCloud and HippoCloud AI as Trading names.
Updated: April 2026

1. WHAT WE DO

HippoCloud provides AI-powered Communication systems Designed to:

  • Handle inbound enquiries

  • Capture and qualify leads

  • Support booking workflows

  • Smart Marketing services

The Services are administrative in nature and do not replace human judgement.

2. AI OUTPUT DISCLAIMER & LIMITATIONS

The Client acknowledges that the Services utilise artificial intelligence.

Accordingly:

  • Outputs may be inaccurate, incomplete, delayed, or inappropriate

  • The system is not error-free and not guaranteed to operate without fault

  • Artificial intelligence systems are inherently probabilistic and may produce unexpected results

The Client agrees:

  • To verify all outputs before reliance

  • That all decisions remain their responsibility

HippoCloud shall not be liable for:

  • Errors in AI-generated outputs

  • Reliance on such outputs

  • Any resulting consequences

3. HEALTHCARE & SURGICAL DISCLAIMER

HippoCloud provides administrative tools only.

The Services:

  • Do not provide medical advice, diagnosis, or treatment

  • Must not be used for clinical or surgical decision-making

  • Must not be used in emergency or life-critical situations

All responsibility remains with:

  • The healthcare provider

  • The treating clinician

4. DATA PROTECTION & COMPLIANCE

4.1 Controller & Processor Roles

  • The Client is the Data Controller

  • HippoCloud is the Data Processor

HippoCloud:

  • Processes Personal Data only on documented instructions from the Client

  • Processes data solely for the purpose of delivering the Services

  • Does not use Personal Data for its own purposes

The Client remains responsible for:

  • Establishing a lawful basis for processing

  • Providing required disclosures

  • Ensuring compliance with applicable data protection laws

4.2 Regulatory Alignment

HippoCloud operates in accordance with:

  • UK GDPR

  • EU GDPR

Where services involve health-related data or U.S.-based clients:

  • Systems are designed to align with HIPAA-aligned safeguards and security practices

  • HippoCloud does not represent full HIPAA compliance, and a separate agreement (e.g. BAA) may be required where applicable

  • The Client is responsible for determining whether the Services are suitable for processing protected health information (PHI)

With respect to Hong Kong:

  • HippoCloud aligns with the requirements of the Personal Data (Privacy) Ordinance (PDPO)

  • No Personal Data is stored, processed, or transferred through Hong Kong

4.3 Data Hosting & Transfers

  • Data is stored only in the European Union and the United States

  • Transfers permitted between UK, EU, and USA

  • No data processed in Hong Kong

4.4 Subprocessors

HippoCloud may engage third-party subprocessors, including:

  • Cloud hosting providers

  • Telecommunication platforms

  • Artificial intelligence providers

HippoCloud shall:

  • Ensure subprocessors are subject to appropriate data protection obligations

  • Ensure compliance with UK GDPR and EU GDPR

  • Remain responsible for the acts and omissions of its subprocessors

A current list of subprocessors may be provided upon request.

4.5 Data Retention & Use

HippoCloud shall:

  • Retain Personal Data only for as long as necessary

  • Not retain data beyond service delivery unless legally required

  • Not use Client data for AI training or model improvement

Upon termination:

  • Data will be deleted or anonymised, unless retention is required by law

4.6 Data Security

HippoCloud implements:

  • Encryption in transit

  • Secure infrastructure

  • Access control and authentication systems

  • Restricted access to authorised personnel

We follow industry-standard SaaS security practices.

No system is completely secure.

4.7 Data Protection Contact

For all data-related enquiries:
help@hippocloud.co.uk

5. CLIENT RESPONSIBILITIES

The Client must:

  • Inform users that communications may be recorded and processed

  • Obtain all required legal consent

  • Use the Services lawfully

The Client is responsible for:

  • All communications

  • Regulatory compliance

  • System usage

6. SERVICE AVAILABILITY & MAINTENANCE

  • Target uptime: 99.9% (monthly)

  • Not guaranteed

Maintenance:

  • 24 hours’ notice where possible

  • Immediate where required

No liability for:

  • Downtime

  • Third-party failures

7. SERVICE SCOPE LIMITATION

HippoCloud:

  • Is not a call centre

  • Does not act as a human agent

  • Does not make decisions

  • Does not provide medical or professional advice

All responsibility remains with the Client.

8. FEES & PAYMENT

Services are provided on a paid basis.

Failure to pay may result in:

  • Suspension

  • Termination

Fees are non-refundable unless agreed.

9. ACCEPTABLE USE & SUSPENSION

HippoCloud may suspend services:

  • For misuse or unlawful activity

  • To protect system integrity

  • For operational or technical reasons

This may occur without notice where necessary.

10. NOTICE OF CLAIM

Claims must be submitted within 30 days.

Failure to do so bars the claim.

11. INDEMNITY

The Client agrees to indemnify HippoCloud against:

  • Misuse of Services

  • IlLegal violations

  • Data-related claims

12. LIMITATION OF LIABILITY

HippoCloud is not liable for:

  • Indirect or consequential damages

  • Loss of profit, revenue, or data

Total liability is limited to:

 Fees paid in the previous 3 months

13. FORCE MAJEURE

HippoCloud is not liable for events outside its control, including:

  • Infrastructure failures

  • Third-party outages

14. NO GUARANTEE OF RESULTS

HippoCloud does not guarantee:

  • Bookings

  • Revenue

  • Conversion rates

The Services support operations but do not guarantee outcomes.

15. GOVERNING LAW

These Terms shall be governed by and construed in accordance with the laws of Hong Kong.Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of Hong Kong, unless otherwise agreed in writing.

16. CHANGES TO TERMS

We may update these Terms at any time. Continued use = acceptance of the new terms

CONTACT INFORMATION

Copyright 2026. Email help@hippocloud.co.uk

 

 

 

 

 

HIPPOCLOUD PRIVACY POLICY GDPR TRUST AND COMPLIANCE 2026

1. INTRODUCTION

HippoCloud (“we”, “us”, “our”) is committed to protecting personal data and respecting privacy.

This Privacy Policy explains how we collect, use, and protect personal data when providing our AI-powered communication services.

2. DATA CONTROLLER & PROCESSOR ROLES

  • HippoCloud acts primarily as a Data Processor, processing personal data on behalf of its clients

  • Our clients act as Data Controllers, determining how and why personal data is used

For certain limited purposes (e.g. account management), HippoCloud may act as a Data Controller 

3. PERSONAL DATA WE PROCESS

We may process:

  • Contact details (name, phone number, email)

  • Communication data (messages, call transcripts, enquiry content)

  • Booking and interaction data

  • Technical data (IP address, device information where applicable)

We do not intentionally collect sensitive personal data, unless provided by the Client.

4. HOW WE USE PERSONAL DATA

We process personal data solely to:

  • Provide and operate the Services

  • Facilitate communication and booking workflows

  • Maintain system performance and security

  • Comply with legal obligations

We do not:

  • Sell personal data

  • Use personal data for advertising

  • Use client data to train AI models

5. LEGAL BASIS FOR PROCESSING

Where HippoCloud acts as a Data Controller, processing is based on:

  • Legitimate interests (service provision, system operation)

  • Contractual necessity

  • Legal obligations

Where HippoCloud acts as a Data Processor:

  • Processing is carried out on behalf of the Client (Data Controller)

6. DATA STORAGE & TRANSFERS

  • Data is stored and processed only in the UK European Union and the United States

  • Data may be transferred between the UK, EU, and USA

We rely on:

  • Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Agreement (IDTA) where applicable

 No personal data is processed in Hong Kong

7. DATA RETENTION

  • Personal data is retained only as long as necessary

  • Data is not retained beyond service delivery unless legally required

  • Upon termination, data is deleted or anonymised

8. DATA SECURITY

We implement appropriate security measures, including:

  • Encryption in transit

  • Secure infrastructure providers

  • Access control and authentication

  • Restricted personnel access

We follow industry-standard SaaS security practices

9. SUBPROCESSORS

We may use third-party service providers, including:

  • Cloud infrastructure providers

  • Telecommunication providers

  • AI processing providers

All subprocessors are subject to appropriate data protection safeguards.

10. DATA SUBJECT RIGHTS

Under applicable law (e.g. UK GDPR / EU GDPR), individuals may have rights to:

  • Access their personal data

  • Request correction

  • Request deletion

  • Restrict or object to processing

  • Data portability

Requests should generally be directed to the relevant Data Controller

11. HEALTHCARE DATA 

Where health-related data is involved:

  • HippoCloud acts as a technology provider only

  • We do not provide medical advice or clinical services or advice.

  • Clients remain responsible for compliance with healthcare regulations

12. DATA PROTECTION CONTACT

For privacy or data protection enquiries: 

 help@hippocloud.co.uk

We will respond within applicable legal timeframes.

13. GOVERNING LAW

This Privacy Policy is governed by the laws of Hong Kong, while data protection rights are applied in accordance with applicable regulations (e.g. GDPR where relevant).

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time.

Continued use of the Services constitutes acceptance of updates. 

Copyright 2026 HippoCoud  is a tradding name,

HIPPOCLOUD DATA PROCESSING AGREEMENT (DPA)

April 2026

1. PARTIES

This Data Processing Agreement (“Agreement”) is entered into between:

  • The Client (Data Controller)

  • HippoCloud (Data Processor)

This Agreement forms part of and is incorporated into the Terms of Service.

2. PURPOSE

This Agreement governs the processing of Personal Data by HippoCloud on behalf of the Client in connection with the provision of AI-powered communication services.

3. DEFINITIONS

  • “Personal Data”: Any information relating to an identified or identifiable individual

  • “Processing”: Any operation performed on Personal Data

  • “Controller”: The entity determining the purpose and means of processing

  • “Processor”: The entity processing data on behalf of the Controller

Definitions align with UK GDPR and EU GDPR.

4. SCOPE OF PROCESSING

4.1 Nature & Purpose

Processing is carried out to:

  • Handle communications

  • Capture and manage enquiries

  • Support booking workflows

4.2 Categories of Data

May include:

  • Contact details (name, phone, email)

  • Communication content (messages, transcripts)

  • Booking data

4.3 Data Subjects

May include:

  • Customers

  • Patients

  • Website users

5. PROCESSOR OBLIGATIONS

HippoCloud shall:

  • Process Personal Data only on documented instructions from the Client

  • Use data solely for service delivery

  • Not sell, share, or use data for its own purposes

  • Not use Personal Data for AI training or model improvement

6. CLIENT (CONTROLLER) OBLIGATIONS

The Client shall:

  • Ensure lawful basis for processing

  • Provide appropriate privacy notices

  • Obtain necessary consents

  • Ensure compliance with applicable laws

The Client is responsible for determining whether the Services are suitable for processing protected health information (PHI).

7. DATA SECURITY

HippoCloud implements appropriate technical and organisational measures, including:

  • Encryption in transit

  • Secure infrastructure providers

  • Access controls and authentication

  • Restricted access to authorised personnel

We follow industry-standard SaaS security practices.

8. SUBPROCESSORS

HippoCloud may engage subprocessors, including:

  • Cloud hosting providers

  • Telecommunication providers

  • AI providers

HippoCloud shall:

  • Ensure appropriate safeguards are in place

  • Remain responsible for subprocessors

  • Provide a list upon request

9. DATA TRANSFERS

  • Data is processed only within the EU and USA

  • Transfers may occur between UK, EU, and USA

Safeguards include:

  • Standard Contractual Clauses (SCCs)

  • UK IDTA where applicable

 No Personal Data is processed in Hong Kong

10. DATA RETENTION & DELETION

HippoCloud shall:

  • Retain data only as long as necessary

  • Not retain data beyond service delivery unless legally required

Upon termination:

  • Data will be deleted or anonymised, unless retention is required by law

11. DATA SUBJECT RIGHTS

HippoCloud shall:

  • Assist the Client in responding to data subject requests

  • Provide reasonable support where required

Requests should be handled by the Client as Data Controller.

12. DATA BREACH NOTIFICATION

In the event of a Personal Data breach:

  • HippoCloud will notify the Client without undue delay

  • Provide sufficient information to support regulatory obligations an

13. CONFIDENTIALITY

HippoCloud shall ensure that:

  • Personnel with access to Personal Data are bound by confidentiality obligations

14. AUDIT & INFORMATION RIGHTS

HippoCloud shall:

  • Provide reasonable information to demonstrate compliance

  • Respond to reasonable audit or information requests

(Subject to proportionality and confidentiality)

15. TERM & TERMINATION

This Agreement remains in effect for the duration of the Services.

Upon termination as part of stadard terms and condtions

  • Data handling follows Section 10 (Deletion/Anonymisation)

16. GOVERNING LAW

This Agreement shall be governed by and construed in accordance with the laws of the agreed contract.

gdpr (4).png
gdpr (3).png
gdpr (3).png
gdpr (4).png
bottom of page