Hypothesis is a tool that enables you to make notes in the margins of digital texts anywhere on the web and share them with others. Using social annotation fosters collaborative discussion, critical thinking, and a deeper understanding of readings.
Inclusivity and availability have always been central to our mission. We’ve worked hard to design and develop Hypothesis to reduce geographic, financial, or logistical barriers to users who want to read and write annotations on the web. That’s why Hypothesis is built on open web standards, will always be free to use, and works on a wide range of formats and platforms.
We use TLS v1.3 to encrypt data in transit. We employ AWS encryption of Elasticsearch and RDS (our database) for encryption at rest.
Countries of data storage
Data storage method
Data is stored in Amazon, AWS owned data centers.
Data retention policy
Data is retained as long as the user accounts remain active. Application log files are retained for 14 days in Papertrail, our 3rd party logging service.
Hypothesis uses the first name and last name of the user, the name of the course, the role of each person within that course to determine the person's role within a Hypothesis annotation group, and to display the name of each person who has written an annotation in the application.
Personally identifiable or personal data collected
Data Deletion Request Process
You would email firstname.lastname@example.org with your request. Database entries would be deleted en masse from production databases if Institution contracts are terminated. Institution information may persist in backups and logs for as long as 30 days at which point they are permanently deleted.
Third Party Data Sharing & Opt-out
Hypothesis does not sell any data to third parties, and only partners with those third parties needed to run our service.
Cookies or Tracking Technologies used
No cookies/tracking technology is used
Analytics performed on Customer Data
We use Metabase to run analytics on user data for internal business purposes only
Data correlation practices
Privacy Certifications or Seals
We do not have any privacy certifications at this time
Targeted Advertising using user data
Our service does not have targeted ads
Privacy or data protection impact assessments
We perform a third-party security audit annually, with the last external pen test performed in October 2020