Hygraph

VéRIFIé

CMS headless · Germany

Founded 2017 · hygraph.com ↗

Berlin GraphQL-native headless CMS (formerly GraphCMS, founded 2017); enterprise clients incl. Samsung, LEGO; mostly EU-funded.

Pourquoi ce score ?

Hygraph (formerly GraphCMS, Berlin DE, founded 2017) is ISO + SOC 2 referenced, GraphQL-native federated content platform, enterprise customer base (Samsung, Dr. Oetker, LEGO, Paramount, TED); $30M Series B 2023 led by One Peak (UK PE) with OpenOcean (FI) and SquareOne (DE) — mostly European cap table, no US-PE majority — ownership_signal: eu_owned — rated 3/5: Hygraph does not publish a publicly accessible DPA; data-processing terms and sub-processors are not surfaced in public documentation and access appears to require enterprise contact, which under EU Vetted''s rubric caps the score at 3/5 despite the largely EU-aligned ownership and certification posture.

SCORE: 3.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS: — not disclosed

Visiter le site ↗

€ AFFIL. · Certains liens de ce site sont des liens d’affiliation. Nous pouvons percevoir une commission sans coût supplémentaire pour vous. Les scores de conformité et les classements éditoriaux ne sont jamais influencés par les relations d’affiliation.

Vérifié

Last audit: 2026-05-12
Next audit: 2026-08-12
Methodology: v2026.05 ↗

JUMP TO

OVERVIEW

About Hygraph

**Hygraph** (Berlin, Germany, founded 2017; previously **GraphCMS** until 2021 rebrand) is a GraphQL-native, API-first headless CMS positioned for enterprise teams managing complex multi-brand, multi-region, multi-platform content. Enterprise customers include **Samsung, Dr. Oetker, LEGO, Paramount, TED**. Compliance: **ISO + SOC** referenced in marketing (no explicit certificate URL on public homepage at time of research). $30M Series B 2023 led by **One Peak** (UK private equity) with participation from **OpenOcean** (Finland) and **SquareOne** (Germany) — mostly-European cap table makes Hygraph one of the cleanest non-US-funded headless CMS picks in the catalogue. From €39/mo for paid tier; free tier available.

SUB-PROCESSORS

Carte des sous-traitants · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.

CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001

ACTIVE

SOC 2

ACTIVE

Informational · US framework

FEATURES

Matrice de fonctionnalités

INTEGRATION & ACCESS

REST API

SSO (SAML / OIDC)

COMPLIANCE & GOVERNANCE

Audit log

Self-host / on-prem option

PRICING

Tarifs & paliers

FREEMIUM

à partir de €39/mois

Voir la page tarifs ↗

PUBLIC DOCUMENTS

Documents publics

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.

Data Processing Addendum (DPA)

— missing

missing
Sub-processors list

— missing

missing

ALTERNATIVES

Alternatives dans cette catégorie

DatoCMS

Italy

Italian developer-friendly headless CMS (Milan); 25K+ businesses; bootstrapped feel, no US PE.

Prismic

France

Paris headless CMS / page-builder (founded 2013); Slice Machine + Next.js / Nuxt / SvelteKit focus; from €7/mo.

Storyblok

Austria

Austrian headless CMS (Linz, est. 2017); ISO 27001, enterprise customers (Disney, Netflix); Brighton Park US-PE led Series C.

See all cms headless alternatives →