Published 4 May 2026 · 11 min read · by Susanne Hassepaß

Do I need a GDPR-tool for online hypnosis? An honest answer.

Once online hypnosis sessions get more serious, this question shows up sooner or later: is Zoom with a DPA enough — or do I need a certified GDPR-specialist tool like RED connect, sprechstunde.online or CLICKDOC? The short answer: for most hypnosis practices Zoom is fine. For a small but important group, a specialist tool is mandatory. And in both cases, Hypnotika TranceDeck slots in cleanly — because the software itself works completely offline and never sends any client data to any cloud.

Who asks this question?

In the practice the GDPR-tool question shows up in three typical conversations — and depending on which one you're in, the answer is different:

• Hypnosis coaches and alternative practitioners without statutory-insurance billing. You work with private-pay clients. Online sessions go through whatever clients use anyway — usually Zoom, sometimes Teams. Data protection matters to you, but you don't need to satisfy any specific German SGB-V requirements.
• Licensed psychotherapists, doctors, midwives or other healthcare professionals with statutory-insurance billing. You already have a billing infrastructure, possibly practice-management software with a health-system connector. For video consultations the law requires a KBV-certified provider.
• Coaches in transition. You mostly work privately, but occasionally get inquiries from companies with data-protection vetting or from particularly data-sensitive clients (trauma, justice, diplomacy). You want to handle these cases cleanly.

The default reflex: „I'll just use what everyone uses." That's not wrong — but the three groups have genuinely different requirements. A look at what specialist tools actually deliver helps with sorting things out.

What GDPR-specialist tools actually do differently

KBV-certified video service providers like RED connect, sprechstunde.online and CLICKDOC video consultation differ from Zoom, Teams and Meet on three substantive points:

• Hosting in Germany or the EU. Servers physically sit here, the provider is subject to German or EU data-protection law without US-CLOUD-Act conflict. With Zoom, the data path can theoretically also go through US infrastructure, even though EU data residency is configurable.
• Certification against KBV requirements. The German Association of Statutory Health Insurance Physicians maintains a catalog of technical and organizational requirements for video consultations in contracted statutory care. If you bill via the statutory-insurance system as a contracted physician or licensed therapist, you must use a certified provider.
• Data Processing Agreement (DPA) included by default. With specialist tools, the GDPR contract paperwork is part of the standard setup. With Zoom or Teams you have to request the DPA separately or order it via Business / Enterprise tiers — possible, but one extra step.

What specialist tools do not automatically do better: audio quality. Most are based on the same WebRTC technology as Google Meet — browser-based, often mono, no dedicated „music mode", with aggressive noise suppression as default. That matters as soon as you're using background music in your sessions.

When Zoom / Teams / Meet with a DPA is enough

If you work as a hypnosis coach, alternative practitioner or hypnotherapist with private-pay clients and don't bill via statutory insurance, Zoom or Teams is widely used in practice and considered legally workable under standard interpretations — provided:

• You have a Data Processing Agreement (DPA) with the provider. With Zoom this happens via the website; with Microsoft Teams the DPA is part of Business or Family plans.
• Your privacy policy states which tool you use for online sessions and what data is processed.
• You obtain informed client consent before each online session, ideally in writing or via an email trail.
• You record sessions only locally and never via the cloud-recording function of the video tool.

What you hear across the field: in Germany, hypnosis therapy is mostly private-pay billed. Alternative practitioners (Heilpraktiker:innen) are excluded from statutory-insurance billing in the first place (background on insurance billing, German); and even licensed therapists with a hypnosis specialization often opt for private billing because statutory rates for hypnosis are comparatively low (DAK on hypnosis treatment, German). For this clear majority, Zoom with a DPA is a pragmatic, legally workable path — and one that clients can adopt without friction.

When you really need a specialist tool

There are four scenarios where a KBV-certified specialist tool isn't just a nice option but mandatory or strongly recommended:

Outside these scenarios, a specialist tool is a trust and marketing decision — not a legal compulsion. Some practices actively advertise it: „All my online sessions go through a KBV-certified provider." That's a legitimate differentiation point for particularly sensitive clients.

Why Hypnotika fits in either world

The decisive point: Hypnotika TranceDeck is a desktop application that runs completely offline. It's not a cloud service, not a web tool, not a streaming provider. What you give it — microphone audio, music tracks, client recordings — stays physically on your computer. There's no cloud storage anything gets synced into, no external API endpoint audio snippets get sent to, no tracking pixels, no telemetry probe.

This has consequences for the GDPR assessment: as soon as no client data is handed to a data processor, you don't need a DPA for the tool itself. The data-flow diagram is trivial: client audio enters from your video tool, Hypnotika mixes it locally with your voice and background music, the result goes back into the video tool. That's it. No third-party touchpoint is introduced by Hypnotika.

That's exactly why the tool fits cleanly into both worlds: if you use Zoom, Hypnotika runs alongside it. If you switch to RED connect or sprechstunde.online, nothing changes for Hypnotika — the audio path goes through VB-Cable into the specialist tool just like it went into Zoom before. More on that in the help article on GDPR-compliant video tools.

What Hypnotika does — and what it doesn't

Privacy-by-design is a nice phrase. Concretely, in Hypnotika TranceDeck this means:

What happens fully locally

• Audio mixing. Voice, music tracks and anchor sounds are mixed via the Web Audio API in the renderer process. This happens in an audio engine that's part of the local application.
• Voice activity detection (mic ducking). Hypnotika uses Silero-VAD, a neural model for speech detection. The model runs as a WebAssembly module in the browser renderer process. Audio is analyzed locally; nothing goes to a server.
• Voice cleanup (VoxClean). Hypnotika uses DeepFilterNet 3 for noise suppression and voice cleanup. This model also runs as a WASM component locally — no cloud API, no audio transmission.
• BPM and key detection. When you import tracks, Hypnotika analyzes audio files locally. The library lives in a folder under %APPDATA%\Hypnotika TranceDeck\tracks\.
• Session recording. MP3s are written locally to the folder you choose. Nothing is automatically uploaded or synced.

What happens at external servers (limited and transparent)

• License activation. On first launch, Hypnotika sends your license key to LemonSqueezy for validation. After that, the tool works offline. On device transfer, the slot is deactivated and re-activated — again a one-time action.
• Update check. By default Hypnotika checks once per day whether a new version is available. This check can be disabled in the settings. No usage data or audio snippets are transmitted — only the installed version number.

What never happens

• Audio data does not leave your computer (not as snippets, not for „AI model improvement").
• There's no cloud storage of tracks, presets or recordings.
• There's no telemetry, no user tracking, no analytics calls.
• Client names or other personal data are never sent to external servers.

These properties aren't promises — they're technically verifiable. The privacy policy breaks down the full data flow; for audit requests, the network traffic of the application can be inspected with standard tools (Wireshark, Fiddler).

Practice example: specialist tool + Hypnotika via VB-Cable

Suppose you work as a licensed hypnotherapist with statutory-insurance billing and have to use a KBV-certified provider — say RED connect. How exactly does Hypnotika connect to that? Just like with Zoom or Teams: through VB-Cable as a virtual audio cable.

1. You install VB-Cable once on your computer. The tool is free and works as a virtual audio driver locally.
2. In Hypnotika, you set the secondary audio output to CABLE Input (VB-Audio Virtual Cable). That's the entry to the virtual cable.
3. In RED connect (or sprechstunde.online, CLICKDOC, any other browser-based tool) you select CABLE Output (VB-Audio Virtual Cable) as the microphone. That's the exit of the virtual cable — Hypnotika mixes voice and music, sends the result as a virtual microphone into the video tool, and the client hears the mix in their browser.

The setup is identical to what's described in the Zoom guide or Teams guide. The specialist tool changes nothing on the Hypnotika side. Important in specialist tools: disable browser noise suppression, otherwise the browser filters out background music. Details in the help article on GDPR-compliant video tools.

The compact version

If you don't feel like reading further — the answer hinges on your billing setup. Three paths, one constant element:

• You don't bill via statutory insurance (coach, alternative practitioner, hypnotist with private-pay practice) → Zoom or Teams with a DPA is workable. You just add Hypnotika alongside.
• You're licensed and bill via the statutory-insurance system → a KBV-certified specialist tool like RED connect or sprechstunde.online is mandatory. Hypnotika slots in via VB-Cable just like it would with Zoom.
• You work with trauma clients or corporate clients with data-protection vetting → a specialist tool is often either required (corporate) or a clear trust plus (trauma). Again: Hypnotika doesn't change.

The concrete setup steps for each of these paths are in the help section on GDPR-compliant video tools — including browser flags, tool-specific quirks and error diagnostics.

Take-away on the headline question: it's not „yes or no", it's a function of your setup. What doesn't change: Hypnotika TranceDeck runs in each of these paths ready-to-go because it itself never sends client data to any cloud.

Conclusion

GDPR-specialist tools have their place. They're mandatory if you bill via statutory insurance as a contracted physician or licensed therapist. They're sensible if you want to send an additional trust signal to particularly data-sensitive clients. But they're not a universal standard every hypnosis practice needs to meet — Zoom or Teams with a properly executed DPA is a legally workable path for the vast majority that clients can adopt without friction.

What stays true regardless of this decision: as soon as you want to use background music, anchor sounds or session recordings, you need a tool that handles that audio processing. Hypnotika TranceDeck handles this step completely offline. It's the calm, self-contained component next to your video tool — whichever one you choose.

Written by

Susanne Hassepaß — hypnotherapist in Berlin and founder of Hypnotika TranceDeck. Writes from her own practice experience.