Privacy Policy

In short

• Google Analytics is used for reach measurement — but only if you explicitly consent when you visit. Without your consent, no analytics cookies are set and no data is sent to Google. You can change your choice any time further down on this page.
• No Facebook Pixel, no ad networks. Google Analytics is the only third-party tool we use.
• Functional localStorage without cookies: your language choice (DE/EN) and your cookie preference are stored in your browser, never transmitted to us.
• Feature-request form at /feature-request: one-time data submission with your explicit consent — we contact you for follow-up questions or when the feature ships. Details in section 6.
• No other newsletter tools. Direct email is the only further channel.
• Server logs: Strato stores IP, user agent and requested URL for technical necessity — retained 7 days, then deleted.
• Desktop app: One GET request per day for update check, switchable off. Zero additional telemetry.

1 · Controller

Controller in the sense of the GDPR and other national data protection laws:

SuePrise
Owner: Susanne Hassepaß
Barbarossastraße 60
10781 Berlin
Germany
Email: info@deutsche-hypnose-online.de

2 · Website access

When you access this website, the hosting provider (Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany) automatically creates server log files. Recorded are:

• IP address of the requesting device
• Date and time of the access
• Requested URL and HTTP status code
• Transferred data volume
• User agent (browser type and version, operating system)
• Referrer, if transmitted by the browser

This data is technically necessary to provide the website and to ensure security and stability (e.g. defending against DDoS attacks). Legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable operation). Logs are automatically deleted after 7 days unless a security incident requires longer retention.

3 · Cookies, local storage and consent

3.1 · Strictly necessary local storage (no consent needed)

This website uses browser-side localStorage for two functional purposes:

• Language choice — remembers whether you prefer DE or EN
• Cookie choice — remembers your Accept/Reject decision so you aren't asked again on every page

localStorage stays 100 % in your browser and is never transmitted to the server. Both values are purely functional and not personal data — no consent is required under §25(2)(2) TTDSG (technical necessity exception). You can delete the values any time in your browser settings.

3.2 · Analytics cookies via Google Analytics (consent-based)

This website uses Google Analytics 4 — a web analytics service operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google"). Google Analytics helps us understand which pages and content are useful to visitors, and where we need to improve.

Important: Google Analytics is loaded and processes data only after you click „Accept" in the cookie banner. Without your consent, no analytics is performed, no cookies are set and no data is transmitted to Google.

If you consent, Google Analytics sets cookies (including _ga, _ga_*) and captures, in anonymised form:

• Truncated IP address (truncated within the EU before transmission to Google)
• Visited URLs and time spent
• Browser type and version, operating system, screen resolution
• Approximate geographic location (country/region, no finer granularity)
• Referrer (the page you came from)

Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with §25(1) TTDSG. Consent is voluntary and revocable any time — see the button at the top of this page to reset your choice.

Retention: Analytics cookies have a validity of up to 2 years. Aggregated usage data transmitted to Google is stored by Google for 14 months by default, then automatically deleted.

Transfer to third countries: With Google Analytics, data may also be processed on servers of Google LLC in the USA. Google is certified under the EU-US Data Privacy Framework, providing an adequate level of data protection. Details: policies.google.com/privacy.

Opt-out: You can stop Google Analytics tracking any time by clicking „Reset cookie preference" at the top of this page and then selecting „Reject" when the banner reappears. You can also install the Google Analytics opt-out browser add-on.

4 · No other third-party tools

Apart from Google Analytics (see above), this website loads only self-hosted resources from trancedeck.deutsche-hypnose-online.de. No external fonts (Google Fonts), no social media plugins, no advertising networks and no CDNs are embedded.

5 · Direct contact

If you contact us by email, the information transmitted (name, email address, message content) is processed to handle your request. Legal basis is Art. 6(1)(b) GDPR (pre-contractual communication) or Art. 6(1)(f) (legitimate interest in replying). Data will be deleted once its purpose is fulfilled, at the latest after 2 years, unless statutory retention periods apply.

6 · Feature request form

At /feature-request you can submit feature wishes. When you submit the form, we process the following data:

• Required: feature description, status (interested or customer), email address
• Optional: name, "why do I need this" reasoning
• Technical: IP address and user agent (for spam protection and abuse mitigation)

Purpose: we contact you if we have follow-up questions about your suggestion and notify you once when the feature ships. We don't use your data for other advertising or newsletters.

Legal basis: Art. 6 (1) (a) GDPR (consent). You confirm consent actively via checkbox before submitting the form.

Storage location: Cloudflare Workers KV (EU/global with GDPR-compliant Standard Contractual Clauses). Confirmation mail delivery via Resend Inc. (US, with DPA and SCCs).

Spam protection: Cloudflare Turnstile (cookie-free, data-minimal, GDPR-compliant — no tracking, only bot detection).

Retention: as long as we have not yet implemented or rejected the feature. After sending the implementation notification, name + email are deleted within 30 days. You can request access, correction or deletion any time by emailing support@deutsche-hypnose-online.de.

Withdrawal: you can withdraw your consent for the future at any time — informally by email to the address above. The lawfulness of past processing is not affected.

7 · Hypnotika TranceDeck desktop app

The desktop app works offline. The only network activity is one GET request per calendar day to https://trancedeck.deutsche-hypnose-online.de/updates/latest.json to check for new versions.

• Transmitted data: like any HTTP request, IP + user agent (Strato server log, 7 days)
• No device ID, no session ID, no license data
• Switchable off in the app under "Settings → Update check"

All session data (tracks, recordings, settings, presets, history) stays exclusively on your local machine. The app transmits no user, audio or session data to us or any third party.

8 · Data subject rights

You have the following rights under GDPR:

• Art. 15 — access to your processed data
• Art. 16 — rectification of incorrect data
• Art. 17 — erasure ("right to be forgotten")
• Art. 18 — restriction of processing
• Art. 20 — data portability
• Art. 21 — objection to processing

To exercise any of these rights, an informal email to info@deutsche-hypnose-online.de is sufficient.

9 · Right to complain

You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates GDPR. The competent authority for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61
10555 Berlin, Germany
datenschutz-berlin.de

10 · Email communication with buyers

10.1 · Update notices (existing customers)

When you purchase Hypnotika TranceDeck, our payment processor LemonSqueezy passes us your email address as part of order processing. In addition to the strictly required transactional emails (order confirmation, licence key delivery), we occasionally use this address for:

• Notifications about new versions of Hypnotika TranceDeck
• Important security or feature changes
• References to new help content (blog posts, guides)

Legal basis: Section 7 (3) of the German Unfair Competition Act (UWG) in conjunction with Art. 6 (1) (f) GDPR (legitimate interest). You bought from us; we use your email address exclusively for our own similar products (= updates of the app you purchased).

You can object at any time — via the „Unsubscribe" link in every email or by simple email to support@deutsche-hypnose-online.de. No costs arise for you and your licence remains unaffected.

10.2 · Newsletter opt-in (voluntary)

At checkout you optionally consented to also receive broader content from us: notices about other SuePrise products, hypnosis-related topics, workshop announcements.

Legal basis: Art. 6 (1) (a) GDPR (consent). This consent is voluntary and independent of the purchase — you receive your licence and all update notices even without ticking this box.

We use a double-opt-in process: after ticking the box, you receive a confirmation email with a link you must click to be added to the newsletter list.

Withdrawal possible at any time — via the „Unsubscribe" link in every email or by mail to the support address above. On withdrawal, the update notices under 10.1 remain unless you also unsubscribe from those.

10.3 · Storage and forwarding

We store your email address for delivery purposes in a sending tool we operate (currently: LemonSqueezy Customer Email — servers in the EU, GDPR-compliant). No forwarding to third parties takes place — the address stays between you, us and our sending service provider.

On unsubscription or withdrawal, your address is removed from the sending list. In a technically necessary suppression list (= „do not contact again" list) the entry remains so that accidental re-addition is prevented.

11 · Currency

This privacy policy is currently valid, dated May 2026. Further development of our service or changing legal requirements may make an adjustment necessary. The current version is always available at trancedeck.deutsche-hypnose-online.de/en/privacy.