Data Privacy
1. General Information
We appreciate your interest in ImmuniFriend and take the protection of your personal data very seriously. This privacy policy explains which data we collect, how we process it and which rights you have regarding your data.
Personal data means any information relating to an identified or identifiable natural person.
We process your data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and any other applicable data protection laws. We only process personal data where this is necessary to provide our (web)app, to conduct online group sessions, to fulfil contractual obligations or where you have given your consent.
2. Responsible for data protection (Controller)
If you have any questions about data protection, the processing of your personal data or your rights as a data subject, you can contact our data protection contact at any time.
The responsible party (controller) within the meaning of the GDPR is:
ImmuniFriend UG (haftungsbeschränkt)
Kolonnenstr. 8
D-10827 Berlin
Deutschland
E-Mail: hello@immunifriend.eu
We are happy to assist you with any questions relating to the protection of your data.
3. Purposes and legal bases of processing
We process your data on the following legal bases:
Art. 6(1)(b) GDPR (performance of a contract) – to provide the app and the group sessions.
Art. 6(1)(a) GDPR (consent) – for the use of certain features, newsletters, feedback, cookies.
Art. 6(1)(f) GDPR (legitimate interests) – to improve the (web)app, ensure IT security and for internal administration.
Art. 6(1)(c) GDPR (legal obligation) – e.g. statutory retention under tax law.
4. Contacting us
If you contact us (e.g. by email or via a contact form), we store your details in order to process your enquiry and in case of follow‑up questions. The legal basis is Art. 6(1)(b) GDPR (pre‑contractual measures or performance of a contract).
5. Registration and use of ImmuniFriend
When you register, we collect your name, email address and a password. The password is stored in encrypted form. In addition, technical data (e.g. IP address, device type, operating system version) is processed to ensure the operation of our services.
To use our platform, we process the following personal data:
Name and email address
Password (stored in encrypted form)
Profile information
Usage data on the platform
This data is processed for the provision of our services and is based on Art. 6(1)(b) GDPR.
In the context of group sessions, personal data is processed (name, email address, participation information). The content of the sessions is treated as confidential.
The sessions are not recorded. Users are also prohibited to make any recordings or take screenshots.
Processing is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract).
6. Use of your data for marketing purposes
If you have given your consent, we use your email address to inform you about new features and offers. You can withdraw your consent at any time with effect for the future.
7. Use of cookies and tracking technologies
We use cookies and similar tracking technologies to improve the user experience. This includes:
Essential cookies (necessary for the operation of the website)
Functional cookies (e.g. to store settings)
Analytics and marketing cookies (Google Analytics, WordPress, etc.)
Our website and app use cookies to provide functions and analyse usage. The legal basis is your consent (Art. 6(1)(a) GDPR).
You can withdraw your consent at any time via the cookie settings.
8. Payment processing
For payment processing we use the service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland.
The following data is processed, among others: name, email address, billing address, payment details (credit card, bank account), transaction data, IP address.
The legal basis is Art. 6(1)(b) GDPR (performance of a contract).
Stripe may transfer data to the USA. Protection is ensured through EU Standard Contractual Clauses. Further information is available at: https://stripe.com/privacy
9. Third‑party providers
We use various third‑party services, including:
Google Analytics (web analytics)
Formbricks (feedback & surveys)
HubSpot (CRM and support)
WordPress + Hetzner (website hosting)
Zapier (automation)
These providers process data within the EU and in some cases in the USA. We have concluded data processing agreements pursuant to Art. 28 GDPR with these providers.
Google Analytics (usage analytics)
We use Google Analytics, a web analytics service provided by Google Ireland Ltd. (“Google”). Google Analytics uses cookies that enable an analysis of your use of the app and our website. The following data is processed, among others: IP address (shortened and anonymised), device information, usage data, referrer URL, approximate location.
Legal basis: your consent pursuant to Art. 6(1)(a) GDPR.
Further information: https://policies.google.com/privacy
Formbricks (feedback & surveys)
We use Formbricks to collect user feedback. The following data is processed: voluntary information and email address (if provided).
Legal basis: consent (Art. 6(1)(a) GDPR).
Further information: https://formbricks.com/privacy-policy
HubSpot (CRM & Marketing)
We use HubSpot to handle enquiries, send newsletters and for marketing automation. The following data is processed: name, email address, usage data, communication content.
Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR).
Data transfers to the USA are based on Standard Contractual Clauses.
Further information: https://legal.hubspot.com/privacy-policy
Hosting (Hetzner Online GmbH)
Our website runs on WordPress and is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
As part of the hosting, Hetzner processes personal data (e.g. IP addresses, access data, log files) that are necessary for the operation, security and optimisation of the website. Processing is based on our legitimate interest in a secure and efficient provision of our online offering pursuant to Art. 6(1)(f) GDPR.
Data is processed exclusively on servers within the European Union. There is no transfer to third countries. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner.
Further information on data protection at Hetzner can be found at: https://www.hetzner.com/legal/privacy-policy
Zapier (automation & data integration)
We use Zapier Inc., 548 Market St #62411, San Francisco, CA 94104‑5401, USA, to automate data flows between different tools (e.g. HubSpot, Stripe, Formbricks). In this context, personal data (e.g. contact details, communication content, transaction information) may be processed and transferred to the USA.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and our legitimate interest in efficient process management (Art. 6(1)(f) GDPR).
Data transfers to the USA are based on EU Standard Contractual Clauses.
Further information: https://zapier.com/privacy
10. Social media and external content
We maintain publicly accessible profiles on social networks (e.g. Instagram, LinkedIn). When you visit our social media pages, personal data is processed by the respective platform operators. This includes, for example, IP address, device information, interactions with content (likes, comments, messages) and – if you are logged in – further profile data.
Data processing is carried out by the respective platform operators on the basis of their own privacy policies. Please note that processing may take place outside the EU, which can involve risks regarding the enforcement of data‑subject rights.
You can find our social media profiles here:
Instagram: https://www.instagram.com/immunifriend/
LinkedIn: https://www.linkedin.com/company/immunifriend/
Further information can be found in the privacy policies of the respective providers:
Instagram (Meta Platforms Ireland Ltd.): https://privacycenter.instagram.com/policy/
LinkedIn (LinkedIn Ireland Unlimited Company): https://de.linkedin.com/legal/privacy-policy
11. Obligation to provide data and voluntary information
The provision of your personal data is generally voluntary. Unless stated otherwise, not providing your data will not have any negative consequences for your use of our website or services. In certain cases, however, processing may be necessary, for example to perform a contract or to provide specific functions of our platform. In such cases, we will inform you separately.
12. Storage period and deletion
We store personal data only for as long as necessary for the purposes of processing or as long as statutory retention periods apply.
After deletion of a user account, personal data will be deleted no later than 30 days, unless statutory retention obligations prevent this.
13. Data security
We implement appropriate technical and organisational measures to protect your data against loss, manipulation, unauthorised access and unauthorised disclosure. These measures include, among others, SSL/TLS encryption, access controls and encrypted storage of sensitive data.
14. Rights of data subjects
Under the GDPR, you have the following rights:
Right of access to your stored data (Art. 15 GDPR)
Right to rectification of inaccurate data (Art. 16 GDPR)
Right to erasure (“right to be forgotten”, Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing (Art. 21 GDPR)
Right to lodge a complaint with a supervisory authority
Please contact us at hello@immunifriend.eu if you wish to exercise any of your rights.
15. Supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
https://www.datenschutz-berlin.de
16. Amendments to this privacy policy
We reserve the right to amend this privacy policy in order to adapt it to changed legal requirements or to new services. The current version is available in the (web)app and on our website.
Last updated: 10 February 2026
If you have any questions, please contact us at hello@immunifriend.eu. (subject: Question regarding data protection).
These Data Privacy Policies are provided in German and in English. The English version is for convenience and information purposes only. At all times, only the German version shall be legally binding.