Last updated: 2 June 2026
The controller for data processing within the meaning of the GDPR is:
Peter Baumann · Massageschule Baumann
Stripsigweg 15
73529 Schwäbisch Gmünd
Email: kontakt@massageschule-baumann.de
We have not appointed a data protection officer, as there is no legal obligation to do so. Such an obligation arises in particular when at least 20 people are permanently engaged in the automated processing of personal data (§ 38 BDSG). These conditions do not apply to us.
For any data protection enquiries, please contact us at the email address listed above.
We process personal data on the following legal bases under Article 6 of the GDPR:
When you register, we process your email address and your password (stored exclusively as a hashed value – we never know your plain-text password).
We store which days you have completed, your current level, and optional notes and reflections you have entered in the app.
Payment processing is handled via PayPal. We ourselves do not store any credit card or bank details. From PayPal we receive only the information whether a payment was successful, along with a transaction ID.
When you log in and during security-relevant operations, we process your IP address to prevent misuse (Art. 6(1)(f) GDPR). The IP address is deleted or anonymised after 7 days.
See the section on “Cookies and local storage”.
We use PayPal as our payment service provider. The provider is:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
L-2449 Luxembourg
When you pay via PayPal, the data required to process the payment (e.g. name, email address, order details, amount) is transmitted to PayPal. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).
PayPal's privacy policy is available at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
For login we set a session cookie. It contains a random session ID and no personal data in plain text. Legal basis: Art. 6(1)(f) GDPR and § 25(2) no. 2 TTDSG (strictly necessary).
The local storage in your browser contains only data needed for the app to work:
reiki_cookie_ok)This data never leaves your device and is not transmitted to third parties.
This app is hosted by: all-inkl.de, Germany.
With every request, technical data (server log files) is processed: IP address, timestamp, URL requested, browser type and referrer. Legal basis: Art. 6(1)(f) GDPR (IT security). These logs are deleted within 14 days at the latest.
The app may contain embedded videos from YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Where possible, we use privacy-friendly embeds and load videos only after you use the app following registration with the corresponding notice, or when you actively open or play a video.
When you open or play a YouTube video, personal data such as your IP address, technical browser data, device information, referrer, time of access and, where applicable, cookies or usage data may be transmitted to YouTube/Google. If you are signed in to Google, Google may associate your use with your Google account.
The purpose of embedding these videos is to provide video, learning and meditation content within the Reiki app. The legal basis is your consent under Art. 6(1)(a) GDPR and, where technically relevant, Section 25(1) TTDSG. You may withdraw consent at any time with effect for the future by contacting us or deleting your account.
Further information is available in Google's privacy policy: https://policies.google.com/privacy
We do not use any tracking or analytics services. In particular, we use no Google Analytics, Facebook Pixel, Hotjar, Matomo or comparable tools. No profiling takes place.
You have the following rights at any time:
To exercise your rights, an informal email to the address above is sufficient.
You can export your data and delete your account directly within the app. You will find these functions under Profile → Account management.
Alternatively, you can contact us informally by email – we will then handle the deletion manually within 30 days.
If you activate push notifications, this is done exclusively on the basis of your explicit consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time – either in the app settings or directly in your device's browser settings.
We reserve the right to update this privacy policy when new features or changes in the legal situation make this necessary. The version in force at the time of the data processing in question shall apply.