Stand: June 2026
Verantwortlich für die Datenverarbeitung ist [Anbieter / Firmenname], [Anschrift], E-Mail: datenschutz@hermetia.de. [Sofern bestellt:] Datenschutzbeauftragte/r: [Name, Kontakt].
Hermetia creates a personal reflection profile from your input and calculated system characteristics. These include the soul map, daily impulses, optional journal functions, relationship and resonance modules, profile refinement, export functions, a possible full profile book and AI-supported accompanying texts. This content can be very personal, even if it is not intended as a diagnosis, therapy or authoritative advice. We therefore do not treat this data like normal marketing data. Data economy, purpose limitation, clear consent, EU-oriented hosting, encryption, role rights, export and deletion are part of the data protection concept. This declaration is a careful work in progress for the launch and must be finally checked by a lawyer and compared with the service providers actually used before it is released to the public.
Depending on usage, we process the following data categories: • Account data: email address, password hash, language setting, login status, tariff and profile status. • Profile and birth data: Birth name or display name, date of birth, optional time of birth, place of birth, time zone and location resolution and calculations derived therefrom. • Derived profile content: soul map, system markers, convergence values, topic clusters, daily impulses, profile book sections and relationship interpretations. • Voluntary Contextual Data: Journaling entries, reflection responses, profile refinements, likes, notes, and shared companion contexts. • Relationship data: Entries about other people only if there is a reliable consent and usage logic. • Usage and security data: technical logs, session information, error data, abuse protection, consent status and basic interaction data. • Payment data: Processing via payment service providers; We do not store complete map data ourselves.
Hermetia works with spiritual, ideological and personality-oriented interpretations. Depending on the specific design, such derived content may affect special categories of personal data within the meaning of Art. 9 GDPR. We therefore treat this content with particular care and, where necessary, base the processing on express, separate consent. This consent must be clear, voluntary, informed and revocable. It must not be hidden in general terms of use. Users must understand that Hermetia derives personal interpretations from input and can use these for profile functions, premium content, daily impulses, export or companion functions. A revocation affects the future; Processing that has been lawful up to that point remains unaffected.
We only process data for defined purposes: • Account, login, language, tariff and technical provision: fulfillment of the contract or pre-contractual measures. • Profile calculation, soul map, system evaluation and convergence: fulfillment of the contract and, as far as special categories are concerned, express consent. • Daily impulses, journaling, companion, full profile book and profile refinement: contract fulfillment, consent for sensitive content and legitimate interest in secure product functionality. • Payment processing, invoices and tax retention: contract performance and legal obligations. • Security, error analysis, prevention of misuse and access protection: legitimate interest. • Newsletter, email impulses and optional product communication: Consent unless a legal exception applies. • Reach measurement and marketing analysis: only with consent, unless purely technically necessary.
Hermetia can use AI to formulate calculated profile characteristics, topic clusters and shared contexts in a language that is understandable. The calculation of the system values should be done separately from the AI formulation. The AI is not intended to produce an independent diagnosis, therapy, legal or financial advice or a binding decision. Only the information that is necessary for the specific purpose should be transmitted to AI services. Where possible, raw data is reduced, pseudonymized or replaced by calculated features. Particularly sensitive content such as journal texts or relationship data may not be used limitlessly or automatically as AI context. Further details can be found on the AI transparency page.
We only use technical service providers to the extent necessary for operations, security, payment, communication, analysis or AI functions. This may include hosting providers, payment service providers, email services, error analysis, consent management and AI providers. If service providers act as processors, agreements are concluded in accordance with Art. 28 GDPR. If personal data is processed outside the EU or EEA, this must be done on a lawful basis. This may include an adequacy decision, EU standard contractual clauses, additional safeguards and a transfer risk assessment. Before the launch, the specific service provider list must be finally documented with the provider name, purpose, location, legal basis and contract status.
Relationship and resonance functions can affect data from other people. Such functions need special care because no one should be secretly spiritually or personally evaluated. Hermetia may therefore only design relationship profiles in such a way that consent, transparency and purpose limitation remain practical. If data from a second person is entered, it must be clear on what basis this is done, who is responsible and what information is stored. Functions for partnership, friendship, family or professional resonance must not promote covert evaluation of other people. The legal and ethical design of these modules should be examined separately before launch.
We only store personal data for as long as it is necessary for the stated purposes, there is consent, a contract is running or legal retention periods apply. Profile content, journal texts and derived interpretations can be deleted provided there are no legal obligations to the contrary. Users can export their essential profile data. This strengthens data portability, trust and control. When an account is deleted, the profile, derived content and voluntary context data will be deleted or anonymized to the extent this is technically and legally possible. Backups may persist for a limited time for security reasons, but are not actively used.
In accordance with the GDPR, you have rights to information, correction, deletion, restriction of processing, data portability, objection and revocation of consent given. You can also complain to a data protection supervisory authority. Hermetia should not only formally state these rights, but also make them practically achievable in the product. This includes profile export, deletion, consent management, transparent AI notices and understandable settings for voluntary data. If you have any questions about your data, you can contact the contact address above.
The marketing website uses as few technically necessary cookies or comparable technologies as possible. Technically necessary elements include language, security, consent status or stable page delivery. Optional analysis, retargeting or conversion measurement are only used if effective consent has been given. The website currently remains on noindex/nofollow until the final domain move and launch. This protects against search engine indexing of unfinished content too early. After the launch, reach building, SEO, GEO and AEO will be possible without selling sensitive profile content for advertising or unnecessarily passing it on to third parties.
Hermetia should use technical and organizational measures that are appropriate to the risk of personal profile content. This includes encrypted transmission, secure password storage, role-based access, logging of security-related events, backups, update processes, access restrictions, separate environments and deletion concepts. It is particularly important that productive profile content does not end up in test systems, prompt experiments, screenshots, support tools or analysis environments in an uncontrolled manner. For sensitive AI functions, prompt logging, access to journal texts and debug output should also be strictly limited.
We do not sell personal profile content, journal text, relationship data or derivative interpretations to advertising partners. Data must not be used to manipulatively address people based on sensitive spiritual or personal statements. Marketing must be based on aggregated, technical or consent-based signals, not on the exploitation of private reflective content. This separation is central to Hermetia: the website can grow without endangering the confidentiality of personal profiles.
Hermetia is not aimed at children. If functions are planned for younger users, family contexts or particularly vulnerable situations, separate age, consent and protection concepts are required. Spiritual or personal content can have a particularly strong impact in times of crisis, grief, separation or health problems. Hermetia should therefore provide clear instructions, boundaries and escalation logic. The product may not replace emergency help and should refer users in acute crises to appropriate professional services.
We adapt this data protection declaration if functions, service providers, legal bases, data flows or the legal situation change. You can find the current version on this page. Before the public launch, placeholders must be removed, service providers specifically named, order processing contracts checked, third-country transfers assessed, consent flows tested and the entire declaration approved by a lawyer. This page is a comprehensive data protection draft, but not conclusive legal advice.