Privacy Policy for the platoniq Website

(As of: January 2026)

1. Controller

The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

SHS Social Health Solutions UG (haftungsbeschränkt)
Luisenstraße 53, 10117 Berlin, Germany

Registry Court: Amtsgericht Charlottenburg
Commercial Register: HRB 280649 B

Phone: +49 15753685796
Email: kontakt@platoniq.health

2. Your Rights as a Data Subject

You may exercise the following rights at any time using the contact details provided above:

  • Access to your data stored with us and its processing (Art. 15 GDPR)
  • Rectification of inaccurate personal data (Art. 16 GDPR)
  • Erasure of your data stored with us (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)

If you have given us consent, you may revoke it at any time with effect for the future (Art. 7(3) GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

3. Collection of General Information (Server Log Files)

Type and purpose of processing:
When you access our website, general information is automatically collected (server log files). This includes:

  • Browser type and version
  • Operating system
  • Domain name of your Internet service provider
  • IP address
  • Time of access

This data is processed for the following purposes:

  • Ensuring connection establishment
  • Ensuring smooth use of the website
  • Evaluation of system security and stability

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in operating, maintaining the stability and security of the website)

Recipients:
We use Webflow, a company based in the USA, as our processor for hosting our website. The transfer of data to the USA is based on the EU-US Data Privacy Framework.

Storage period:
Log files are automatically deleted as soon as they are no longer required for their purpose (typically after a few days).

4. Aggregated Analytics Tools

Type and purpose of processing:
When you visit our website, we collect usage information and aggregate it. The collected data includes referrer pages, UTM tags, scroll depth, and click events. Due to the aggregation of data, any personal reference is excluded.

To distinguish between different website visitors, the IP address may be processed in pseudonymized form for a short period. In this case, a personal reference cannot be completely excluded. However, after 24 hours at the latest, the basis for calculation of the pseudonymization is changed, so that a personal reference is excluded thereafter.

We collect this data for product improvement and detection of abusive behavior.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in detecting abusive behavior and improving our services)

Recipients:
Our technical service providers (Plerdy, Plausible) as processors

Storage period:
A personal reference can be established for a maximum of one day. After that, the data is anonymized and no inference to personal data is possible.

5. Additional Tracking and Analytics Tools

5.1 Meta Pixel

Type and purpose of processing:
We use the Meta Pixel from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. This allows us to track the behavior of visitors after they have been redirected to our website via a Facebook or Instagram ad. This enables us to measure and optimize the effectiveness of advertising campaigns.

The pixel is stored as a cookie locally in your browser. You must explicitly consent to the storage. Without your consent, no data will be stored or processed. You may revoke your consent at any time. To do so, please use your browser's functions to delete all cookies.

Legal basis:
Art. 6(1)(a) GDPR (consent)

Recipients:
Meta Platforms Ireland Ltd.; transfer to the USA based on the EU-US Data Privacy Framework

Storage period:
According to Meta's own information, data is stored for up to 2 years.

5.2 Reddit Pixel

Type and purpose of processing:
We use the Reddit Pixel from Reddit Inc. This allows us to track the behavior of visitors after they have been redirected to our website via a Reddit ad. This enables us to measure the effectiveness of our advertising campaigns, build audiences, and optimize our campaigns.

The pixel is stored as a cookie locally in your browser. You must explicitly consent to the storage. Without your consent, no data will be stored or processed. You may revoke your consent at any time. To do so, please use your browser's functions to delete all cookies.

Legal basis:
Art. 6(1)(a) GDPR (consent)

Recipients:
Reddit Inc.; transfer to the USA based on the European Commission's Standard Contractual Clauses

Storage period:
According to Reddit's own information, data is stored for up to 24 months, depending on account settings and pixel configuration.

5.3 Google Ads

Type and purpose of processing:
We use Google Ads Conversion Tracking and Google Ads Remarketing, services provided by Google Ireland Limited. This allows us to track whether users perform certain actions (e.g., submitting a form) after clicking on a Google ad. We can also target visitors with interest-based advertising.

Google Ads requires a cookie stored locally in your browser. You must explicitly consent to the storage. Without your consent, no data will be stored or processed. You may revoke your consent at any time. To do so, please use your browser's functions to delete all cookies.

Legal basis:
Art. 6(1)(a) GDPR (consent)

Recipients:
Google Ireland Limited; transfer to the USA based on the EU-US Data Privacy Framework or, in addition, based on the European Commission's Standard Contractual Clauses

Storage period:
Google typically stores conversion cookies for 30 days; according to Google, remarketing data may be stored for up to 540 days.

5.4 Google Search Console

Type and purpose of processing:
We use Google Search Console, a service provided by Google Ireland Limited. Search Console is used for technical monitoring and optimization of our website for Google search results. No personal data of website visitors is transmitted to Google, only aggregated access data. A personal reference can therefore be excluded.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interest in the technical optimization of our website)

Recipients:
Google Ireland Limited; transfer to the USA based on the EU-US Data Privacy Framework

Storage period:
Data is stored according to Google's policies.

6. Forms (Formbricks)

Type and purpose of processing:
We use Formbricks (Formbricks GmbH, Kuhnkestr. 6, 24118 Kiel, Germany) to conduct online self-tests (e.g., UCLA Loneliness Scale) and to manage registrations for programs such as the "Friendship Bootcamp".

Depending on the form, Formbricks may collect your test results, technical data (e.g., IP address, browser information), and – if provided by you – contact data (e.g., name, email).

Legal basis:
Art. 6(1)(a) GDPR (your consent) when you voluntarily participate in a test or provide data; Art. 6(1)(b) GDPR (performance of a contract) when you register for a program

Recipients:
Formbricks GmbH as processor

Storage period:
The data will be deleted as soon as it is no longer required for the respective purpose (test evaluation or program management).

7. Newsletter (Brevo)

Type and purpose of processing:
We use Brevo for sending our newsletters. When you subscribe to our newsletter, your email address is transferred directly to Brevo and stored there. Brevo uses this data exclusively to send the newsletter on our behalf.

Legal basis:
Art. 6(1)(a) GDPR (your consent) by actively subscribing to the newsletter

Recipients:
Brevo as processor

Revocation of your consent:
You may revoke your consent at any time without affecting the lawfulness of processing carried out prior to the revocation. Revocation is very easy by clicking the unsubscribe link at the end of each newsletter.

Storage period:
The data will be stored until you revoke your consent.

8. Payment (Stripe)

Type and purpose of processing:
We use Stripe to provide you with secure payment processing. Stripe, as our processor, collects and processes contract data such as your name, address, and payment data.

The provision of your personal data is necessary for the conclusion and performance of the contract with you as part of pre-contractual measures. We are obliged to collect the required data in accordance with tax regulations and for contract performance. If you do not provide us with this data, a corresponding contract conclusion or the performance of pre-contractual measures is not possible.

Legal basis:
Art. 6(1)(b) GDPR (performance of a contract or implementation of pre-contractual measures); Art. 6(1)(c) GDPR (legal obligation to comply with tax and commercial retention periods)

Recipients:
Stripe as processor

Storage period:
We store personal data as long as it is necessary for the fulfillment of a contractual relationship with you or for the implementation of pre-contractual measures, as well as until the expiry of tax and commercial retention periods.

9. Profiling

We do not carry out automated individual decisions with legal effect. The analysis of website usage is carried out exclusively statistically or in pseudonymized form.

10. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you may lodge a complaint with a supervisory authority.

11. Changes to this Privacy Policy

We reserve the right to amend this privacy policy if the legal situation, our data processing, or our services change.