Privacy Policy KUBY
1. Who We Are (Data Controller)
We are delighted that you are visiting the KUBYportal and our associated websites. The protection of your personal data is very important to us. Below, we explain transparently and comprehensibly what happens to your data.
The data controller responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
KUBY Ltd.
PoBox 66614,
CY 8591 Peyia
Cyprus
Email: office@kuby.info
This privacy policy applies to our entire offering, including the domains kuby.info, portal.kuby.info, begleiter.kuby.info, web.kuby.info, and action.kuby.info.
2. Provision of the Websites and Hosting
To be able to display our websites to you quickly and securely, we use professional hosting service providers. When you visit our pages, connection data (e.g., your IP address, date and time of access, browser type) is automatically transmitted to the servers of our hosts.
Vercel: We host parts of our websites with Vercel Inc. (USA).
AWS (Amazon Web Services): Further parts of our infrastructure are hosted via AWS by Amazon Web Services EMEA SARL (Luxembourg/USA).
INWX: For the provision and management of our domains, we use INWX GmbH (Munich, Germany).
Legal Basis: The processing is based on our legitimate interest in the secure provision of our online offering (Art. 6 (1) (f) GDPR). Insofar as technical access to your device is necessary, this is done in accordance with Section 25 (2) TDDDG. Third-Country Transfer: Vercel and AWS are certified under the EU-US Data Privacy Framework (DPF). We have concluded a Data Processing Agreement (DPA) with all the aforementioned providers.
3. Customer Accounts and Database Hosting (Neon)
When you register with us, we store your profile details (such as first name, last name, email address, and optionally a profile picture or phone number) in our secure database.
Neon: Our database is provided by Neon, Inc. (USA). The server location for our database is Frankfurt am Main (Germany).
Storage Duration: Your data will remain stored in the database as long as your customer account exists. If you delete your account (or request us to do so via a support request), your profile data will be deleted.
Legal Basis: Processing is necessary for the performance of the terms of use (Art. 6 (1) (b) GDPR). Neon is certified under the EU-US Data Privacy Framework (DPF) and bound to us by a DPA.
4. Order Processing via Digistore24
We process the sale of our paid offerings (such as seminars, films, or 1-on-1 sessions) via the payment provider Digistore24 GmbH (St.-Godehard-Straße 32, 31139 Hildesheim, Germany).
The Reseller Model: When you purchase a product, you legally enter into a contract with Digistore24. Digistore24 is independently responsible for the processing of your payment data.
Data Transmission to Us: So that we can unlock the purchased product in your KUBY account, Digistore24 transmits your order data (first name, last name, email address, purchased product) to us after the purchase.
Storage Duration (Retention Obligations): Even if you delete your account with us, we are legally obliged by tax and commercial law to retain contract and accounting data (such as your order information) for 6 to 10 years. After these statutory periods expire, the corresponding data will be deleted.
Legal Basis: We process this transmitted data to fulfill the contract (Art. 6 (1) (b) GDPR) and to comply with our statutory retention obligations (Art. 6 (1) © GDPR).
5. Contacting Us and Customer Service (Help Scout)
If you contact us via email (e.g., at office@kuby.info) or via a support form, we save your message and your email address in order to process your request.
Help Scout: To process your customer inquiries efficiently and quickly, we use the ticketing system “Help Scout” provided by Help Scout Inc. (USA). When you contact us, your request and contact details are processed in this system. Help Scout is certified under the EU-US Data Privacy Framework (DPF) and bound to us by a DPA.
Support Access: In exceptional cases, for example, if you contact us regarding a technical error, it may be necessary for our support staff to access your customer account administratively. This access is solely for troubleshooting or answering your specific inquiry.
Legal Basis: Replying to emails, using the ticketing system, and support access are based on fulfilling our contractual support obligations to you (Art. 6 (1) (b) GDPR) and our legitimate interest in providing efficient customer service (Art. 6 (1) (f) GDPR).
6. 1-on-1 Guidance Sessions (Video Tool 100ms)
To conduct the guidance sessions, we use the video conferencing service 100ms (100ms Inc., USA). When you participate in a session, your IP address, device information, as well as audio and video signals are processed to make the session technically possible.
Legal Basis: Processing is necessary for the performance of a contract (Art. 6 (1) (b) GDPR). 100ms is certified under the EU-US Data Privacy Framework (DPF) (a DPA is in place).
7. Recording of Sessions with Licensed Guides (Voluntary)
With licensed guides, we offer you the option of having the session recorded so that you can concentrate fully on the conversation and do not have to take notes.
Strictly Voluntary: The recording only takes place if you explicitly give your consent (Art. 9 (2) (a) GDPR) via an opt-in switch (slider) during the booking process. The booking works even without this consent.
Storage with 100ms (Video): The video recording is stored on 100ms servers for a maximum of 14 days so that you can download it. After that, it is automatically deleted there.
Storage with AWS (Audio): An audio-only recording is stored encrypted on servers of Amazon Web Services (AWS) in Frankfurt am Main (Germany) and made available exclusively to you and your guide via the portal. This remains stored until you delete your KUBY account (or request us to delete it).
8. Recording with Guides in Training
We offer discounted guidance sessions with guides who are still in training. To ensure the quality of the training, the recording of these sessions is mandatory, as they are used for training purposes.
If you choose this rate, you explicitly consent (Art. 9 (2) (a) GDPR) to the session being recorded. The recording will be treated with strict confidentiality.
If the session is to be used for a more in-depth case discussion (supervision) by third parties, the guide will subsequently obtain your separate permission for this. If you fundamentally do not wish to be recorded, we ask you to book one of our licensed guides (see point 7).
Storage & Deletion: These recordings are stored in our internal area on servers in Frankfurt am Main. The data will be deleted as soon as you delete your KUBY account or withdraw your consent.
9. The “Soul Writing” Tool
Users have the opportunity to use the “Soul Writing“ (“Seelenschreiben”) tool as part of the KUBY method. The texts you create are stored securely and encrypted in our database (EU servers, Frankfurt).
Sharing with the Guide: You have the option to specifically send these texts to your guide so that they can read and comment on them.
Storage Duration: Your texts remain stored in your account until you delete your KUBY account (or ask us to delete it).
Legal Basis: The processing is carried out for the performance of a contract (Art. 6 (1) (b) GDPR) and – if sensitive data is included – on the basis of your explicit consent when using the tool and sharing it with the guide (Art. 9 (2) (a) GDPR).
10. Streaming of Films and Seminars (Vimeo & pCloud)
To provide films and video seminars in our learning area, we embed videos provided by the services Vimeo.com, Inc. (USA) and pCloud AG (Switzerland).
Vimeo: When you visit a page on which a Vimeo video is embedded, a technical connection to Vimeo’s servers is established. Your IP address is transmitted to Vimeo so that the video can be delivered to your browser. Vimeo may set cookies in this process. The legal basis for this processing is the performance of a contract (Art. 6 (1) (b) GDPR) for courses/films you have purchased, as well as our legitimate interest in the technically flawless delivery of learning content (Art. 6 (1) (f) GDPR). Vimeo is certified under the EU-US Data Privacy Framework.
pCloud: Some files are hosted on pCloud AG servers and streamed from there. From a data protection perspective, Switzerland is considered a secure third country.
11. For Guides: Google Calendar Synchronization
Guides can voluntarily link their Google Calendar (Google Ireland Limited) in their dashboard (begleiter.kuby.info) to automatically synchronize appointments for guidance sessions.
If you activate this function as a guide, we access your calendar via an API to read available times and enter new appointments.
Legal Basis: This is done exclusively on the basis of your consent (Art. 6 (1) (a) GDPR), which you can revoke at any time in your account settings.
12. Use of a Cookie Banner (Consent Management)
To protect your privacy, we use a cookie banner on our websites. We make this as simple and transparent for you as possible: You have the choice of whether you want to “Accept All” or allow “Only Necessary” cookies.
Only if you actively choose “Accept All” will the optional marketing and analytics tools mentioned below be loaded. Technically necessary cookies are loaded to ensure the basic functions of the website (such as logins). Legal Basis: The storage of your settings in the cookie banner and the setting of essential cookies is carried out to fulfill our legal obligations or to perform a contract (Section 25 (2) TDDDG; Art. 6 (1) © GDPR).
13. Analytics and Marketing Tools
Provided you have given your explicit consent (Art. 6 (1) (a) GDPR) in our cookie banner by clicking “Accept All”, we use the following tools to improve our offering and display targeted advertising:
PostHog: An analytics tool (PostHog, Inc., USA) that helps us understand how users navigate through our portal (e.g., which buttons are clicked) to improve the user experience.
Google Analytics: A web analytics service from Google Ireland Limited. Pseudonymized data about your browsing behavior is collected here. We have activated IP anonymization.
Facebook Pixel: A tool from Meta Platforms Ireland Ltd. It helps us measure the success of our advertisements on Facebook/Instagram and show you relevant ads (retargeting).
Third-Country Transfer: With these tools, data may be transferred to servers in the USA. The parent companies of these providers are certified under the EU-US Data Privacy Framework (DPF). You can revoke your consent to these tools at any time (e.g., by deleting your browser cookies) with effect for the future.
14. Email Sending and Newsletter
For communication with you, we use different services depending on the type of email:
System-Relevant Emails (AWS SES): Emails that are absolutely necessary for your account (such as password resets, purchase confirmations, or appointment reminders) are sent via the “Simple Email Service” from Amazon Web Services (USA). Data processing is based on the performance of a contract (Art. 6 (1) (b) GDPR).
Newsletter and Marketing Emails (Quentn): If you actively subscribe to our newsletter or have given us permission to do so, we use the German provider Quentn.com GmbH (Potsdam, Germany). Your click behavior in these emails can be measured in a pseudonymized manner. The processing is based on your consent (Art. 6 (1) (a) GDPR). You can unsubscribe from the newsletter at any time via the link at the end of every email.
15. Use of ClickFunnels (Landing Pages)
For special marketing pages and product launches (e.g., under the domain action.kuby.info), we use the page builder service ClickFunnels (Etison LLC, USA). When you visit these special promotional pages, technical access data is transmitted to ClickFunnels. ClickFunnels is certified under the EU-US Data Privacy Framework (DPF). The processing is based on our legitimate interest in the effective presentation of our marketing campaigns (Art. 6 (1) (f) GDPR).
16. Data Security (SSL or TLS Encryption)
To protect the security of your data during transmission, we use state-of-the-art encryption methods (SSL or TLS) via HTTPS. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
17. Protection of Minors
Since we often work on profound, personal topics within the framework of the KUBY method, our offering is fundamentally aimed at adults. Persons under 18 years of age should only use our services with the prior verifiable consent of their parents or legal guardians. We do not knowingly collect personal data from minors without appropriate consent.
18. Your Rights as a Data Subject
Under the GDPR, you have comprehensive rights regarding your personal data. You have the right at any time:
to request information about your data stored with us (Art. 15 GDPR).
to request the correction of incorrect data or the completion of your data (Art. 16 GDPR).
to request the deletion of your data stored with us (Art. 17 GDPR).
to request the restriction of the processing of your data if certain requirements are met (Art. 18 GDPR).
to data portability, i.e., to receive the data you have provided in a structured, common format (Art. 20 GDPR).
to revoke a previously given consent to us at any time (Art. 7 (3) GDPR). This applies in particular to cookies, newsletters, or session recordings.
to object to the processing of your data, provided this is based on legitimate interests (Art. 21 GDPR).
to complain to a competent data protection supervisory authority (Art. 77 GDPR) if you believe that our processing of your data violates applicable law.
To exercise your rights, simply send us a short email to: office@kuby.info
19. Up-to-dateness and Modification of this Privacy Policy
This privacy policy is currently valid and was last updated in March 2026.
Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed by you on our website at any time.