top of page
Untitled design-5.png

PRIVACY POLICY

English Version

We hereby inform you about the processing of your personal data when using our website/app and when communicating with us (Articles 12–14 of the General Data Protection Regulation, EU 2016/679, abbreviated to GDPR).

1 Responsible

The person responsible for processing in accordance with Article 24 GDPR is

Isabella Braun as owner of askisa

Husarenweg 31

1220 Vienna 

hello@askisa.app 

2 Your rights

You have the following rights in relation to personal data:

  • Right to withdraw consent under data protection law (Article 7(3) GDPR)

  • Right of access by the data subject, right to confirmation and provision of a copy of personal data (Article 15 GDPR)

  • Right to rectification (Article 16 GDPR)

  • Right to erasure, ‘right to be forgotten’ (Article 17 GDPR)

  • Right to restriction of processing (Article 18 GDPR)

  • Right to notification, obligation to notify in connection with the rectification or erasure of personal data or restriction of processing (Article 19 GDPR)

  • Right to data portability (Article 20 GDPR)

  • Right to object (Article 21 GDPR)

  • Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)

  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

 

3 Security, functionality and user-friendliness of the website

This processing serves the purpose of system security, functionality and user-friendliness of the website. For this purpose, we process your connection data (IP address, device information, browser types). The legal basis for this processing is Article 5(1)(d) GDPR and Article 5(2) GDPR. The secure processing of personal data is required by law. If you do not provide us with the aforementioned data, we cannot carry out this processing.

4 Provision of the website/app

This processing serves to establish a connection between our web server and your browser for the use of our website. For this purpose, we process your connection data (IP address, device information, browser types). The legal basis for this processing is Article 6(1)(b) GDPR. The processing of the aforementioned data is necessary for our web server to establish a connection with your browser for the use of our website. If you do not provide us with the aforementioned data, we cannot offer you our website. The storage period for this processing of the aforementioned data is the duration of your browser session.  

5 Fulfilment of data subject rights

This processing serves to fulfil data subject rights. We process the personal data provided. The legal basis for this processing is Article 6(1)(c) GDPR. The storage period for this processing of personal data is three years.

6 Contact data processing

This processing serves to initiate contracts and communicate with customers. We process the following personal data: contact details; availability; communication content. The legal basis is Article 6(1)(b) GDPR. The processing of the aforementioned data is necessary for the provision of our services and for the implementation of pre-contractual measures. If you do not provide us with the aforementioned data, we cannot carry out the aforementioned processing. The storage period for the processing of the aforementioned data is until you revoke your consent. You can revoke your consent to this processing at any time with future effect by sending an email to hello@askisa.app

6.1 Data from users (app users)

We process the following data in particular when creating and using accounts:

  • Account data and profile: first name, surname, email address, date of birth (optional), country, creation/change dates, version and time stamp of consent to the terms and conditions/privacy policy, marketing consent (opt-in).

  • Specialist user code and link: code entered, assignment to a professional person (ID) and time of change.

  • Exercise and training data (metadata): e.g. exercise title, category, repetitions, rounds, equipment, notes, time stamp.

Important: Videos
Exercise videos are only stored locally on the device and are not uploaded to our servers. The app stores video file paths and preview images locally. The videos are protected by iOS device protection mechanisms (file protection/encryption) and are excluded from cloud backups (as far as technically implemented).

6.2 Data from professionals

When professional users use Askisa, we process the following in particular:

  • Registration and contact details: name, email and practice/organisation 

  • Contract and billing details: contract status, billing details, payment status, product/plan.

7 Data storage 

The personal data transmitted by users is stored and processed exclusively on servers within the European Union.

Our central backend services (storage/processing) are:

For backend services, database management, authentication, and secure data storage, we use Supabase Inc.

Supabase processes personal data exclusively on servers located within the European Union (EU region).

Supabase acts as a data processor in accordance with Art. 28 GDPR. A data processing agreement has been concluded with Supabase.

The processing of personal data is carried out on the basis of Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (secure and efficient operation of our services).

Further information on data protection at Supabase: https://supabase.com/privacy

 

This website and its associated services are hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

All personal data processed via this website is stored exclusively on servers located within the European Union.

Hetzner acts as a data processor in accordance with Art. 28 GDPR. A data processing agreement has been concluded with Hetzner to ensure the protection of personal data.

The legal basis for data processing is Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision of our services).

Further information: https://www.hetzner.com/legal/privacy-policy

 

 

Payments on this website are processed via Stripe, a payment service provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

When you make a payment, personal data such as your name, email address, billing address, payment details, IP address, and transaction information is transmitted directly to Stripe. We do not store or process full payment details ourselves.

The processing of payment data is carried out for the purpose of fulfilling contractual obligations in accordance with Art. 6(1)(b) GDPR. Stripe may also process data on the basis of its legitimate interests in fraud prevention and payment security (Art. 6(1)(f) GDPR).

Data may be transferred to Stripe servers outside the European Union, in particular to the United States. Stripe ensures an adequate level of data protection through the use of EU Standard Contractual Clauses.

Further information on data processing by Stripe can be found in Stripe’s privacy policy:
https://stripe.com/privacy

 

8 Specialist user link and data sharing

By signing up, you, as the expert, confirm that all exercises assigned to patients via Askisa are selected and prescribed solely based on your professional judgment and responsibility.

Askisa acts exclusively as a technical platform for documenting and providing access to exercises. Askisa does not assume any responsibility or liability for the execution of exercises, nor for any pain, injury, or health issue arising from exercises performed by patients independently and outside of supervised sessions.

When a user enters a specialist user code and thereby establishes a link, selected data is made visible to the specialist users. This includes: first and last name, date of birth, and exercise metadata (e.g. title, category, repetitions, rounds, equipment). Videos are not shared and remain exclusively on the local device.

The user can revoke the link at any time or change specialist users. After the change, the data link to the previous specialist users is removed and data sharing is terminated.

9 Newsletter

This processing is used to communicate news, promotions and similar content related to our company. We process the following data: your email address; Contact details. The legal basis for this processing is Article 6(1)(a) GDPR. The storage period for this processing of the aforementioned data is until you revoke your consent. You can revoke your consent to this processing at any time with future effect in writing, by email to hello@askisa.app or (if available) by clicking on an unsubscribe link integrated into the respective newsletter.

10 Data storage period

We use the services of Wix.com Ltd. (https://de.wix.com/) to provide the website. Unless a different data storage period is specified above, the storage period according to the service provider (Wix.com Ltd.) is 30 days. For the storage period of cookies, see the table at https://www.wix.com/about/cookie-table. 

For the operation of the Askisa WebApp and for server-side functions, we process personal data via our backend infrastructure (including Supabase and hosting/server operation).

  • Account and profile data are stored for the duration of the existing user account.

  • Specialist user links and exercise metadata are stored for as long as the link is active or until the account is deleted or the link is revoked.

  • Billing and contract data (if available) are stored in accordance with the statutory retention requirements (usually 7 years).

After deletion of the account, the data are deleted unless there are statutory retention requirements to the contrary.

Data processed within the Askisa iOS app are mainly stored locally on the user's device.

  • Exercise videos and preview images are stored exclusively locally and are not uploaded to our servers.

  • Training, exercise and tracker data remain on the device until they are deleted by the user or the account is deleted or the app is uninstalled.

Local storage is subject to the security mechanisms of the respective operating system (e.g. device lock, file encryption).

 

Cookies and local storage on askisa.app (Therapist Dashboard)

When you visit askisa.app we set technically necessary cookies and use your browser’s local storage (localStorage/sessionStorage). You may also choose to allow optional storage.

 

1. Cookie notice and your choice

On your first visit, a cookie notice appears at the bottom of the screen. You can choose:

  • “Accept all” – We store your consent and your language preference (see “Optional storage”).

  • “Necessary only” – Only the data listed under “Necessary cookies and storage” are used. Optional entries are not stored or are deleted.

Your choice is stored so the notice does not appear on every visit. You can also use "Cookie settings" in the app (footer or Settings) to change or withdraw consent.

 

2. Necessary cookies and storage (without consent)

This data is required to run the dashboard and to perform login and registration/payment. Legal basis: Art. 6(1)(b) GDPR (contract performance or pre-contractual steps).

Name

Type

Purpose

Storage duration / deletion

sb_access_token

Cookie

Session cookie for logging in to the therapist dashboard

Session / until logout

just_completed_signup

localStorage

Marks that registration has just been completed

Short-term (minutes)

clinic_signup

localStorage / sessionStorage

Temporary storage of clinic registration until completion

Until completion or abandonment

clinic_package_info

localStorage

Temporary storage of selected clinic packages

Until registration is completed

signup_data

sessionStorage

Temporary storage of solo therapist registration

Until completion or abandonment

 

 

3. Optional storage (only when “Accept all” is chosen)

Only if you chose “Accept all” in the cookie notice do we additionally store:

Name

Type

Purpose

Legal basis

askisa_cookie_consent

localStorage

Stores your cookie consent (“accepted” / “declined”)

Art. 6(1)(a) GDPR

askisa_lang

localStorage

Stores your language preference (e.g. English/German)

Art. 6(1)(a) GDPR

 

 

Without this consent these entries are not set, or are deleted if you chose “Necessary only”. Language selection then works only for the current session (no persistent storage).

 

4. No third-party cookies

We do not currently set any third-party cookies or scripts on the therapist dashboard for analytics or advertising. Stripe (payment processing) is only used as part of the checkout process; Stripe’s privacy policy applies to the payment page.

 

5. Your rights

You have the right to access, rectification, erasure, restriction of processing, data portability, and to object (Arts. 15–22 GDPR). To exercise these rights or to withdraw your cookie consent you may:

  • use "Cookie settings" in the app (footer on landing and login pages, or in Settings in the dashboard), or

  • clear the stored data (cookies and site data) for askisa.app in your browser, or

  • contact us at hello@askisa.app.

After clearing or withdrawal, the cookie notice will appear again on your next visit; necessary cookies will still be set for login and operation of the service.

 

11 Push notifications, camera, microphone and biometrics

The app may request permissions for certain functions. The camera and microphone are used to record exercise videos; recordings are stored locally on the device. Push notifications are used for optional reminders (e.g. training reminders). Biometric unlocking (Face ID/Touch ID) is optional; the app does not store any raw biometric data, only the setting indicating whether this function is activated.

12 Logs, crash data, performance data

To ensure stability and security, technical diagnostic data may be collected (e.g. crash information, error logs, performance information). We use such data exclusively for troubleshooting and improving the app.

13 Marketing analysis

We analyse your user behaviour for our marketing purposes. If you consent to web analysis, data about your usage behaviour will be processed. The legal basis for this processing is Article 6(1)(a) of the GDPR. For the storage period of marketing-related cookies, see the table at https://www.wix.com/about/cookie-table. 

We place advertisements on Facebook and Instagram. In this context, we have integrated the ‘Meta Pixel’ on our website.

The Meta Pixel enables us to:

Measure the success of Facebook advertising campaigns.

Re-target visitors to our website with advertisements on Facebook and Instagram.

Personalise the advertisements to the previously viewed pages or products.

The Meta Pixel is provided to us by Meta Platforms Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

During your visit to the website, the following data, among other things, is transmitted to Meta:

Pages or URLs viewed

Orders, including sales and products ordered

The achievement of ‘website goals’ (e.g. contact enquiries and newsletter registrations)

Your internet connection data (IP address)

Technical information such as browser, device and screen resolution

A randomly generated user ID

A randomly generated ad click ID if you arrived at our website via an advertisement

No personal data such as name, address or contact details are transferred to Facebook.

This data may also be transferred to Meta servers in the USA.

Meta stores cookies in your web browser for a period of one year from your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website. If you are logged into Meta platforms such as Facebook/Instagram, Meta can also associate your visit with your Facebook/Instagram account.

If you do not agree to this collection, you can prevent it by installing a tracking blocker add-on in your browser or by rejecting cookies via our cookie settings dialogue.

bottom of page