Privacy Policy

kommunikationstrainer.ai

1. Privacy at a Glance

The protection of your personal data is important to us. In this privacy policy, we inform you about which personal data is processed when using our website and VR application, for what purposes this occurs, and what rights you have.

2. Controller

ImmBlend GmbH

Unterer Geisberg 26

96129 Strullendorf

Germany

Email: stephan.lohss@immblend.de

3. Hosting and Server Log Files

Our website is operated by an external hosting provider. When accessing the website, information is automatically collected and stored in so-called server log files. This data includes in particular:

  • IP address (shortened or anonymized where technically possible)
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made (referrer URL)
  • Browser and operating system used

Purpose of processing:

  • Ensuring smooth connection establishment
  • System security and stability
  • Technical administration

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)

4. Contact

If you contact us by email, the personal data you provide (e.g., name, email address, content of the inquiry) will be stored to process your request.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual measures), Art. 6 (1) lit. f GDPR (legitimate interest)

5. Cookies and Similar Technologies

Our website uses technically necessary cookies as well as — with your explicit consent — analytics cookies. On your first visit, a cookie banner is displayed where you can grant or deny consent. You can change your preferences at any time via the "Cookie Settings" link in the website footer.

Essential Cookies

Authentication (accessToken, refreshToken), language setting (NEXT_LOCALE), cookie consent (ibki_consent). These cookies are required for operation and cannot be disabled.

Analytics Cookies (consent required)

Microsoft Clarity (_clck, _clsk, CLID) — see Section 5a.

Legal basis: Art. 6 (1) lit. f GDPR (essential cookies), Art. 6 (1) lit. a GDPR (analytics cookies, consent)

5a. Web Analytics with Microsoft Clarity

We use Microsoft Clarity, a web analytics service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA). Clarity is only activated after explicit consent via our cookie banner.

Data collected:

  • Click behavior, scroll behavior, mouse movements
  • Session recordings (anonymized)
  • Heatmaps of page interactions
  • Page views, time on page, device/browser information

Cookies set:

  • _clck — User ID (duration: 1 year)
  • _clsk — Session linking (duration: 1 day)
  • CLID — Device ID (duration: 1 year)

Microsoft processes data under the EU-US Data Privacy Framework (DPF). More information: Microsoft Clarity Privacy Policy

Legal basis: Art. 6 (1) lit. a GDPR (consent). You can withdraw your consent at any time via the cookie settings.

6. Third-Party Services and Content

We use the following external service providers:

Vercel Inc. – Hosting & Delivery

Server location: Frankfurt, Germany (EU)

Vercel Privacy Policy

Microsoft Azure – Backend, Speech Analysis & Text Processing

Server location: Europe (EU region)

Microsoft Privacy Statement

OpenAI – AI-powered Speech Analysis, Feedback & Speech Synthesis

Services: GPT-4 (feedback generation), TTS (text-to-speech fallback), DALL-E (AI avatar generation). Data transmitted: transcripts, speech metrics, avatar descriptions. Server location: USA with EU-US DPF & Standard Contractual Clauses.

OpenAI Privacy Policy

Mistral AI – AI-powered Dialog Trainer

Services: Speech recognition (Voxtral STT), language model (Mistral Chat), speech synthesis (Voxtral TTS). Data transmitted: audio data (for transcription), conversation history, text responses. Server location: France (EU).

Mistral AI Privacy Policy

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest) and Art. 28 GDPR (data processing agreement)

7. Data Processing in the Web App (kommunikationstrainer.ai)

The following personal data is processed when using our web app:

Account Data

Name, email address – for authentication and account management

Recording Data (Audio & Video)

Presentation recordings are captured during training sessions and stored on Microsoft Azure (EU). They are retained until account deletion.

Speech Recognition & Transcription

Audio data is converted to text using Microsoft Azure Speech (server location: West Europe). The audio file itself is not transmitted to OpenAI.

Text Analysis (Azure Language Service)

The transcript is additionally analyzed using Microsoft Azure Text Analytics for sentiment, key phrases, and sentence structure. Processing takes place exclusively on Azure servers within the EU.

AI Analysis & Feedback

To generate personalized feedback, the following data is transmitted to OpenAI: transcript text, speech metrics (speaking pace, pauses, pitch, volume), sentiment scores, and detected filler words. Audio data is not transmitted. No permanent storage takes place at OpenAI.

Note: Pitch and volume analysis measures technical speech quality metrics (variation, consistency, clarity) and does not infer emotional states.

Results & Progress Data

Scores and analysis results are stored on our servers and accessible to the user within the app.

Technical Data

IP address, browser type, timestamps – for technical operation and security only.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract)

7a. Dialog Trainer – AI-powered Conversation Simulation

Our Dialog Trainer allows users to practice realistic conversation scenarios with AI-controlled characters. The following data is processed:

Voice Recordings (Audio)

Your voice input is transmitted to the server in real time as audio data (PCM16, 24 kHz) and converted to text using Mistral AI Voxtral (France, EU). Raw audio data is not permanently stored — only the resulting transcript is retained within the session.

AI Conversation Processing

The transcript is sent to Mistral AI (language model) to generate a contextual response. The response is then converted to synthetic speech using Mistral AI Voxtral TTS and played back as audio. If Mistral TTS is unavailable, OpenAI TTS is used as a fallback.

AI-generated Characters & Avatars

Conversation partner avatars are generated using OpenAI DALL-E. These images are AI-generated and do not depict real persons. The cloned voices are based on professionally created voice samples and are not voices of real users.

Conversation Logs & Feedback

Conversation transcripts (text messages from both sides) are stored and can be reviewed by the user. AI-generated feedback with ratings is also stored.

Notice pursuant to EU AI Act (Art. 50):

  • You are interacting with an AI system, not a human being.
  • The conversation partner's voice is synthetically generated (text-to-speech).
  • Avatar images are AI-generated (DALL-E).
  • Feedback and ratings are automatically created by AI.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract), Art. 28 GDPR (data processing agreement)

7b. Group Messaging & Direct Messages

Our platform offers an integrated messaging function for group and direct messages. The following data is processed:

  • Text messages: Content, sender, timestamp
  • Media files: Images (max. 5 MB) and voice messages (max. 10 MB), stored on Microsoft Azure (EU)
  • Read receipts: Time at which a message was read
  • Real-time delivery: Messages are delivered in real time via WebSocket (encrypted via WSS)

Other group members can see your username, profile picture, and your messages within the respective group.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract)

8. VR App "kommunikationstrainer.ai" and In-App Usage

In addition to the website, we offer a VR application ("kommunikationstrainer.ai") in the Meta Quest Store. Within the app, some technical services, content, and backend functions of the website are used.

The processing of personal data within the app takes place exclusively for the following purposes:

  • Provision of training functions
  • Technical operation and stability
  • Didactic optimization of content

No performance or behavior monitoring in the sense of employment law takes place.

9. AI-Powered Functions (Web App & VR App)

Our platform uses AI-powered functions for speech analysis, real-time feedback, and conversation simulation. We use OpenAI (USA, with DPF certification) and Mistral AI (France, EU) as our AI service providers.

The processing of user inputs (speech, transcript) occurs exclusively at runtime. The following applies:

  • No personal data is used for training, fine-tuning, or further development of the AI models (neither by OpenAI nor by Mistral AI).
  • Presentation Trainer: Audio data is converted to text using Azure Speech (EU). The transcript and speech metrics are transmitted to OpenAI for feedback generation. Raw audio data is not transmitted to OpenAI.
  • Dialog Trainer: Audio data is converted to text using Mistral AI Voxtral (France, EU). The conversation history is processed by Mistral AI and returned as synthetic speech. If unavailable, OpenAI TTS is used as a fallback.
  • User inputs are not permanently stored at the AI providers, not shared, and not used for profiling or advertising.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract), Art. 28 GDPR (data processing agreement)

10. Meta Quest / Meta Platforms, Inc.

The VR app is provided through the Meta Quest platform. Meta Platforms, Inc. processes personal data independently (e.g., account, device, and usage data).

We have no influence on this data processing.

Meta's privacy policy applies: https://www.meta.com/legal/privacy-policy/

11. Data Transfer to Third Countries

Web App (kommunikationstrainer.ai):

Most service providers (Microsoft Azure, Mistral AI) process data on servers within the EU. For the following services, data is transferred to the USA:

  • OpenAI (GPT-4, TTS, DALL-E) — safeguarded by EU-US Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs)
  • Vercel (Hosting) — servers in Frankfurt (EU), company headquartered in USA, safeguarded by DPF
  • Microsoft Clarity (Analytics, consent-based only) — safeguarded by DPF and SCCs

VR App (Meta Quest):

The VR app uses the Meta Platforms, Inc. (USA) platform. Meta processes platform data independently. The transfer is based on EU Standard Contractual Clauses (Art. 46 GDPR).

12. Storage Duration

Session Recordings & Analysis Results

Stored until the user deletes their account. No automatic deletion due to inactivity.

Account Deletion by the User

Users can delete their account and all associated data at any time via the app settings, or by contacting us at info@immblend.de.

After Account Deletion

All personal data is permanently deleted within 30 days of account deletion.

Statutory retention obligations (e.g., tax law requirements) remain unaffected.

13. Rights of Data Subjects

You have the right at any time to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7 (3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact: stephan.lohss@immblend.de

Competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach, Germany
www.lda.bayern.de

14. Updates and Changes

This privacy policy is updated as needed, e.g., for technical developments or legal changes.

The current version on this website always applies.

Last updated: June 2026