Privacy Policy — His World
Updated: May 3, 2026.
This policy explains how VIA AD ME processes personal data when using the His World website, the His space service, the demo version, paid plans, and related services. The policy is prepared in accordance with GDPR/DSGVO, German data protection legislation, and cookie/local storage requirements.
Data controller
The data controller is VIA AD ME, a project registered in Europe. Contact for privacy inquiries: support@viaadme.com. If a separate Impressum / Anbieterkennzeichnung is published on the website, the details from it complement this policy.
What data do we process
We may process: email, language, selected world, plan, subscription start and end date, access code, password hash, code usage status, amount of storage used, space records, answers to questions, drawings, uploaded photos, audio recordings, file metadata (type, size, MIME type, page number, file key), payment and transaction details from Stripe and PayPal, support messages, technical request data (e.g., IP address, time, browser, errors), as well as cookie and localStorage data.
For what purpose and on what basis
We process data to provide digital space and access to the selected plan, store your records and files, process payments, confirm purchases, send service messages, ensure security, prevent abuse, fulfill accounting and tax obligations, respond to inquiries, and improve service stability. Legal bases: performance of a contract (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c)), legitimate interest in security and service support (Art. 6(1)(f)), and for non-essential cookies, marketing, or specific features — your consent (Art. 6(1)(a)).
Where is the data stored
The digital space base is stored in Europe. Texts, answers, account information, and subscriptions are stored in Supabase. Uploaded photos, drawings, and audio files are stored in Cloudflare R2 object storage. We strive to use European storage regions and data processing agreements with contractors. If a separate provider, such as Stripe, PayPal, Cloudflare, or a mailing service, processes data outside the EEA, GDPR protection mechanisms apply, including standard contractual clauses when necessary.
Subscription and storage period
Access to the digital space is provided for 1 year from the date of purchase unless otherwise stated on the purchase page. After the subscription ends, all data in the space across all plans is completely deleted: records, responses, drawings, photos, audio, file metadata, and associated user content. Deletion is final and recovery is impossible. In the PROFUNDUM and REDUX plans, the function to download your completed journal is available until the subscription ends. In PROFUNDUM, the download excludes the Spatium zone; access to Spatium is available only in REDUX. Payment and accounting data may be stored longer if required by EU or German law, such as tax and commercial obligations.
Demo version
The demo version is intended for a preliminary acquaintance with the logic and interface of the space. In the demo version, data may only be temporarily stored in the browser's memory or localStorage and may be reset. Do not enter information in the demo version that you do not want to lose.
Cookies and local storage
The site uses necessary cookies and localStorage for the interface to function, to remember cookie consent, to log into the digital space, the selected language, world, plan, and to return from PayPal checkout. For example, the service cookie via_paypal_checkout is stored for up to 45 minutes, is used only to complete the payment, and is set as HttpOnly/SameSite. Cookies and localStorage that are not strictly necessary are used only with consent where required by GDPR and German TDDDG. You can change your browser settings, clear cookies/localStorage, or decline optional cookies in the banner.
Who receives the data
Access to the data is granted only to those contractors and services necessary for the project: hosting and infrastructure, Supabase, Cloudflare R2, Stripe, PayPal, mailing and support service tools, as well as technical specialists who need access for support. We do not sell the content of the space and do not use it for advertising third parties.
Your content and sensitive information
The space may contain personal and emotionally sensitive records. You decide what to include. Do not upload illegal content, others' personal data without basis, medical documents, government documents, credit cards, or other information that is not needed for using the space.
Your rights
Under GDPR, you can request access to data, correction, deletion, restriction of processing, portability, objection to processing based on legitimate interest, and withdrawal of consent for the future. You can also file a complaint with the data protection authority in your country of residence or in Germany, if applicable. Send requests to support@viaadme.com.
Security
We use technical and organizational protection measures: access restriction, password hashing, RLS policies in the database, service keys only on the server, HTTPS, and access segregation to user data. No online service can guarantee absolute security, so keep access to your email and password confidential.
Policy changes
We may update this policy when the law, infrastructure, or functions change. The current date is indicated at the top. Significant changes, if required by law, will be communicated to users in a reasonable manner.