Aethera

Legal

Privacy Policy

Last updated: 15 May 2026

1. Controller

The data controller responsible for this website under Art. 4(7) GDPR is AETHERA Institute, Düsseldorf, Germany. Contact: contact@aetherainstitute.com.

2. Scope

This policy explains how we collect and process personal data when you visit aetherainstitute.com, create a member account, or undertake the Biological Adaptability Assessment™.

3. Data we process

  • Account data — email address, name, encrypted password, account preferences.
  • Assessment data — answers you provide, derived scores and reports.
  • Technical data — IP address, device, browser, log data, strictly for security and operation.
  • Payment data — handled by our PCI-compliant processor (Stripe). We do not store card numbers.

4. Legal basis

  • Performance of contract (Art. 6(1)(b) GDPR) — to provide the assessment and member space.
  • Legal obligation (Art. 6(1)(c) GDPR) — accounting and tax retention.
  • Legitimate interest (Art. 6(1)(f) GDPR) — security, fraud prevention, service improvement.
  • Consent (Art. 6(1)(a) GDPR) — for non-essential cookies and marketing.

5. Recipients & processors

We rely on carefully selected processors bound by data-processing agreements: Supabase (EU hosting, authentication, database), Stripe (payments), and email delivery providers. Data may be processed within the EU/EEA; any transfer outside the EEA relies on Standard Contractual Clauses.

6. Retention

Account and assessment data are retained for the lifetime of your member account. You may request deletion at any time. Statutory records (e.g. invoices) are kept for the legally required period.

7. Your rights

Under Art. 15–22 GDPR you have the right to access, rectification, erasure, restriction, data portability and objection. You may withdraw consent at any time without affecting prior lawful processing. To exercise these rights, write to contact@aetherainstitute.com. You also have the right to lodge a complaint with a supervisory authority — for North Rhine-Westphalia, the LDI NRW.

8. Cookies

We use strictly necessary cookies and, with your consent, analytics cookies. See our Cookie Policy for details, or .

9. Security

Data is encrypted in transit (TLS) and at rest. Access to member data is restricted by role-based permissions and audited.

10. Changes

We may update this policy to reflect changes in our practice or the law. The current version is always available on this page.