Privacy Policy
This is a convenience translation. The German version is legally binding.
As of: 15 July 2026
1. Data Controller
The controller responsible for data processing under the General Data Protection Regulation (GDPR), other national data protection laws of the EU member states, and other data protection-related provisions is:
ESTAYA Beyond GmbH
Moritzstr. 13
09212 Limbach-Oberfrohna
Germany
E-mail: hello@sip.coach
Further details about the provider can be found in our Imprint.
2. General Information on Data Processing
We process personal data of our users only to the extent necessary to provide a functioning website, our content, and our services. The processing of personal data generally only takes place after obtaining the consent of the data subject, or on another legal basis permitted by law. Where consent is obtained for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis. Where processing is necessary for the performance of a contract, Art. 6(1)(b) GDPR serves as the legal basis. Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. Where processing is necessary to protect a legitimate interest of ours or of a third party, and where the interests, fundamental rights, and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.
3. Provision of the Website and Creation of Log Files
Each time this website is accessed, our system automatically collects data and information from the accessing computer system (server log files). This includes, among other things: IP address, date and time of the request, content of the request (specific page accessed), access status/HTTP status code, amount of data transferred, the website from which the request originated (referrer), as well as the browser, operating system, and language of the accessing system.
This data is processed solely to ensure trouble-free operation of the website, to detect abuse, and to safeguard IT security, and is not merged with other data sources. The legal basis is our legitimate interest in the security and stability of our systems (Art. 6(1)(f) GDPR).
This website is hosted in Germany on our own infrastructure. Accordingly, server log data is not transferred to third-party providers outside the EU.
4. Cookies and Google Analytics 4
This website uses technically necessary cookies to provide basic functionality. Consent is not required for these (Art. 6(1)(f) GDPR).
In addition (only after your explicit consent via our cookie consent banner), we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies or comparable technologies that enable an analysis of your use of this website. The IP address is anonymized or truncated in this process, so that a direct identification of the data subject is excluded. It cannot be ruled out that data may be transferred to the United States in this context; where applicable, the recipients used are certified under the EU-US Data Privacy Framework (DPF) and/or EU Standard Contractual Clauses of the European Commission are in place as an additional safeguard.
The legal basis for the use of Google Analytics is exclusively your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). Without your consent, Google Analytics remains set to "denied" via Google's Consent Mode, and no corresponding cookies are set nor any analytics data transferred.
You may withdraw your consent at any time with future effect: Change cookie settings. For a complete overview of the cookies we use, their purpose, and their retention period, see our Cookie Policy.
5. Contact by E-mail
If you contact us by e-mail (e.g. to hello@sip.coach), the data you provide (including your e-mail address, and where applicable your name and phone number, as well as the content of your message) will be stored by us in order to process your inquiry. This data is deleted once processing of your request is complete, provided no statutory retention obligations apply.
The legal basis is Art. 6(1)(b) GDPR, where your inquiry relates to the initiation or performance of a contract; otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
6. Registration and Use of the sip.coach App
Using the sip.coach training platform (app.sip.coach) requires registration. The personal data processed during registration and subsequent use (including account data, training and conversation data, and scoring results) is described in detail in the separate privacy notices within the app, which govern the respective usage relationship.
In summary: data is stored in the EU / Germany. For account management and authentication, we use a self-hosted instance of the Keycloak software: login credentials and identity information therefore never leave our own infrastructure, which is operated within the EU. The legal basis is the performance of the usage contract (Art. 6(1)(b) GDPR) and, for team and enterprise accounts, a separately concluded Data Processing Agreement (DPA) with the respective employer as the data controller for its employees' data.
7. Payment Processing via Stripe
To process paid orders, we use the payment service provider Stripe (Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, and affiliated companies, "Stripe"). As part of the checkout process, we transmit the data required for payment processing (including name, payment details, billing address, and amount) to Stripe.
The legal basis is Art. 6(1)(b) GDPR (performance of the contract). This may involve a transfer of data to Stripe group companies outside the EU. For details on that processing and the safeguards applied, see Stripe's privacy policy: stripe.com/privacy.
8. Invoicing and Accounting
To fulfill our commercial and tax law obligations and for invoicing purposes, we use the ERP system Odoo. This involves processing contract, invoice, and payment data, which is retained for the periods required by law.
The legal basis is Art. 6(1)(c) GDPR in conjunction with statutory commercial and tax retention obligations (in particular § 147 of the German Fiscal Code (AO) and § 257 of the German Commercial Code (HGB)).
9. Recipients and Processors
Within our company, access to your data is granted only to those units that need it to fulfill our contractual and legal obligations. To provide our services, we engage carefully selected service providers as processors (Art. 28 GDPR), including for hosting, payment processing (Stripe), accounting (Odoo), and web analytics (Google Analytics, only after consent). We have entered into corresponding agreements with all processors that ensure a level of protection consistent with the GDPR.
10. Data Transfers to Third Countries
Personal data is transferred to countries outside the European Union / European Economic Area ("third countries") only where necessary for the purposes described in this policy, in particular in connection with Google Analytics (after consent) and payment processing via Stripe. In these cases, we ensure an adequate level of data protection through appropriate safeguards, in particular EU Standard Contractual Clauses issued by the European Commission and/or certification of the recipients under the EU-US Data Privacy Framework.
11. Retention Period
Unless a more specific retention period is stated in this policy, we process and retain personal data only for as long as necessary to achieve the respective processing purpose. Where statutory retention obligations apply (such as commercial and tax law retention periods of up to ten years for invoices and accounting records), we retain the affected data for the duration of those obligations; processing for other purposes generally does not take place during that period.
12. Your Rights as a Data Subject
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR)
- Right to withdraw consent given, with future effect (Art. 7(3) GDPR)
To exercise these rights, an informal message to hello@sip.coach is sufficient. App users can also access data export and account deletion directly in their account settings.
13. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your habitual residence, place of work, or the place of the alleged infringement. The authority responsible for our company's registered office is:
Die Sächsische Datenschutz- und Transparenzbeauftragte
(Saxon State Commissioner for Data Protection)
Devrientstraße 1
01067 Dresden, Germany
Phone: +49 351 85471-101
E-mail: saechsdsb@slt.sachsen.de
Web: www.datenschutz.sachsen.de
14. No Automated Decision-Making
We do not use solely automated decision-making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you. The AI-powered scoring within the app evaluates the quality of simulated training conversations and serves exclusively your personal development; no automated decisions with legal effect on you are made on this basis.
15. Currency and Amendment of this Privacy Policy
This privacy policy is currently in effect and dated 15 July 2026. As we develop our website and services further, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current version is always available at this address.
This privacy policy is under ongoing legal review and will be updated accordingly.