Version 1.0 β Effective: January 2026
This Privacy Policy explains how we process and protect your personal data when you use our website www.psynex.de or the services we offer through this website (together "our Services" or "the Platform").
The website and platform is operated by:
Intermac systems
Sendnicher Str. 58a
56072 Koblenz
Germany
Email: info@intermac.de
Phone: +49-151-2755-5942
VAT ID: DE178012433
(hereinafter "the Company", "we", "our" or "us")
Data Protection Contact:
For questions about data protection, contact us at: info@intermac.de
Psynex is a B2B platform for healthcare professionals (psychotherapists, psychologists).
For the processing of patient data of your clients, you as the therapist are the Data Controller under GDPR. We (Intermac systems) act as a Data Processor pursuant to Article 28 GDPR. The terms of data processing are governed by our separate Data Processing Agreement (DPA), which you must accept during registration.
This Privacy Policy primarily concerns:
Your obligations towards your patients:
When you register as a therapist and use the platform, we process the following data about you:
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Name, email, password (hashed), phone | Provision and management of your account | Art. 6(1)(b) GDPR (contract performance) |
| Professional Information | License, specialty, practice address | Verification of authorization to use | Art. 6(1)(b), (c) GDPR |
| Payment Data | Billing address, payment method | Processing subscription payments | Art. 6(1)(b) GDPR |
| Usage Data | Login times, features used, IP address | Provision and improvement of services | Art. 6(1)(f) GDPR (legitimate interest) |
| Communications | Support requests, feedback | Customer service, product improvement | Art. 6(1)(b), (f) GDPR |
When you as a therapist enter patient data into the platform, we process this exclusively on your behalf:
| Data Category | Examples | Purpose |
|---|---|---|
| Patient Master Data | Name, date of birth, contact details, insurance number | Identification, insurance applications |
| Health Data (Art. 9 GDPR) | Diagnoses, symptoms, treatment progress, therapy notes | Documentation, therapy report creation |
| Session Data | Audio transcripts, session notes, treatment plans | AI-assisted documentation and reporting |
| Insurance Data | Insurance provider, coverage approval, application status | Creating reimbursement applications |
Legal basis for patient data:
We collect data from the following sources:
Access to data is limited to:
Your patient data is not visible to anyone but you β we have no access to encrypted field contents.
We use the following sub-processors under Article 28 GDPR:
| Service Provider | Service | Location | Data Protection Guarantees |
|---|---|---|---|
| Hetzner Online GmbH | Server hosting, data center | Germany (Falkenstein, Nuremberg) | DPA under Art. 28 GDPR, ISO 27001 certified |
| OpenAI LLC | AI text processing (transcription, report generation) | EU servers (data does not leave EU) | Business Associate Agreement (BAA) for HIPAA compliance, DPA for GDPR |
| Stripe Payments Europe Ltd. | Payment processing | Ireland (EU) | GDPR compliant, PCI-DSS Level 1 certified |
Your data (especially patient data) is primarily processed in Germany:
For AI text processing, we use OpenAI's EU-based infrastructure:
Transparency about OpenAI:
OpenAI LLC is headquartered in the USA but operates dedicated EU servers. Under the BAA, health data remains on EU servers and is subject to GDPR protection. Access by US authorities is restricted by BAA and contractual safeguards, though residual risk cannot be completely excluded.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion + 30 days | Contract performance, then deletion required |
| Patient Data | As long as you wish, max until account deletion + 30 days | Data processing β you control deletion |
| Billing Data | 10 years after year-end | Tax retention requirements |
| Backups | Max. 90 days (rolling system) | IT security, then automatic deletion |
| Log Files | 30 days, IP addresses anonymized after 14 days | IT security, abuse prevention |
| Support Correspondence | 3 years after last message | Traceability, quality assurance |
We take the security of your and your patients' data very seriously. The following measures are implemented:
You have the following data protection rights regarding your own data:
You can request a copy of all data stored about you at any time. You can view your profile data through your account dashboard.
You can request corrections if your data is inaccurate or incomplete. You can edit profile data yourself in your account.
You can request deletion of your data when:
Practical: Use "Delete Account" function in profile β all data permanently deleted after 30 days.
You can receive your data in a structured, commonly used format. Practical: Export function for all your data (JSON/CSV format).
For processing based on legitimate interests, you can object. For direct marketing, you can object at any time (opt-out in every marketing email).
You have the right to lodge a complaint with a data protection supervisory authority.
For Rhineland-Palatinate:
Der Landesbeauftragte fΓΌr den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34, 55116 Mainz
poststelle@datenschutz.rlp.de
Contact to exercise your rights:
Email: info@intermac.de
We respond to requests within 30 days.
We use only technically necessary cookies for platform operation:
| Cookie Name | Purpose | Duration |
|---|---|---|
session_token | Authentication (login session) | 30 days or until logout |
csrf_token | Protection against CSRF attacks | 1 day |
β No tracking or marketing cookies
We do not use Google Analytics, social media tracking pixels (Facebook, LinkedIn), advertising cookies, or third-party cookies.
For newsletter signup, we use double opt-in. You can unsubscribe at any time (link in every email). Legal basis: Art. 6(1)(a) GDPR (consent).
Our website may contain links to external websites. We have no control over their privacy practices. When you click, you leave our area of responsibility.
Our platform is intended for adult professionals. We do not knowingly collect data from persons under 18.
We use AI (OpenAI) only as assistance (transcription, report generation). All final decisions are made exclusively by the therapist. There is no automated decision-making within the meaning of Art. 22 GDPR.
No profiling: We do not create profiles for marketing or creditworthiness purposes.
In case of a data breach:
We reserve the right to update this Privacy Policy. We will notify you of material changes by email (at least 14 days in advance).
Current version: Always available at www.psynex.de/privacy-policy
For questions, requests, or complaints about data protection, contact us:
Intermac systems
Norbert Doetsch
Sendnicher Str. 58a
56072 Koblenz, Germany
Email: info@intermac.de
Phone: +49-151-2755-5942
Response time: We respond to requests within 30 days.
Effective: January 2026 | Version: 1.0
This Privacy Policy was prepared with the utmost care. It does not constitute legal advice. For specific questions, please consult a data protection expert or attorney.