Information on the processing of personal data in accordance with Art. 13 GDPR
Last updated: 23.06.2026
Controller within the meaning of the General Data Protection Regulation (GDPR):
Martin Körber
[STREET AND NUMBER]
[POSTCODE CITY]
Germany
Email: m.koerber@vm-international.de
The protection of your personal data is important to me. I process your data exclusively on the basis of statutory provisions (GDPR, German Federal Data Protection Act BDSG, TTDSG).
Qala is built to be intentionally data-minimising: only data that is strictly necessary to provide the service is collected.
3.1 When you visit this website
When you call up the website, your browser automatically transmits technical data to the server (server log files): IP address, date and time, page called, referrer, user-agent. These data are stored for a maximum of 14 days for technical security reasons (in particular to ward off attack attempts) and then deleted.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in security).
3.2 During registration
When you register via the form we collect: church name, contact name, email address, country. These data are required to create and manage your licence key and stored until deletion of the account.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
3.3 When logging into the portal
To secure the portal we store a bcrypt-hashed fingerprint of your password. Your plaintext password is never stored.
Legal basis: Art. 6 para. 1 lit. b GDPR.
3.4 When using the Qala desktop app
The Qala app runs locally on your computer. Spoken language is processed exclusively on your device (OpenAI Whisper). Only the already-transcribed text is sent to the AI provider you have chosen (e. g. Google Gemini, Anthropic Claude, OpenAI) — not to our server. We have no access to the content of your sermons.
3.5 Licence validation
Once a day the app sends a licence validation request to our server so your licence is renewed automatically. Transmitted are: the licence key and a hashed hardware fingerprint (SHA-256 of the MAC address). No content from the service is transmitted.
Legal basis: Art. 6 para. 1 lit. b GDPR.
For sending transactional emails (licence key, portal links) we use the service provider Postmark operated by ActiveCampaign, LLC, based in the USA. When sending, your email address and the email content are transmitted to Postmark.
To safeguard the data transfer to a third country we have concluded EU standard contractual clauses with ActiveCampaign. Further information: postmarkapp.com/privacy-policy.
Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance).
This website uses only technically necessary cookies (session cookie for language preference and admin/portal login). No tracking takes place and no third-party cookies are set.
Legal basis: § 25 para. 2 no. 2 TTDSG (technically required).
We use no tracking, analytics tools, advertising pixels or social media integrations whatsoever. No usage profiles are created.
This website is hosted by [HOSTER NAME, address]. The servers are located in Germany/the EU. A data processing agreement under Art. 28 GDPR has been concluded with the hoster.
You have the right at any time:
To exercise your rights, an informal email to m.koerber@vm-international.de is sufficient.
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
The competent supervisory authority for us is:
[COMPETENT DATA PROTECTION AUTHORITY OF YOUR GERMAN STATE, address + website]
We reserve the right to adjust this privacy policy in order to always comply with current legal requirements or changes to the service. The new privacy policy then applies from the time of publication. The current version is always available on this page.