Immerstory - Tell Your Story with Immersive Experiences

Privacy Policy

Your privacy matters to us! We handle your data securely, responsibly, and only for the purposes you've trusted us with.

1. Introduction

Welcome to Immerstory ("we," "us," or "our"). At Immerstory, we are committed to protecting your privacy and ensuring the security of your personal data.

This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you use our services.

2. Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Immerstory GmbH
Pferdebachstr. 38
58455 Witten
Germany
Email: privacy@immerstory.com

3. Information We Collect

Personal Information: We may collect personal information such as your name and email address when you submit a request through our contact form or send an email.

Log Data: We collect information that your browser or device sends when you access our services. This may include your IP address, browser type, operating system, and other usage information.

Cloudflare Data: Our website uses Cloudflare as a security service. Cloudflare may collect the following data: IP addresses, browser type, operating system, referrer URLs, timestamps, access times, geographic location data, and other technical information to improve website security.

4. How We Use Your Information

Providing Services: We use your personal information to handle your request, including key account management, project management, and customer support.

Improving Services: We may use data, including log data and usage information, to analyze and improve our services and user experience.

Communication: We may use your contact information to communicate with you, including sending updates, newsletters, and notifications related to our services. You can opt out of these communications at any time.

5. Cookies

We use only technically necessary cookies that are required for the proper functioning of our website. We do not use cookies for personalization, tracking, or marketing purposes.

We use only the following technically necessary cookies:

Cloudflare Cookies: Cloudflare sets technically necessary cookies such as __cf_bm, __cfduid, and others to ensure the security and performance of our website. These cookies are essential for bot detection, protection against DDoS attacks, and the proper functioning of the website.

We use cookies exclusively for the following technically necessary purposes:

Security and protection against attacks.
Ensuring proper website functionality.
Technical optimization of website performance.

Since we only use technically necessary cookies, these are required for the proper functioning of our website. Disabling these cookies may affect the functionality and security of our website. For more information on how to manage cookies, please refer to your browser's help documentation.

By using our services, you consent to the use of technically necessary cookies that are required for the proper functioning of our website. Since we do not use non-essential cookies, no separate cookie consent is required.

6. Web Analytics with Umami

Purpose: We use Umami to receive privacy-friendly, aggregated statistics about how our website is used. This helps us understand which pages are visited, whether the website is working technically, and how we can improve content and user experience. The analytics are not used for marketing, profiling, advertising, retargeting, or individual behavioral evaluation.

Self-hosted setup: Umami is operated by us as a first-party service at analytics.immerstory.com and self-hosted in the EU. The data is not transferred to an external marketing or advertising analytics provider.

Data categories: Umami processes minimized usage data such as visited pages, referrer, time of page view, language, browser, operating system, device type, and a coarse location such as country or region. IP addresses may be processed technically for delivery, security, and coarse location derivation, but are not stored in our analytics reports as directly identifying information.

No non-essential tracking: Our current implementation loads only Umami's standard script. It does not use cookies, local storage, persistent identifiers, fingerprinting, or non-essential event tracking.

Retention: We retain aggregated Umami analytics data only for as long as needed for the purposes described above, and no longer than 24 months. After that, it is deleted or further aggregated.

Legal basis: The processing is based on our legitimate interest under Article 6(1)(f) GDPR to operate our website in a privacy-friendly way, check its technical functionality, and improve its content. Due to the cookieless, minimized, and self-hosted implementation, we consider that visitors' interests or fundamental rights and freedoms do not override this interest.

7. Data Sharing and Disclosure

Third-Party Service Providers: We may share your personal information with third-party service providers who assist us in providing our services. These providers are contractually obligated to protect your data.

Cloudflare: We use Cloudflare as a security service. Cloudflare processes certain technical data (such as IP addresses and browser types) as part of their services. Cloudflare is a privacy-compliant service provider based in the USA that has implemented appropriate data protection measures. For more information, please see Cloudflare's Privacy Policy: https://www.cloudflare.com/privacypolicy/

Legal Requirements: We may disclose your information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

8. Security

We take reasonable measures to protect your personal information from unauthorized access and disclosure. However, no data transmission or storage system can be guaranteed to be 100% secure.

9. Your Rights

You have the right to access, correct, delete, or limit the use of your personal information. You may also have the right to data portability and the right to object to certain processing activities. To exercise these rights, please contact us at privacy@immerstory.com

You have the right to complain about our data processing to us or to the competent data protection authority. Immerstory is supervised by the following data protection authority:

Die Landesbeauftragte für den Datenschutz Nordrhein-Westfalen
Kavalleriestraße 2-4, 40213 Düsseldorf
E-mail: poststelle@ldi.nrw.de
Internet: https://www.ldi.nrw.de/

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable laws.

11. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We recommend that you read this privacy notice again at regular intervals.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@immerstory.com

Last revised: 05/19/2026