Use code WELCOME75 to get 75% off! Limited offer for the first 1000 people!
That's Who I Am

Privacy Policy

Last updated: February 2026

1. Controller

The controller responsible for data processing on this website is:

Anna Sosnowski
c/o IP-Management #17839
Ludwig-Erhard-Str. 18
20459 Hamburg, Germany
Email: info@thatswhoiam.com
Phone: +49 178 6632783

2. Overview of data processing

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected. This privacy policy explains what data we collect, what we use it for, and how we process it.

3. Data collection on this website

3.1 Server log files

The hosting provider automatically collects and stores information in server log files, which your browser automatically transmits. These are: browser type and version, operating system, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website.

3.2 Contact form

If you send us inquiries via the contact form, your data from the form (name, email address, subject, message) will be stored for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract, or Art. 6(1)(f) GDPR if the inquiry is based on our legitimate interests.

3.3 Order form and report generation

When you place an order for a personality report, we collect the following data: first name, email address, gender, birth date, and optionally birth place, current residence, eye color, handedness, favorite/least favorite color, favorite/least favorite animal, and details of additional persons (for couple or family packages). This data is necessary to generate your personalized report and is processed based on Art. 6(1)(b) GDPR (performance of a contract).

Automatic deletion: All personal data submitted through the order form is automatically deleted from our systems within a short period after your report has been delivered. We do not retain your personal profile data beyond what is necessary for order fulfillment and legal retention obligations.

4. Third-party services

4.1 Stripe (payment processing)

We use Stripe, Inc. (510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. When you make a purchase, your payment data (credit card number, expiration date, CVC) is transmitted directly to Stripe and never stored on our servers. Stripe processes your data in accordance with their privacy policy: stripe.com/privacy. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Stripe is certified under the EU-US Data Privacy Framework.

4.2 OpenAI (report generation)

We use OpenAI, LLC (3180 18th Street, San Francisco, CA 94110, USA) to generate your personality report. The data transmitted to OpenAI includes your first name, gender, and calculated profile codes derived from your birth date. OpenAI processes this data solely for the purpose of generating your report and does not use it for training purposes (API data usage policy). The legal basis is Art. 6(1)(b) GDPR (performance of a contract). For more information, see: openai.com/policies/privacy-policy.

4.3 Web Fonts

This website uses web fonts that are hosted locally on our own server. No connection to external font providers (such as Google) is established when you visit our website. Your IP address is not transmitted to third parties for the purpose of loading fonts.

4.4 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited. Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. We use Google Analytics with IP anonymization enabled. This means your IP address is shortened by Google within member states of the EU or other parties to the Agreement on the European Economic Area before transmission.

The use of Google Analytics is based on your consent according to Art. 6(1)(a) GDPR. You may revoke your consent at any time by adjusting your cookie settings. For more information about how Google handles user data, see: Google Analytics data protection.

4.5 Email delivery

We send transactional emails (order confirmations, report delivery) via our own mail server hosted by ALL-INKL.COM (Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany). Your email address is used exclusively for delivering your ordered report and communicating about your order. The legal basis is Art. 6(1)(b) GDPR.

5. Cookies

This website uses cookies. Cookies are small text files stored on your device by your browser. Some cookies are technically necessary for the website to function (e.g., session cookies, language preference). These are based on Art. 6(1)(f) GDPR. Analytics cookies (Google Analytics) are only set with your explicit consent according to Art. 6(1)(a) GDPR.

6. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR) - You can request information about whether and what personal data we process about you.
  • Right to rectification (Art. 16 GDPR) - You can request the correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR) - You can request the deletion of your data, provided there are no legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) - You can request the restriction of processing of your data.
  • Right to data portability (Art. 20 GDPR) - You can request to receive your data in a structured, commonly used format.
  • Right to object (Art. 21 GDPR) - You can object to the processing of your data based on legitimate interests at any time.
  • Right to withdraw consent (Art. 7(3) GDPR) - You can withdraw any consent you have given at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint - You have the right to lodge a complaint with a supervisory authority (e.g., the Hamburg Commissioner for Data Protection and Freedom of Information).

To exercise any of these rights, please contact us at: info@thatswhoiam.com

7. Data security

This website uses TLS/SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us. You can recognize an encrypted connection by the "https://" prefix in your browser's address bar and the lock icon.

8. Data retention

Personal data from orders is automatically deleted shortly after report delivery, except where longer retention is required by law (e.g., tax records under § 147 AO: 10 years for invoices, § 257 HGB: 6 years for business correspondence). Data from the contact form is deleted after your inquiry has been conclusively processed, unless further retention is required.

9. Changes to this policy

We reserve the right to update this privacy policy to reflect changes in our practices or applicable law. The current version is always available on this page.