Durch die Nutzung dieser Website stimmen Sie der Verwendung von Cookies zu, wie im Datenschutz beschrieben.
The controller for the processing of personal data within the meaning of this privacy policy is Tanbuh. The operator is responsible for the proper implementation of data protection requirements and the protection of users' personal data.
If you have any questions or concerns about data protection, you can reach out to the operator:
Tanbuh
Web Brauerei
represented by: Philipp Bartels
Wilhelmstraße 57, 71083 Herrenberg, Deutschland
We take the security of your data very seriously and use a range of measures to protect it from unauthorized access, loss, destruction or manipulation. While you visit our site we use SSL (Secure Socket Layer) together with state-of-the-art encryption technology.
In addition we apply suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized third-party access.
Although we make every reasonable effort to protect your data we cannot guarantee absolute security. Any data transmission happens at your own risk.
By registering on our website and signing up for our newsletter you agree that this privacy policy applies. By registering and signing up you consent to the collection, processing and use of your personal data in accordance with this privacy policy.
When you use our website Tanbuh data is automatically transmitted from your browser to our server and temporarily stored in a special log file. This data is collected without your active involvement and kept for a limited period of time. The following information is recorded:
- An anonymized identifier for the accessing device
- The date and time of the access
- The name and URL of the requested file
- The website you came from (referrer URL)
- The browser used and, where applicable, the operating system of your device and the name of your internet service provider
We use this information for the following purposes:
- Ensuring a smooth connection and a comfortable use of our website
- Analysing the security and stability of our system
- The legal basis for processing this data is Art. 6 (1) lit. f GDPR. Our legitimate interest in processing the data lies in the purposes mentioned above. We do not use the collected data to draw conclusions about you personally.
Using certain features (provider profile, writing reviews, saving favorites, forum posts) requires creating a user account. During registration we collect at least your email address and a password of your choosing. The password is stored exclusively in hashed form (bcrypt) in our database and cannot be read by us in plain text.
We use NextAuth.js with JSON Web Tokens (JWT) as the authentication mechanism. After a successful login a session cookie (e.g. next-auth.session-token) and a CSRF protection cookie (next-auth.csrf-token) are set on your device. These cookies are technically necessary so that you stay logged in and are protected from cross-site request forgery. They contain a signed token but no plain-text credentials.
The legal basis for processing your login data is Art. 6 (1) lit. b GDPR (performance of contract — providing the user account) and Art. 6 (1) lit. f GDPR for security protection (CSRF, brute-force detection). You can have your account deleted at any time by contacting us at [email protected]. With account deletion all directly linked data is removed; for exceptions see the "Retention" section.
Providers (tantra masseurs, studios, trainers) can create a public profile on Tanbuh. The data shown on the profile is fully publicly visible and indexed by search engines. This includes in particular: display name, username, title and self-description, profile and gallery images, gender, year of birth/age, languages, services offered, prices, working hours, location (city, address, mobile radius), contact channels (email, mobile number, website, social media links) and FAQ entries.
Publication of this data is actively performed by the provider. You can change or empty individual fields in the profile editor at any time, switch the profile to "offline" or request deletion of your account — see above. The legal basis for the publication of profile content is your consent (Art. 6 (1) lit. a GDPR) by actively maintaining and going online with the profile, as well as Art. 6 (1) lit. b GDPR for the provision of the platform.
Address inputs are sent to Geoapify to compute geo-coordinates (see the corresponding section). Images are stored at ImageKit and are publicly accessible via the URLs there.
Logged-in users can review provider profiles. A review consists of a star rating (1–5), an optional title and free text, and an optional display name (Anonymous if empty). Exactly one review per account and profile is allowed. Reviews are publicly visible on the respective profile after submission; the underlying account ID is not published.
Providers can publicly respond once per review; this response is also publicly visible. Insulting, false or unlawful reviews can be removed by us upon report (see forum reports). Legal basis is Art. 6 (1) lit. b GDPR and your consent on submission (Art. 6 (1) lit. a GDPR). You can delete your review yourself at any time.
The forum lets logged-in users open threads, reply to posts and add reactions (e.g. "helpful"). Posts contain the chosen display name of the author, the time of creation and the content. Posts are publicly visible and indexed by search engines as long as they meet a minimum length.
On account deletion threads and replies are kept in pseudonymized form ("deleted user") so that discussions stay coherent for other participants. Violating content can be reported to moderation via the report function; reports are stored together with the reporting account. Legal basis is Art. 6 (1) lit. b GDPR and our legitimate interest in a working community (Art. 6 (1) lit. f GDPR).
Logged-in users can mark provider profiles as favorites. We only store the connection between your account and the respective profile and the timestamp of the marking. Favorites are visible only to you. Legal basis is Art. 6 (1) lit. b GDPR. You can remove favorites yourself at any time.
When you use our contact form we process the data you enter — name, email address, subject and message — for the purpose of answering your request. The input is stored in our database and also delivered to our mailbox ([email protected]) by email.
Legal basis is Art. 6 (1) lit. b GDPR (pre-contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in handling your request). We store your request as long as needed to answer it and any follow-up communication; at the latest after the purpose has lapsed or upon your request the data is deleted.
For newsletter signup we collect the following data: your name (required), your email address (required) and — if you wish — your city (optional). Providing the city helps us tailor regional content and notes for you.
Signup uses the so-called double opt-in process: after submitting the signup form you receive a confirmation email with a link that you must click to confirm your signup. Only after clicking this link does the signup become effective and you receive newsletter emails. If confirmation is not done within 7 days the confirmation link expires.
Legal basis for processing is your consent under Art. 6 (1) lit. a GDPR. We store your data exclusively for the purpose of sending the newsletter until you unsubscribe.
We use our own servers and Google's Gmail email services to send our newsletter. The sending service may use the data without attribution to a user to optimise or improve its own services. The sending service does not use the data to share it with third parties. More information is available at Google in the DPA.
You have the right to withdraw your consent for newsletter delivery at any time. Each newsletter email contains an unsubscribe link with which you can unsubscribe in a single click. With unsubscription your data stored for the newsletter (name, email address and possibly city) will be deleted from our newsletter database immediately and completely. Your withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Alternatively you can send your unsubscription to [email protected] by email at any time.
Please note that certain information that you voluntarily enter on our website may be publicly accessible. This includes, for example, your username, comments, forum posts or other content you publish. This information can be viewed by other users of our website. Please note that, in particular, your email address will not be publicly accessible unless explicitly indicated otherwise. We recommend that you do not publish sensitive or personal information in publicly accessible areas of our website. You are responsible for the information you voluntarily share on our website.
- Your personal data is only disclosed to third parties in the following cases:
- You have explicitly given your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.
- Disclosure is necessary under Art. 6 (1) sentence 1 lit. f GDPR to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.
- There is a legal obligation under Art. 6 (1) sentence 1 lit. c GDPR to disclose.
- Disclosure is legally permissible and necessary under Art. 6 (1) sentence 1 lit. b GDPR for processing contractual relationships with you.
Please note that your personal data is only disclosed in accordance with applicable data protection rules and that the necessary measures to protect your privacy and your rights are always taken.
We use the Cloudflare service to improve the security and performance of our website. Cloudflare is a Content Delivery Network (CDN) that acts between our server and your browser to optimise traffic and detect and ward off attacks on the website.
Using Cloudflare transmits certain data, such as your IP address, to protect the website and optimise content delivery. Cloudflare may also use this data for statistical purposes to further improve the service. The processing of your data by Cloudflare takes place in compliance with applicable data protection laws.
Please note that Cloudflare may also set its own cookies to provide certain features and optimise performance. The use of cookies is subject to Cloudflare's cookie policies.
By using our website you agree to the use of Cloudflare and the processing of your data in accordance with this privacy policy. If you have concerns about the use of Cloudflare you should not continue to use our website.
We store files and images on ImageKit. This storage allows us to manage and deliver content efficiently. Please note that storing files and images on ImageKit makes them publicly accessible by default. This means that the content can in principle be retrieved and viewed by other users or the general public. We assume no responsibility or liability for the disclosure of such information through public access to the stored content.
We use cookies on our website. These are small files that are automatically created by your browser and stored on your device when you visit our website. Cookies store information that relates to the specific device used. This does not mean, however, that we directly learn your identity. Cookies are used to make using our website more comfortable for you. We use so-called session cookies to recognise that you have already visited certain pages of our website. These cookies are deleted automatically when you leave our site.
We also use temporary cookies to optimise usability. They are stored on your device for a defined period of time. When you visit our site again we automatically recognise that you were already with us and can take into account your inputs and settings so that you do not have to enter them again. We also use cookies to record the use of our website statistically and to optimise our offering for you. These cookies allow us to automatically recognise on a return visit that you were already with us. These cookies are deleted automatically after a certain time. The processing of data captured through cookies is necessary for the purposes mentioned to safeguard our legitimate interests and the legitimate interests of third parties under Art. 6 (1) sentence 1 lit. f GDPR.
We use necessary cookies to ensure the basic functionality and usability of our website. These cookies are essential for the proper operation of the website and are placed on your device automatically when you visit our website. Necessary cookies allow us, for example, to store your language preferences so that you can view the website in the preferred language. They cannot be deactivated because they are required for the proper functioning of the website. By using our website you agree to the use of these necessary cookies.
Please note that we have no control over cookies that are placed on our website by third parties such as advertising networks. These cookies are subject to the privacy policies and settings of these third parties. We recommend that you check the privacy policies of these third parties for more information about their use of cookies and their privacy practices. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that you receive a notification each time before a new cookie is created. Please note, however, that completely disabling cookies may mean that you cannot use all the features of our website. There are also cookie blockers that prevent the storage of cookies.
With the tracking measures used we want to ensure a user-friendly design of our website and continuously optimise it. We also use the tracking measures to record the use of our website statistically and analyse it to optimise our offering. These interests are legitimate within the meaning of the cited provision. The specific purposes of the data processing and data categories can be found in the corresponding tracking tools
For needs-based design and continuous optimisation of our website we use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). Google Analytics is loaded and activated only if you have explicitly accepted "All cookies" via our cookie banner. Without this consent no transmission to Google takes place. The legal basis is your consent under Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. You can withdraw your consent at any time by deleting the cookie tan-1.0.0 in your browser. While being used pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as:
browser type/version, operating system used, referrer URL (the previous page visited), hostname of the accessing computer (IP address), time of the server request,
is transmitted to a Google server and stored there. The information is used to evaluate use of the website, compile reports about website activities and provide further services associated with website and internet use for the purposes of market research and user-oriented design of these websites. This information may be transferred to third parties if required by law or if third parties process this data on our behalf. Your IP address is never combined with other data from Google. The IP addresses are anonymized so that no association is possible (IP masking). For more information on data protection in connection with Google Analytics see Google Analytics help (https://support.google.com/analytics/answer/6004245).
Fonts on this website are served locally from our own servers. We use the Next.js mechanism (next/font), which downloads the font files at build time and serves them with the website. As a result no external request to Google Fonts or other third parties takes place at runtime — your IP address is not transmitted to third parties.
To detect and fix technical errors we use Sentry, a service provided by Functional Software, Inc. (45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA). If an error occurs while you use our website technical information is sent automatically to Sentry: errors and stack traces, the requested URL, browser and operating system details and a shortened IP address.
We perform server-side scrubbing of sensitive data (passwords, email addresses, tokens) before error reports are forwarded to Sentry. Personal content such as messages or profile texts you have entered is not transmitted to Sentry.
Legal basis is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the stability and security of our services. Since Sentry is based in the USA, data may be transferred to a third country; the transfer is based on the EU standard contractual clauses. More information about Sentry's data processing is available at https://sentry.io/privacy/.
When providers store their location on our platform we transmit the entered address or city to Geoapify (Geoapify GmbH, Schiffbauergasse 14, 14467 Potsdam, Germany) to derive geographic coordinates (latitude and longitude). The coordinates are then stored in our database and enable features such as the "near you" search and structured data for search engines.
Only the address data needed for geocoding is transmitted — no further personal information. Legal basis is Art. 6 (1) lit. f GDPR; our legitimate interest lies in the correct geographic representation of providers. Geoapify's servers are located within the EU. More information at https://www.geoapify.com/privacy-policy.
We generally only store personal data for as long as is necessary for the respective processing purposes or as required by statutory retention obligations. Specifically the following periods apply:
Server log files: short-term for security and error analysis — usually overwritten automatically within a few days.
Account and profile: until you request or perform deletion of your account yourself. Account deletion also deletes linked data (reviews, favorites, profile content); forum posts remain pseudonymized.
Reviews and forum posts: until deleted by the author, by moderation (in case of violations) or until the account is deleted.
Newsletter subscription: until unsubscription. With unsubscription name, email and possibly city are completely removed from the newsletter database.
Contact requests: until the final processing of your request and any follow-up communication, then deletion — unless statutory retention obligations apply.
Tokens (password reset, activation, newsletter confirmation): until expiry or consumption of the token, then deletion.
Error reports (Sentry): according to the retention setting at Sentry (typically 30–90 days), then automatic deletion.
Geoapify requests: only transient for resolving the address into coordinates — no persistent storage of inputs at Geoapify by us; coordinates stored in our database are deleted with the corresponding profile/location.
Statutory retention obligations: We store accounting and commercial documents according to statutory periods (usually 6 or 10 years under § 257 HGB / § 147 AO); this data is blocked from further processing for the duration of the period.
Right to data portability (Article 20 GDPR): you have the right to receive personal data about you that you have provided to us in a structured, common and machine-readable format or to request its transmission to another controller. Right to erasure (Article 17 GDPR): you have the right to request the erasure of personal data stored by us, unless processing is necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. Right to rectification (Article 16 GDPR): you have the right to request the rectification of incorrect personal data stored by us or the completion of incomplete data.
Right to restriction of processing (Article 18 GDPR): you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have lodged an objection to processing pursuant to Article 21 GDPR. Right to lodge a complaint (Article 77 GDPR): you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our place of business. Right to withdraw consent (Article 7 (3) GDPR): you have the right to withdraw any consent granted to us at any time. As a result, we may no longer carry out the data processing based on this consent for the future. Right to information (Article 15 GDPR): you have the right to receive information about the personal data we process about you. This includes information about the purposes of processing, categories of data, recipients, planned retention period, the right to rectification, erasure, restriction or objection, the right to lodge a complaint, the origin of the data and the existence of automated decision-making including profiling.
We automatically create an anonymous session when you visit our website without creating a user account. To this end an anonymized user is created in our database whose data does not allow conclusions about your identity.
To ensure the functionality of our website we use technically necessary cookies that allow us to assign you an anonymous session and to store the settings you make during your visit. These cookies do not contain personal data and are deleted at the end of your session.
The processing of this data takes place exclusively to enable the use of the website, to ensure its security and to improve the quality of our services.
The legal basis for processing data via technically necessary cookies is Art. 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in ensuring the technical functionality and security of our website.
You can prevent the storage of cookies by configuring your browser software accordingly; we point out, however, that in this case you may not be able to use all the features of this website to their full extent.
If you wish to exercise your right to withdraw consent or to object you can simply send us an email to the following address: [email protected]. We will examine your request and process it in accordance with the applicable data protection rules. Please note that your withdrawal or objection does not affect the lawfulness of the data processing carried out before the withdrawal or objection.
The content of this offer is continuously changed and developed. For these reasons the operator reserves the right to adapt this privacy policy accordingly. The updated privacy policy applies on each visit.
Last updated: 2026-05-08
New tantra practitioners, workshops in your city and in-depth articles on touch, mindfulness and relationships. Curated, never pushy.