Privacy Policy — Mobile App
Applies in addition to the general Privacy Policy for the SilverFriend mobile app (iOS and Android). Always reachable from the in-app "Privacy" screen. The German App-Datenschutzerklärung is the binding original.
As of: 13 April 2026
App version: 1.0 (launch)
1. Controller and DPO
As in the main Privacy Policy §§1–2.
2. What the app does — and does not
The SilverFriend app is the caregiver app. It manages the account, shows the call schedule, receives safety alerts, manages consent, and exercises data-subject rights.
The app does not call the senior. Calls are placed by our phone-companion server. The app is the caregiver's control surface.
3. Data collected during onboarding (steps 1–5)
| Step | Data | Required | Purpose | Legal basis |
|---|---|---|---|---|
| 1 | First and last name, email, phone (+49 / +44), postal code | yes | Contract (Art. 6(1)(b) GDPR) | Art. 6(1)(b) |
| 2 | Senior's living situation (4 options) | yes | Call personalisation | Art. 6(1)(b) |
| 3 | Senior's topic preferences (12 categories ranked) | yes | Call personalisation | Art. 6(1)(b) |
| 4 | "Must-Read" acknowledgement click | yes | Consent + understanding evidence | Art. 6(1)(a) + Art. 7(1) |
| 5 | Payment data | yes | Contract execution | Art. 6(1)(b) |
Step 4 is the primary consent capture for the caregiver. We record date, time, the version of the texts shown, and the click as evidence.
4. Permissions (transparent and complete)
The app requests only the following device permissions at runtime:
| Permission | Platform | What for |
|---|---|---|
| Push notifications | iOS + Android | Safety / account-relevant alerts |
Not requested (and not declared in iOS Info.plist or Android manifest): microphone, camera, location, contacts, photos, calendar, Bluetooth, advertising ID, activity tracking.
5. In-app data flows
| Flow | Recipient | Region |
|---|---|---|
| Login (email + password) | AWS Cognito | eu-central-1 (Frankfurt, DE) |
| Refresh / access token storage on device | iOS Keychain / Android Keystore (flutter_secure_storage) | local only |
| Account and call data | AWS Aurora | eu-central-1 |
| Push token | Firebase Cloud Messaging (Google Ireland Ltd.) | global |
| Subscription management (if shipped) | RevenueCat Inc. | US |
6. Push notifications
We never send content or names in the push payload. A notification carries only:
- Type code (e.g.
safety_alert,callback_request), - Timestamp,
- Generic lock-screen text: "You have a new message from SilverFriend".
The app fetches actual content via the authenticated API after open.
Consent: storing the FCM token on your device requires consent under §25(1) TTDSG. We capture it on the first push-permission prompt and record it versioned in consent_records. You can withdraw it any time from the in-app "Consent" screen.
7. Analytics, tracking, advertising IDs
No analytics SDK in the app. No Crashlytics, no Firebase Analytics, no advertising ID (IDFA / GAID are not read).
Reach analytics happen only on the website via self-hosted Matomo — see main Privacy Policy §5.1.
8. Apple and Google requirements
For the app stores we maintain:
- Apple Privacy Nutrition Label (PRIVACY_NUTRITION_LABEL) — fully declared.
- Apple Privacy Manifest (
PrivacyInfo.xcprivacy, iOS 17+) — Tracking =false, collected data types match onboarding, only compliantNSPrivacyAccessedAPIreasons. - Google Play Data Safety form (PLAY_DATA_SAFETY_FORM) — fully completed; alignment with this policy verified before each release.
9. Delete account — directly in the app
You can delete your account in the app: More → Account → Delete account. Deletion covers:
- Cognito user record,
- Aurora database entries (cascade delete),
- Stored FCM tokens,
- RevenueCat subscription state (if applicable).
Tax-relevant invoice data (§147 AO) is retained for 10 years and then automatically deleted.
10. Manage consent — "Consent" screen
Under More → Privacy → Consent you find every consent given, with date, version, and status. Tap to withdraw any single consent.
11. Children and adolescents
The app is intended only for persons aged 18 or over. We do not accept accounts from minors. You confirm you are of full legal age before opening the account.
12. Your rights
As in the main Privacy Policy §10. Preferred channels from the app:
- "Privacy" screen → submit request → we respond within 30 days.
- Email datenschutz@silverfriend.de.
13. Changes to this app policy
Material changes are announced before they take effect via in-app banner and email, with at least 14 days' notice. The current version is always available from the in-app "Privacy" screen.
14. Change history
| Date | App version | Material changes |
|---|---|---|
| 2026-04-13 | 1.0 | Initial publication |
As of 13 April 2026 · Controller: Management of Silverfriend GmbH · DPO: appointment in progress
Silverfriend GmbH · Döringstraße 6, 10245 Berlin · HRB 277280 B · USt-IdNr. DE457343045 · Legal Notice · Privacy · Terms