Privacy Policy
Applies to silverfriend.de and related online offerings of Silverfriend GmbH. The mobile app is also covered by the App-specific Privacy Policy. Phone calls (companion service) are also covered by the Pre-call notice. The German Datenschutzerklärung is the legally binding original; this English version is a courtesy translation.
As of: 13 April 2026
Version: 1.0
1. Controller (Art. 4(7) GDPR)
Silverfriend GmbH
Döringstraße 6, 10245 Berlin, Germany
Email: datenschutz@silverfriend.de
Phone: to be announced
Managing Director: Feras Alsamawi — see Legal Notice.
2. Data Protection Officer
Until an external Data Protection Officer has been formally appointed by name, please reach us on any data-protection matter directly at:
Email: datenschutz@silverfriend.de
Postal: c/o Silverfriend GmbH, Döringstraße 6, 10245 Berlin, Germany
3. Scope and definitions
This policy explains:
- who we are and how to reach us,
- what personal data we process,
- why we process it and on what legal basis,
- who receives it,
- how long we store it,
- what rights you have and how to exercise them.
"Personal data" means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
4. Two data-subject roles
Our service involves two distinct categories of people with different roles:
- Subscriber / family caregiver — the person who signs up and uses the app.
- Senior / called person — the person our phone companion calls.
Each has its own rights and its own consent path. The senior's consent for voice processing is captured directly on the call, not through the caregiver's app — see Pre-call notice.
5. What we process and why
5.1 When you visit the website
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| IP address, browser user-agent, request timestamp | Site delivery, security logging | Art. 6(1)(f) GDPR (legitimate interest: operations and security) | 14 days in access logs, then deleted or pseudonymised |
| Pseudonymous session data (Matomo, with consent) | Reach analytics | Art. 6(1)(a) GDPR + §25(1) TTDSG | 13 months (anonymised) |
| Contact-form contents | Reply to enquiry | Art. 6(1)(b) GDPR (pre-contractual) | until resolved + 6 months |
| Newsletter sign-up | Sending requested content | Art. 6(1)(a) GDPR + §7(2)(3) UWG | until withdrawal |
Cookies and similar device-storage technologies: see Cookie Policy.
5.2 When you create a subscriber account
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name, email, phone, postal code, living situation, interests | Contract performance; service personalisation | Art. 6(1)(b) GDPR | Subscription duration + 30 days |
| Authentication data (password hash, session tokens) | Account login | Art. 6(1)(b) GDPR | per auth lifecycle (refresh: 30d; access: 1h) |
| Payment data | Contract execution and bookkeeping | Art. 6(1)(b) and (c) GDPR (§147 AO) | 10 years (tax law) |
| Consent records | Accountability | Art. 6(1)(c) GDPR (Art. 7(1) GDPR) | 3 years after withdrawal or end of relationship |
5.3 Phone companion (for the called senior)
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Voice recording during call | Real-time processing by speech model (Amazon Nova Sonic 2 in eu-central-1) | Art. 6(1)(a) GDPR + Art. 9(2)(a) GDPR (for incidental health-related content) | 7 days (audio); then deleted |
| Call transcript | Conversational continuity for follow-up calls | as above | 180 days |
| Memory notes | Personalisation across calls | as above | 730-day sliding window with relevance pruning |
| Life chronicle (anniversaries, events) | Long-term continuity | as above | Subscription duration + 30 days |
| Call metadata (timestamp, duration, status) | Service delivery, accountability | Art. 6(1)(b) and (f) GDPR | 12 months |
| Safety events (see §6) | Emergency alert to caregiver | Art. 6(1)(d) + Art. 9(2)(c) GDPR (vital interests) | 3 years |
5.4 Push notifications (app)
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| FCM token (device identifier) | Notification delivery | Art. 6(1)(a) GDPR + §25(1) TTDSG | until withdrawal, app uninstall, or 90-day inactivity |
| Notification type (no content in payload) | as above | as above | as above |
6. Express clarifications about the voice service
Two important points we want to make explicit:
1. SilverFriend does not analyse the senior's mood or mental state. No such assessments are produced or shared with the caregiver.
2. Exception — emergency: on concrete signs of acute danger (e.g. suicidal ideation or imminent harm), we ask the caregiver to check on the senior in person — without disclosing the content of the call. Legal basis: Art. 6(1)(d) GDPR (vital interests) read with Art. 9(2)(c) GDPR.
Speech model in use: Amazon Nova Sonic 2 via AWS Bedrock in EU region eu-central-1. Inputs are not used to train the base model under AWS terms.
7. Recipients and processors
A complete, current list is published at silverfriend.de/datenschutz/subprocessors.
Key recipients:
| Recipient | Role | Legal instrument | Location |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Processor (hosting, database, voice model) | Art. 28 GDPR + EU SCCs (Module 2) | Luxembourg / EU; AWS Inc. (US) sub-processor |
| Twilio Ireland Ltd. | Processor (telephony) | as above | Ireland; Twilio Inc. (US) sub-processor |
| Google Ireland Ltd. (FCM) | Processor (push) | as above | Ireland; Google LLC (US) parent |
| HubSpot Ireland Ltd. | Processor (website, CRM, marketing — caregiver data only) | as above | Ireland (EU1 data centre); HubSpot Inc. (US) parent |
| RevenueCat Inc. (if shipped) | Processor (subscription management) | Art. 28 GDPR + SCCs | US |
| Tax adviser | Processor (bookkeeping) | Art. 28 GDPR | Germany |
8. Transfers to third countries
Processing is in the EU by default (eu-central-1 Frankfurt, eu-north-1 Stockholm). Exceptions — control-plane access by certain US providers — are covered by EU Standard Contractual Clauses (Module 2) plus supplementary measures (encryption with customer-managed KMS keys, TLS 1.2+, data residency, logging).
The Transfer Impact Assessment is available from the DPO. We monitor the validity of the EU-US Data Privacy Framework for the listed US providers, all of which are DPF-certified.
9. Retention — overview
For each data category we have set a specific retention period (see tables above). Our full deletion strategy follows DIN 66398 and is documented internally — see DATA_RETENTION_SCHEDULE.
10. Your rights
As subscriber or as senior you have the right to:
- Access the data we process about you (Art. 15 GDPR),
- Rectification of inaccurate data (Art. 16),
- Erasure ("right to be forgotten", Art. 17),
- Restriction of processing (Art. 18),
- Data portability (Art. 20),
- Object to processing based on legitimate interest (Art. 21),
- Withdraw consent at any time, with effect for the future (Art. 7(3)),
- Lodge a complaint with a supervisory authority (Art. 77).
Please contact: datenschutz@silverfriend.de.
We respond within 30 days. Where identity verification is required we will request a suitable proof (e.g. confirmation from the registered email account). Seniors may submit requests via the caregiver or during a call ("nicht mehr anrufen" / "do not call again" stops further calls immediately).
Supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin — https://www.datenschutz-berlin.de.
11. Automated decision-making
There is no automated decision-making within the meaning of Art. 22 GDPR. Specifically:
- We do not create credit, personality, or health profiles.
- The only model-supported decision is the detection of acute-danger signals (see §6); this triggers a human-oriented request for the caregiver to check in person — no automatic consequence.
12. Security (Art. 32 GDPR)
Among the technical and organisational measures we apply:
- Encryption of stored data with customer-managed KMS keys (AWS KMS),
- TLS 1.2+ for all transit,
- Role-based database access (Aurora role segregation),
- Credential management exclusively via AWS Secrets Manager,
- Web Application Firewall (AWS WAFv2),
- Logging of security-relevant events (CloudWatch),
- Quarterly security reviews and annual external audits.
13. Changes to this policy
We update this policy on material processing changes. Active subscribers are informed at least 14 days before the change takes effect by email or in-app banner. A change history appears at the end of this page (once changes occur).
14. Change history
| Date | Version | Material changes |
|---|---|---|
| 2026-04-13 | 1.0 | Initial publication (pre-launch) |
As of 13 April 2026 · Controller: Management of Silverfriend GmbH · DPO: appointment in progress
Silverfriend GmbH · Döringstraße 6, 10245 Berlin · HRB 277280 B · USt-IdNr. DE457343045 · Legal Notice · Privacy · Terms