Política de Privacidad
Este documento legal está disponible actualmente en alemán e inglés. La traducción profesional al español está en preparación.
Privacy Policy
Applies to silverfriend.de and related online offerings of Silverfriend GmbH. The mobile app is also covered by sections 5.5 and 5.6 of this policy. The German Datenschutzerklärung is the legally binding original; this English version is a courtesy translation.
Last updated: 17 April 2026
Version: 1.1
🌐 Diese Richtlinie auf Deutsch lesen
1. Controller (Art. 4(7) GDPR)
Silverfriend GmbH
Döringstraße 6, 10245 Berlin, Germany
Email: datenschutz@silverfriend.de
Phone: +49 15678 616839
Managing Director: Feras Alsamawi — see Legal Notice.
2. Data Protection Officer
Until an external Data Protection Officer has been formally appointed by name, please reach us on any data-protection matter directly at:
Email: datenschutz@silverfriend.de
Postal: c/o Silverfriend GmbH, Döringstraße 6, 10245 Berlin, Germany
3. Scope and definitions
This policy explains:
- who we are and how to reach us,
- what personal data we process,
- why we process it and on what legal basis,
- who receives it,
- how long we store it,
- what rights you have and how to exercise them.
"Personal data" means any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
4. Two data-subject roles
Our service involves two distinct categories of people with different roles:
- Subscriber / family caregiver — the person who signs up and uses the app.
- Senior / called person — the person our phone companion calls.
Each has its own rights and its own consent path. The senior's consent for voice processing is captured directly on the call, not through the caregiver's app.
5. What we process and why
5.1 When you visit the website
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| IP address, browser user-agent, request timestamp | Site delivery, security logging | Art. 6(1)(f) GDPR (legitimate interest: operations and security) | 14 days in access logs, then deleted or pseudonymised |
| Pseudonymous session data (privacy-focused analytics, with consent) | Reach analytics | Art. 6(1)(a) GDPR + §25(1) TTDSG | 13 months (anonymised) |
| Contact-form contents | Reply to enquiry | Art. 6(1)(b) GDPR (pre-contractual) | until resolved + 6 months |
| Newsletter sign-up | Sending requested content | Art. 6(1)(a) GDPR + §7(2)(3) UWG | until withdrawal |
Cookies and similar device-storage technologies: see Cookie Policy.
Google Tag Manager and Google Analytics 4 (Consent Mode v2). The tags GTM-NMC7NN5Q and G-JHE4G5MDW7 load on every page, but their consent state defaults to denied (ad_storage, ad_user_data, ad_personalization, analytics_storage). Until you opt in, only anonymous, aggregated signals without cookie or user identifiers ("cookieless pings") are sent to Google. Only after you actively consent in the cookie banner ("Statistics" or "Marketing") do we update the respective consent state to granted — at which point Google may set cookies and process identifiable events. Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.
5.2 When you create a subscriber account
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name, email, phone, postal code, living situation, interests | Contract performance; service personalisation | Art. 6(1)(b) GDPR | Subscription duration + 30 days |
| Authentication data (password hash, session tokens) | Account login | Art. 6(1)(b) GDPR | per auth lifecycle (refresh: 30d; access: 1h) |
| Payment data | Contract execution and bookkeeping | Art. 6(1)(b) and (c) GDPR (§147 AO) | 10 years (tax law) |
| Consent records | Accountability | Art. 6(1)(c) GDPR (Art. 7(1) GDPR) | 3 years after withdrawal or end of relationship |
5.3 Phone companion (for the called senior)
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Memory notes | Personalisation across calls | as above | 730-day sliding window with relevance pruning |
| Life chronicle (anniversaries, events) | Long-term continuity | as above | Subscription duration + 30 days |
| Call metadata (timestamp, duration, status) | Service delivery, accountability | Art. 6(1)(b) and (f) GDPR | 12 months |
| Safety events (see §6) | Emergency alert to caregiver | Art. 6(1)(d) + Art. 9(2)(c) GDPR (vital interests) | 3 years |
5.4 Push notifications (app)
| Category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Push token (device identifier) | Notification delivery | Art. 6(1)(a) GDPR + §25(1) TTDSG | until withdrawal, app uninstall, or 90-day inactivity |
| Notification type (no content in payload) | as above | as above | as above |
5.5 Mobile app — specific disclosures
The SilverFriend app does not collect any personal data beyond the categories described in sections 5.1–5.4. In particular:
- No cross-app tracking: The app does not use tracking frameworks (e.g. Apple ATT/IDFA, Google Advertising ID). No data is shared with advertising networks or third-party analytics providers.
- No advertising: The app contains no advertisements and does not share data with third parties for advertising purposes.
- Account deletion: You can permanently delete your account and all associated data at any time in the app under Settings → Delete Account. Deletion is completed within 30 days.
- Subscription management: Payments are processed through Apple StoreKit (iOS) or Google Play Billing (Android) and managed by RevenueCat. SilverFriend does not store credit card or bank details.
5.6 Privacy nutrition labels (Apple App Store / Google Play)
| Data type | Collected? | Linked to identity? | Used for tracking? |
|---|---|---|---|
| Name | Yes | Yes | No |
| Email address | Yes | Yes | No |
| Phone number | Yes | Yes | No |
| Device ID (FCM token) | Yes | No | No |
| Purchase history (via RevenueCat) | Yes | Yes | No |
| Usage data (app opens) | Minimal | No | No |
All data is encrypted in transit (HTTPS/TLS 1.2+). A deletion mechanism is available in the app (see above).
6. Express clarifications about the voice service
Two important points we want to make explicit:
1. SilverFriend does not analyse the senior's mood or mental state. No such assessments are produced or shared with the caregiver.
2. Exception — emergency: on concrete signs of acute danger (e.g. suicidal ideation or imminent harm), we ask the caregiver to check on the senior in person — without disclosing the content of the call. Legal basis: Art. 6(1)(d) GDPR (vital interests) read with Art. 9(2)(c) GDPR.
The speech model runs on EU-hosted infrastructure. Under the applicable processing terms, inputs are not used to train the base model.
7. Recipients and processors
A complete, current list is published at silverfriend.de/datenschutz/subprocessors.
Key recipients:
| Recipient | Role | Legal instrument | Location |
|---|---|---|---|
| Amazon Web Services EMEA SARL (AWS) | Processor (hosting, database, authentication, voice model). All data is stored exclusively in the Frankfurt region (eu-central-1). Services: Amazon Cognito, Amazon Aurora PostgreSQL, AWS Lambda, Amazon S3. | Art. 28 GDPR + EU SCCs (Module 2) | EU (Frankfurt); US parent |
| Twilio Inc. | Processor (phone connection for the phone companion service) | as above | EU; US parent |
| Google LLC (Firebase Cloud Messaging) | Processor (push notifications in the app). Only anonymised device tokens are transmitted. | as above | EU; US parent |
| RevenueCat Inc. | Processor (subscription management via Apple StoreKit and Google Play Billing). Processes purchase receipts and subscription status. | as above | US (DPF-certified) |
| HubSpot Inc. | Processor (website, CRM, marketing — caregiver data only) | as above | EU (EU1); US parent |
| Tax adviser | Processor (bookkeeping) | Art. 28 GDPR | Germany |
The named list of current subprocessors (company name, address, role) is maintained and published at silverfriend.de/en/datenschutz/subprocessors.
8. Transfers to third countries
Processing is in the EU by default (data centre in Frankfurt am Main, region eu-central-1). Exceptions — control-plane access by certain US providers — are covered by EU Standard Contractual Clauses (Module 2) plus supplementary measures (encryption with customer-managed keys, TLS 1.2+, data residency, logging).
The Transfer Impact Assessment is available from the DPO. We monitor the validity of the EU-US Data Privacy Framework for the listed US providers, all of which are DPF-certified.
9. Retention — overview
For each data category we have set a specific retention period (see tables above). Our full deletion strategy follows DIN 66398 and is documented internally — see DATA_RETENTION_SCHEDULE.
10. Your rights
As subscriber or as senior you have the right to:
- Access the data we process about you (Art. 15 GDPR),
- Rectification of inaccurate data (Art. 16),
- Erasure ("right to be forgotten", Art. 17),
- Restriction of processing (Art. 18),
- Data portability (Art. 20),
- Object to processing based on legitimate interest (Art. 21),
- Withdraw consent at any time, with effect for the future (Art. 7(3)),
- Lodge a complaint with a supervisory authority (Art. 77).
Please contact: datenschutz@silverfriend.de.
We respond within 30 days. Where identity verification is required we will request a suitable proof (e.g. confirmation from the registered email account). Seniors may submit requests via the caregiver or during a call ("nicht mehr anrufen" / "do not call again" stops further calls immediately).
Supervisory authority: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin — https://www.datenschutz-berlin.de.
11. Automated decision-making
There is no automated decision-making within the meaning of Art. 22 GDPR. Specifically:
- We do not create credit, personality, or health profiles.
- The only model-supported decision is the detection of acute-danger signals (see §6); this triggers a human-oriented request for the caregiver to check in person — no automatic consequence.
12. Security (Art. 32 GDPR)
Among the technical and organisational measures we apply:
- Encryption of stored data with customer-managed keys,
- TLS 1.2+ for all transit,
- Role-segregated database access,
- Credential management via a dedicated secrets-management system,
- Web Application Firewall,
- Logging of security-relevant events,
- Quarterly security reviews and annual external audits.
13. Changes to this policy
We update this policy on material processing changes. Active subscribers are informed at least 14 days before the change takes effect by email or in-app banner. A change history appears at the end of this page (once changes occur).
14. Children and minors
SilverFriend is not directed at children under 16. Subscribers are adult family caregivers; end users of the phone companion are elderly adults. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that data promptly. Please contact us at datenschutz@silverfriend.de if you suspect such a case.
15. Change history
| Date | Version | Material changes |
|---|---|---|
| 2026-04-13 | 1.0 | Initial publication (pre-launch) |
| 2026-04-17 | 1.1 | Named processors explicitly (AWS, Twilio, FCM, RevenueCat, HubSpot); specified Frankfurt data centre; added app-specific privacy disclosures and privacy nutrition labels (Apple/Google); added children and minors section; added contact phone number; added language switcher |
Last updated: 17 April 2026 · Controller: Management of Silverfriend GmbH · DPO: appointment in progress