Privacy Policy

This is a translation of the German original. In the event of any discrepancy, the German version shall prevail.

1. Controller

The controller responsible for data processing on this website and in the aincare app is:

Clemens Krainer
aincare
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach, Germany

Email: datenschutz@aincare.de
Phone: +49 7144 1608450

A Data Protection Officer is not legally required due to the size of the business. For questions about data protection, please contact the email address above.

2. Collection and Processing of Personal Data

2.1 Website Usage

When visiting our website, technical data is automatically collected that your browser transmits to our server. This includes:

• IP address (anonymized)
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL

This data is used exclusively to ensure technical operation and is automatically deleted after 7 days. No merging with other data sources takes place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website).

2.2 Use of the aincare App and Browser Service

When you use aincare as an app or in the browser, we process the following data:

• Login data (email address or phone number, if you register — optional)
• Preferences you enter (name, postal code, font size, language setting, mobility level, hearing impairment, color blindness mode, assistant name)
• Conversation history with the AI assistant (text and transcriptions of voice conversations)
• Technical usage data (device information, screen class, app version)

Without registration, all data is stored exclusively on your device (SharedPreferences). Registration is optional and enables synchronization of your data via the cloud (Firestore). Legal basis: Art. 6(1)(b) GDPR (contract performance) for service provision and Art. 6(1)(a) GDPR (consent) for optional registration.

2.3 Voice Function

aincare offers a voice function for communication with the AI assistant. The following data is processed:

Gemini Live API (primary): Your voice input is transmitted as a real-time audio stream to Google Vertex AI (region europe-west1, Belgium). Google creates a transcription and an AI response from this. Audio data is not permanently stored — it is discarded after processing. The text transcription is stored as part of your conversation history.

On-device fallback: When the live connection is unavailable, speech recognition and text-to-speech are performed locally on your device. In this case, no audio data leaves your device.

2.4 Guardian Area

aincare plans a separate area for caregivers (e.g., family members) where appointments, medications, and subscriptions can be managed. Caregivers will expressly not have access to the conversation history of the person in their care. This strict separation ensures the privacy of users. We will provide separate information about the availability of this feature.

3. Legal Basis

Your data is processed on the following legal bases:

• Art. 6(1)(a) GDPR — Consent (optional registration, in-app consent)
• Art. 6(1)(b) GDPR — Performance of contract (service provision, AI communication)
• Art. 6(1)(f) GDPR — Legitimate interest (security, technical operation, analytics for service improvement)

Where we have obtained your consent for the processing of personal data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the withdrawal is not affected. You can declare the withdrawal by email to datenschutz@aincare.de or by deleting your account via the settings in the app.

4. Data Processing by Third Parties

We use the following service providers as data processors. A data processing agreement (DPA) exists with each processor in accordance with Art. 28 GDPR. All processing takes place within the EU/EEA.

4.1 Google Cloud / Vertex AI (AI Processing)

aincare's AI features are provided via Google Vertex AI. Your text messages and, where applicable, audio data are transmitted to Google Cloud for processing.

Text processing: Region europe-west3 (Frankfurt, Germany)
Voice processing: Region europe-west1 (Belgium)

Google processes data exclusively on our behalf in accordance with the Google Cloud Data Processing Addendum (DPA). Google does not use your inputs for its own training purposes or to improve its own models. Legal basis: Art. 6(1)(b) GDPR.

4.2 Firebase Authentication (Login)

For optional user authentication, we use Firebase Authentication (Google). The following data is processed: email address or phone number, Firebase user ID, IP address, and user agent. Processing takes place within the EU. Legal basis: Art. 6(1)(b) GDPR.

4.3 Cloud Firestore (Data Storage)

Registered users have the option to store their data in Cloud Firestore (Google). Stored data includes: user preferences, conversation histories, and account metadata. All data is stored encrypted (encryption at rest and in transit). Processing takes place within the EU. Legal basis: Art. 6(1)(b) GDPR.

4.4 Firebase Analytics (Usage Analysis)

We use Firebase Analytics (Google) to analyze app usage. The following data is automatically collected:

App usage events (app opens, screen views, session duration, session starts)
Device information (device model, operating system, screen class)
Approximate location (country/region, based on IP address — no GPS tracking)
App version and crash data

Firebase Analytics does not use cookies but device-based identifiers. Data is aggregated and not linked to your aincare account. No tracking across different apps or websites takes place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving and troubleshooting the service).

4.5 Google Search (Search Function)

aincare uses Google Search as a tool within AI communication to provide current and factually accurate information (e.g., addresses, opening hours, weather). Relevant search terms from your conversation are transmitted to Google. This processing takes place via the Vertex AI infrastructure and is subject to the Google Cloud DPA. Legal basis: Art. 6(1)(b) GDPR.

4.6 Google Fonts (Typefaces)

This website uses the "Lexend" typeface from Google Fonts. When loading the website, a connection is established to Google servers (fonts.googleapis.com, fonts.gstatic.com), whereby your IP address is transmitted to Google. Google processes this data in accordance with the Google Privacy Policy. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the consistent presentation of the website).

5. Data Storage and Deletion

Your data is stored and deleted as follows:

• Web server log data: 7 days, then automatically deleted
• Local app data (SharedPreferences): until you uninstall the app or manually delete the data
• Firestore data (preferences, conversations): until account deletion by you
• Firebase Auth data: until account deletion by you
• Firebase Analytics data: 14 months (Google default), then automatically deleted
• Vertex AI processing data: no permanent storage — processing in real-time only

You can delete your account and all associated data at any time via the settings in the app. After deletion, all personal data in our systems is completely removed within 30 days. Backup systems may contain encrypted copies for up to 180 days after deletion, before these are also permanently deleted.

6. Your Rights

Under the GDPR, you have the following rights:

• Information — You can request information about your stored personal data (Art. 15 GDPR).
• Rectification — You can request the correction of inaccurate data (Art. 16 GDPR).
• Erasure — You can request the deletion of your data (Art. 17 GDPR).
• Restriction — You can request the restriction of processing (Art. 18 GDPR).
• Data portability — You can receive your data in a structured, machine-readable format (Art. 20 GDPR).
• Objection — You can object to the processing of your data, in particular against processing based on legitimate interests (Art. 21 GDPR).
• Withdrawal of consent — You can withdraw consent given at any time with effect for the future (Art. 7(3) GDPR). The lawfulness of the processing carried out until the withdrawal remains unaffected.

To exercise your rights, please contact datenschutz@aincare.de. We will process your request within 30 days.

7. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place. The AI responses from aincare are informal in nature and do not constitute legally binding or otherwise automatically made decisions with legal effect. They serve exclusively as everyday assistance and do not replace professional advice.

8. Cookies and Tracking

This website does not use cookies for advertising purposes and does not track users across websites. We only store your language preference in your browser's local storage (localStorage) to provide the service in your preferred language. This local storage is technically necessary and does not require consent under § 25 TDDDG.

In the app, usage data is collected via Firebase Analytics (see Section 4.4). This collection takes place without cookies and is based on device-based identifiers.

9. AI Transparency

aincare is an AI-powered service. You are communicating with an artificial intelligence system (Google Gemini), not with a human being. In accordance with the EU Artificial Intelligence Act (AI Act, Regulation (EU) 2024/1689, Art. 50), we expressly point out that all responses are machine-generated. AI responses may contain errors and do not constitute professional medical, legal, or financial advice.

10. Contact and Right to Complain

For questions about data protection, contact: datenschutz@aincare.de

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI)
Lautenschlagerstraße 20
70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de