Privacy Policy

This is a translation of the German original. In the event of any discrepancy, the German version shall prevail.

1. Controller

The controller responsible for data processing on this website and in the aincare app is:

Clemens Krainer
aincare
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach, Germany

Email: datenschutz@aincare.de
Phone: +49 7144 1608450

A Data Protection Officer is not legally required due to the size of the business. For questions about data protection, please contact the email address above.

2. Collection and Processing of Personal Data

2.1 Website Usage

When visiting our website, technical data is automatically collected that your browser transmits to our server. This includes:

• IP address (anonymized)
• Date and time of access
• Browser type and version
• Operating system
• Referrer URL

This data is used exclusively to ensure technical operation and is automatically deleted after 7 days. No merging with other data sources takes place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website).

2.2 Use of the aincare App and Browser Service

When you use aincare as an app or in the browser, we process the following data:

• Login data (email address or phone number, if you register — optional)
• Preferences you enter (name, postal code, font size, language setting, mobility level, hearing impairment, color blindness mode, assistant name)
• Conversation history with the AI assistant (text and transcriptions of voice conversations)
• Technical usage data (device information, screen class, app version)
• Documents, images, PDFs, message contents, or links you upload, as well as analysis results and read-aloud transcripts created from them, when you use document or Schutzschild features

Without registration, all data is stored exclusively on your device (SharedPreferences). Registration is optional and enables synchronization of your data via the cloud (Firestore). Legal basis: Art. 6(1)(b) GDPR (contract performance) for service provision and Art. 6(1)(a) GDPR (consent) for optional registration.

2.3 Voice Function

aincare offers a voice function for communication with the AI assistant. The following data is processed:

Gemini Live API (primary): Your voice input is transmitted as a real-time audio stream to Google Vertex AI (region europe-west1, Belgium). Google creates a transcription and an AI response from this. Audio data is not permanently stored — it is discarded after processing. The text transcription is stored as part of your conversation history.

On-device fallback: When the live connection is unavailable, speech recognition and text-to-speech are performed locally on your device. In this case, no audio data leaves your device.

2.4 Guardian Area

aincare plans a separate area for caregivers (e.g., family members) where appointments, medications, and subscriptions can be managed. Caregivers will expressly not have access to the conversation history of the person in their care. This strict separation ensures the privacy of users. We will provide separate information about the availability of this feature.

2.5 Document Checks and Schutzschild

When you use a document or Schutzschild feature, you may upload or enter content such as letters, invoices, reminders, messages, screenshots, photos, PDFs, links, or QR codes. This content is transmitted to Google Vertex AI so that aincare can analyze it and create an understandable summary, risk assessment, recommended action, and read-aloud transcript. If you expressly involve a caregiver, that caregiver can only see the specific check you shared and the related original files. Conversation histories remain separate and are not shared with caregivers.

3. Legal Basis

Your data is processed on the following legal bases:

• Art. 6(1)(a) GDPR — Consent (optional registration, in-app consent)
• Art. 6(1)(b) GDPR — Performance of contract (service provision, AI communication)
• Art. 6(1)(f) GDPR — Legitimate interest (security, technical operation, analytics for service improvement)

Where we have obtained your consent for the processing of personal data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the withdrawal is not affected. You can declare the withdrawal by email to datenschutz@aincare.de or by deleting your account via the settings in the app.

4. Data Processing by Third Parties

We use the following service providers as data processors. A data processing agreement (DPA) exists with each processor in accordance with Art. 28 GDPR. All processing takes place within the EU/EEA.

4.1 Google Cloud / Vertex AI (AI Processing)

aincare's AI features are provided via Google Vertex AI. Your text messages and, where applicable, audio data are transmitted to Google Cloud for processing. If you use document or Schutzschild features, the documents, images, PDFs, message contents, links, or QR codes you upload may also be transmitted to Google Cloud so they can be analyzed.

Text processing: Region europe-west3 (Frankfurt, Germany)
Voice processing: Region europe-west1 (Belgium)

Google processes data exclusively on our behalf in accordance with the Google Cloud Data Processing Addendum (DPA). Google does not use your inputs for its own training purposes or to improve its own models. Legal basis: Art. 6(1)(b) GDPR.

4.2 Firebase Authentication and Identity Providers (Login)

For optional user authentication, we use Firebase Authentication (Google). You can choose between four sign-in methods: phone number, email address, Google account ("Continue with Google"), or — on iOS devices — Apple ID ("Continue with Apple"). In all cases, Firebase Authentication processes: your identifier (email address, phone number, or provider user ID), your Firebase user ID, IP address, and user agent. Processing takes place within the EU. Legal basis: Art. 6(1)(b) GDPR.

When you sign in via Google or Apple, the respective provider is informed that a sign-in to aincare has occurred (a sign-in event) and receives the basic data required for authentication: for Google, the Google account identifier you selected and the profile data you have released (name, email address); for Apple, your Apple ID and — at your choice — either your real email address or an Apple-generated relay address that hides your real address. aincare itself only receives the information required to create an account (stable user identifier, email address, and display name where applicable). Beyond your use of aincare's login, we do not pass any data to Google or Apple. Legal basis: Art. 6(1)(b) GDPR.

4.3 Cloud Firestore and Cloud Storage (Data Storage)

Registered users have the option to store their data in Cloud Firestore and Cloud Storage (Google). Stored data may include: user preferences, conversation histories, account metadata, Schutzschild checks, analysis results, read-aloud transcripts, and original files uploaded by you. All data is transmitted and stored encrypted (encryption at rest and in transit). Original files that are kept for later review by you or a caregiver you have approved are additionally stored with application-level encryption. Processing takes place within the EU. Legal basis: Art. 6(1)(b) GDPR.

4.4 Firebase Analytics (Usage Analysis)

We use Firebase Analytics (Google) to analyze app usage. The following data is automatically collected:

App usage events (app opens, screen views, session duration, session starts)
Device information (device model, operating system, screen class)
Approximate location (country/region, based on IP address — no GPS tracking)
App version and crash data

Firebase Analytics does not use cookies but device-based identifiers. Data is aggregated and not linked to your aincare account. No tracking across different apps or websites takes place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in improving and troubleshooting the service).

4.5 Google Search (Search Function)

aincare uses Google Search as a tool within AI communication to provide current and factually accurate information (e.g., addresses, opening hours, weather). Relevant search terms from your conversation are transmitted to Google. This processing takes place via the Vertex AI infrastructure and is subject to the Google Cloud DPA. Legal basis: Art. 6(1)(b) GDPR.

4.6 Plausible Analytics (Audience Measurement)

To statistically analyze the use of this website, we use Plausible Analytics, a privacy-friendly web analytics tool that we self-host on our own infrastructure in Germany. Measurement data is transmitted to the host analytics.nicodaimus.com. No data is shared with third parties.

Plausible does not use cookies and does not permanently store IP addresses. Only aggregated, anonymized metrics are collected:

Page views (URL, page title, referrer source)
Browser and device type, operating system, approximate screen size
Approximate country of origin (derived from the IP address — the IP itself is not stored)
Interaction events such as clicks on key buttons, form steps, and language switches

No individual visitors are recognized and no cross-site tracking takes place. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly analysis of website usage). Because no cookies or comparable technologies within the meaning of § 25 TDDDG are used, no consent is required.

You can object to this measurement at any time by enabling "Do Not Track" in your browser or by blocking the host analytics.nicodaimus.com via a browser extension. For more information, see plausible.io/data-policy.

5. Data Storage and Deletion

Your data is stored and deleted as follows:

• Web server log data: 7 days, then automatically deleted
• Local app data (SharedPreferences): until you uninstall the app or manually delete the data
• Firestore data (preferences, conversations): until account deletion by you
• Firebase Auth data: until account deletion by you
• Firebase Analytics data: 14 months (Google default), then automatically deleted
• Vertex AI processing data: no permanent storage — processing in real-time only
• Plausible Analytics data: aggregated, anonymous page views and events are stored indefinitely on our analytics server; no personal data is generated in the process
• Schutzschild analysis results and read-aloud transcripts: until you delete them or delete your account
• Uploaded original files: for shared guardian review as long as the check is open or required; without guardian review, automatic deletion after 30 days

You can delete your account and all associated data at any time via the settings in the app. After deletion, all personal data in our systems is completely removed within 30 days. Backup systems may contain encrypted copies for up to 180 days after deletion, before these are also permanently deleted.

6. Your Rights

Under the GDPR, you have the following rights:

• Information — You can request information about your stored personal data (Art. 15 GDPR).
• Rectification — You can request the correction of inaccurate data (Art. 16 GDPR).
• Erasure — You can request the deletion of your data (Art. 17 GDPR).
• Restriction — You can request the restriction of processing (Art. 18 GDPR).
• Data portability — You can receive your data in a structured, machine-readable format (Art. 20 GDPR).
• Objection — You can object to the processing of your data, in particular against processing based on legitimate interests (Art. 21 GDPR).
• Withdrawal of consent — You can withdraw consent given at any time with effect for the future (Art. 7(3) GDPR). The lawfulness of the processing carried out until the withdrawal remains unaffected.

To exercise your rights, please contact datenschutz@aincare.de. We will process your request within 30 days.

7. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR takes place. The AI responses from aincare are informal in nature and do not constitute legally binding or otherwise automatically made decisions with legal effect. They serve exclusively as everyday assistance and do not replace professional advice.

8. Cookies and Tracking

This website does not use cookies for advertising purposes and does not track users across websites. We only store your language preference in your browser's local storage (localStorage) to provide the service in your preferred language. This local storage is technically necessary and does not require consent under § 25 TDDDG.

For audience measurement on this website, we use self-hosted, cookie-free Plausible Analytics (see Section 4.7). In the app, usage data is collected via Firebase Analytics (see Section 4.4). Both collections take place without cookies and without personal identifiers.

9. AI Transparency

aincare is an AI-powered service. You are communicating with an artificial intelligence system (Google Gemini), not with a human being. In accordance with the EU Artificial Intelligence Act (AI Act, Regulation (EU) 2024/1689, Art. 50), we expressly point out that all responses are machine-generated. AI responses may contain errors and do not constitute professional medical, legal, or financial advice.

10. Contact and Right to Complain

For questions about data protection, contact: datenschutz@aincare.de

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI)
Lautenschlagerstraße 20
70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de