SYLO
Back to Home

Privacy Policy for the Seelenfreund Website and App

Last updated: 20.05.2026English
Language

Privacy Policy for the Seelenfreund Website and App

This Privacy Policy applies to the data processing by Seelenfreund GmbH (“Controller”, “we”, or “us”) when using the Seelenfreund App (“App”) and when visiting our website “https://www.sylodigital.com/” (“Website”).

Seelenfreund offers users support for self-help, reflection, and meditation with the help of Artificial Intelligence, also in the form of paid access (“Subscription”).

The use of our App and the visit to our Website involve certain processing of your personal data. Personal data is all information relating to an identified or identifiable natural person, e.g., name, address, email address. We process data that you provide to us independently as well as data that we collect from you when you use the App and visit our Website.

When processing your personal data, we comply with applicable data protection laws, in particular the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

With this Privacy Policy, we would like to inform you which personal data we process for which purposes and on which legal basis.

1. Name and Contact Details of the Data Controller

The party responsible for the processing of your data is:

Seelenfreund GmbH,
represented by Max Reck and Noah Schömann
Address: Kolonnenstraße 8, 10827 Berlin, Germany
Phone: +49 160 93816462
Email: support@sylodigital.com

1.2 Data Protection Officer

You can reach our Data Protection Officer as follows:

Simon Pentzien, Rechtsanwalt (Attorney-at-Law)
Gerlich Bönig Partnerschaft von Rechtsanwälten mbB
Kronprinzenstr. 97, 40217 Düsseldorf, Germany
Phone: +49 (0)211 822 669 14
Fax: +49 (0)211 822 669 19
Email: dsb@sylodigital.com (or simon@gerlichboenig.de)

You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection or to exercise your rights.

2. Collection and Storage of Personal Data as well as the Type and Purpose of their Processing, Relevant Legal Basis, and Storage Period

2.1 Downloading the App

When downloading apps from the Apple App Store, the following personal data is transferred to Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland (“Apple”): username, email address and customer number of the Apple account, time of download, payment information, transaction data, and the individual device identifier. Apple is responsible for this data collection and we have no influence over it. Further information can be found in Apple's respective privacy notices.

When downloading apps from the Google Play Store, the personal data required for this is transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”): username, email address and customer number of the Google account, time of download, payment information, and the individual device identifier. Google is responsible for this data collection and we have no influence over it. Further information can be found in Google's respective privacy notices.

2.2 Use of our App and Website

When you visit our Website, we automatically collect and store data that your browser transmits to our server (so-called server log files), with logging only being carried out to the technically necessary extent.

The following information is recorded:

  • Operating system and information about the internet browser used, including installed add-ons;
  • IP address (Internet Protocol address) of the device from which the online service is accessed;
  • Internet address of the website from which the online service was accessed (so-called origin or referrer URL);
  • Name of the service provider through which the online service is accessed;
  • Name of the files or information retrieved;
  • Date, time, and duration of the retrieval.

The legal basis for collecting this data is Art. 6(1)(1)(f) GDPR. Our legitimate interest in collecting this data arises from the following purposes:

  • Ensuring optimal use of our Website,
  • Ensuring a smooth connection setup,
  • Evaluating system security and stability.

When using our App, we also collect technically necessary data via server log files, which are automatically transmitted to our server, including: date and time of access, IP address, hostname of the accessing device, features visited in the App, amount of data transferred, operating system, access status, device ID, time zone, crash information, and browser type and version. The purpose of processing is the technical operation of the App, ensuring a smooth connection setup, problem analysis in the network, and the evaluation of system security and stability. The legal basis is Art. 6(1)(1)(f) GDPR. The App is provided via the hosting service provider Amazon Web Services EMEA SARL mentioned in Section 3.1.

We use a content delivery network (CDN) provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (Amazon CloudFront). A CDN is a service that helps deliver the content of our online offering, especially large media files such as audio files for meditations, faster using regionally distributed servers connected via the internet. The legal basis is Art. 6(1)(1)(f) GDPR (legitimate interest in the secure and efficient provision of our online offering).

Third-country transfer: A transfer to the USA cannot be ruled out. AWS is certified under the EU-U.S. Data Privacy Framework (DPF) (adequacy decision of the EU Commission of 10 July 2023). In addition, EU standard contractual clauses are concluded.

AWS Privacy Policy: https://aws.amazon.com/privacy/

DPA / SCCs: https://aws.amazon.com/service-terms/

2.3 Creation of a Seelenfreund Account

2.3.1 Sign-In with Apple or Google

You have the option to register in our App via the Sign-In function of Apple or Google. When signing in with your Apple or Google account, your email address will be sent to us in accordance with your selection. Apple or Google will receive the information that you are a user of our App.

The legal basis for integrating Apple and Google Sign-In into our App is Art. 6(1)(1)(f) GDPR. With the sign-in function, we pursue the legitimate interest of offering you a quick and easy registration option. The sign-in function is therefore in both our and your interest.

As part of the sign-in, we will retrieve some information from your chosen provider. This information typically includes your name, your email address, and a unique user identifier (Apple or Google ID). When using Apple Sign-In, you have the option to anonymize your email address via Apple's “Hide My Email” function; in this case, we only receive a forwarding address generated by Apple. We process the transmitted data exclusively to enable you to register and access our App.

Please note that data protection and data processing in connection with the use of Sign-In are additionally subject to the privacy provisions of your chosen provider. Further information on data protection at Apple can be found in the Apple privacy policy; further information on data protection at Google can be found in Google's privacy notices.

2.3.2 Registration by Email Address

In addition, you can register directly in our App by entering your email address, a username, and a password.

We process your email address and your username in order to fulfill the user agreement concluded with you regarding the use of our App. The legal basis for this data processing is Art. 6(1)(1)(b) GDPR.

2.3.3 Password Reset

If you have forgotten your password, you have the option to reset your password and create a new one. To create a new password, you will receive a system email at the email address you provided during registration. The data processed here is your email address, your IP address, and the time of the request. The legal basis for this processing is Art. 6(1)(1)(b) GDPR; the function and data processing are necessary to fulfill the user agreement with you.

2.3.4 Storage Period

We delete the data collected and stored in connection with the creation of your Seelenfreund Account at the latest when you delete your Seelenfreund Account. However, early deletion of your personal data is not possible if and to the extent that your data is still required for the processing of a subscription via our App.

Regardless of this, we store your data processed in connection with the conclusion of a subscription until the expiry of the statutory or possible contractual warranty rights. After expiry of this period, we retain the information required by commercial and tax law concerning the contractual relationship for the legally prescribed periods. During this period (regularly ten years from the conclusion of the contract), the data will only be processed again in the event of a review by the tax authorities.

2.4 Use of the App

We also process, if you voluntarily share this data in the App, a range of personal data regarding your well-being and to personalize your meditations. This personal data may also include health data within the meaning of Art. 9 GDPR.

We process this data exclusively with your explicit consent pursuant to Art. 9(2)(a) GDPR. You can revoke this consent at any time with effect for the future by simply emailing support@sylodigital.com. Please note that if you revoke your consent, the full functionality of the App may not be guaranteed.

2.4.1 App Permissions

To provide some functions of our App, the App must be able to access certain services and data on your mobile device. Permissions are granted on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR. Permissions can be managed via the operating system of your mobile device, i.e. activated and deactivated.

The following permissions can generally be activated or deactivated on the device side in our App: Microphone (for voice and audio inputs during meditations and AI functions), Notifications / push notifications (for reminders about meditations and information about the App), and Device storage (for local storage of content for offline use). We need these permissions to provide the respective functions. If permissions are not granted or are subsequently withdrawn, the corresponding functions cannot be used or cannot be used to the full extent.

2.4.2 Push Notifications

For our App, there is the option of activating push notifications, e.g. to remind you of scheduled meditations or to inform you about news in the App. The following information is processed for this purpose in particular: communication content, your IP address, date and time of the request, content of the request, access status, amount of data transferred, operating system, as well as language and version of the software. The legal basis is Art. 6(1)(1)(a) GDPR; you consent to receiving push notifications during the initial opt-in and can revoke this consent at any time via the system settings of your device or the App settings.

2.4.3 Notes on the iOS Operating System

In the iOS operating system, you have various options to largely restrict advertising and tracking, which generally take place via the so-called “Advertising Identifier” (IDFA). If you access the “Privacy” option in the iOS settings, you can largely deactivate advertising evaluation under “Tracking”. If you deactivate the “Allow Apps to Request to Track” function, apps may not track you across app boundaries.

2.5 Data Processing for Personal Contact by Email

If you give us your explicit consent, we will send you information about our Seelenfreund offers by email. For this purpose, we collect and process your name and your email address. When registering for our newsletter, we use the so-called double opt-in procedure. This means that after registering with your email address, we will send an email to the email address you provided, asking you to confirm that you actually wish to receive the newsletter.

The legal basis for sending our newsletter is Art. 6(1)(1)(a) GDPR.

As part of the newsletter dispatch, we process the following personal data from you in particular: email address, first and last name, possibly organization and preferred language, as well as metadata (e.g. device information, IP address, date and time of registration).

For sending our newsletter, we use the external provider Mailchimp, operated by Intuit Inc., 2700 Coast Avenue, Mountain View, California 94043, USA (represented in the EU by: Intuit Limited, 1 Cathedral Piazza, 123 Victoria Street, London SW1E 5BP, United Kingdom). This service provider receives your email address and the other necessary data in order to send the newsletter on our behalf. We have concluded a data processing agreement with the service provider pursuant to Art. 28 GDPR.

Third-country transfer: The processing of your data also takes place in the USA. Intuit Inc. (Mailchimp) is certified under the EU-U.S. Data Privacy Framework (DPF) (adequacy decision of the EU Commission of 10 July 2023, ref. C(2023) 4745). In addition, EU standard contractual clauses pursuant to Art. 46(2)(c) GDPR are concluded with the provider to ensure an adequate level of data protection.

Mailchimp Privacy Policy: https://www.intuit.com/privacy/statement/

DPF certification available at: https://www.dataprivacyframework.gov/s/participant-search

2.8 Optimization of the Apps and Website

2.8.1 Cookies

On our Website, we use cookies that are temporarily stored in the working memory (“session cookie”) or permanently on your hard drive (“permanent cookie”). Cookies are small text files that are automatically created by the browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our Website. These files allow us to design the Website more efficiently. Most of the cookies we use are session cookies, which are only stored in the working memory and not on your hard drive, and whose validity expires when you close your internet browser and are therefore automatically deleted. Session cookies allow us to recognize that you have already visited individual pages of our Website or that you have already logged into your account. Other cookies remain on the device you are using so that you can be recognized on your next visit.

Most browsers automatically accept cookies. However, you can set your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is set. However, we would like to point out that in this case you may not be able to use all functions of this Website to their full extent.

The activation of cookies is necessary for the smooth functioning of the Website. We therefore have a legitimate interest in their use. The legal basis for the associated data processing is therefore Art. 6(1)(1)(f) GDPR.

If we use other cookies (e.g. cookies for analyzing your surfing behavior), we will inform you separately about this in this privacy policy.

From a legal perspective, a distinction must be made between necessary and non-necessary cookies.

We use necessary cookies insofar as they are technically required to make all functions of our Website available. The storage of these cookies and access to them is based on Section 25(2) TDDDG. The legal basis for the subsequent processing of personal data is Art. 6(1)(1)(f) GDPR.

Non-necessary cookies (e.g. analysis and marketing cookies) are not technically necessary. We only use these if you have previously expressly consented to the setting and reading of such cookies. The legal basis for storing or reading the cookies on your device is Section 25(1) TDDDG; the legal basis for the subsequent processing of personal data is Art. 6(1)(1)(a) GDPR. You can revoke your consent at any time with effect for the future.

2.8.2 Cookie Banner

When you visit our Website for the first time, a “cookie banner” will be displayed. There you will be informed about the individual cookies we use and can decide whether you consent to the setting of non-necessary cookies. The cookie banner is provided via the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (service: “Cookiebot”). We have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR.

Third-country transfer: Cybot A/S is based in Denmark (EU/EEA). A transfer of personal data to a third country outside the EU/EEA does not generally take place in the context of the use of the cookie banner; an adequacy decision or standard contractual clauses are therefore not required.

Privacy Policy of the provider: https://www.cookiebot.com/en/privacy-policy/

3. Other Recipients of Personal Data

To process your personal data, we sometimes use the services of other external service providers (IT providers). These service providers process your personal data only for the purposes specified in this privacy policy, on our behalf, and according to our instructions.

3.1 Amazon Web Services

We process the data we store on servers of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg, L-1855, Luxembourg (“AWS”). We store both data that you enter yourself on our Website and in our App on AWS servers (registration data such as email address) and data that we automatically collect from you when you visit our Website and use our App (such as your IP address and your location). We have concluded a data processing agreement with AWS pursuant to Art. 28 GDPR. Your personal data is stored exclusively on servers in Frankfurt and therefore not transferred to data recipients outside the European Union. Further information on data protection at AWS can be found at https://aws.amazon.com/compliance/germany-data-protection/.

3.2 Anthropic

We process content that you enter in our App as part of the use of the AI system “Claude” by Anthropic, PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA (“Anthropic”). In particular, text inputs are transmitted to Claude and processed there to generate an AI-supported response. In addition, technical usage data (e.g. IP address, timestamp, device and log data) may be processed to provide and secure the service. We have concluded a data processing agreement with Anthropic pursuant to Art. 28 GDPR. The personal data is transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are appropriately certified are permitted. Anthropic, PBC is certified under the EU-U.S. Data Privacy Framework.

Further information on data protection at Anthropic can be found at https://www.anthropic.com/privacy and https://privacy.claude.com/.

3.3 OpenAI

We process content that you enter or provide on our Website and in our App as part of the use of AI and language services from OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland. In particular, (i) text inputs are processed to generate AI-supported responses, and (ii) text inputs are processed to generate audio outputs from them (text-to-speech). In addition, technical usage data (e.g. IP address, timestamp, and device and log data) may be processed for the provision, security, and billing of the service. We have concluded a data processing agreement with OpenAI pursuant to Art. 28 GDPR. Our contractual partner OpenAI Ireland Ltd. is based in the European Union, so there is no third-country transfer in this respect. As part of service delivery, however, personal data may be transferred to the US-based group company OpenAI, L.L.C. as a sub-processor. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. OpenAI, L.L.C. is certified under the EU-U.S. Data Privacy Framework.

Further information on data protection at OpenAI can be found at https://openai.com/policies/privacy-policy/ and https://openai.com/policies/data-processing-addendum/.

3.4 ElevenLabs

We process content that you enter or provide on our Website and in our App as part of the use of services from Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, USA (“ElevenLabs”). In particular, text inputs are processed to generate audio content from them (text-to-speech), e.g. spoken outputs or audio content for meditations. Depending on usage, audio inputs may also be processed if they are required to create, adjust, or optimize the audio output. In addition, technical usage data (e.g. IP address, timestamp, device and log data) may be processed to provide and secure the service. We have concluded a data processing agreement with ElevenLabs pursuant to Art. 28 GDPR. The personal data is transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are appropriately certified are permitted. Eleven Labs Inc. is certified under the EU-U.S. Data Privacy Framework. Insofar as you yourself provide voice or audio recordings of an identifiable person in the App, this may constitute biometric data within the meaning of Art. 9(1) GDPR. Such processing only takes place on the basis of your explicit consent pursuant to Art. 9(2)(a) GDPR.

Further information on data protection at ElevenLabs can be found at https://elevenlabs.io/privacy-policy and https://elevenlabs.io/dpa.

4. Transfer of Data to Third Countries

Apart from the cases mentioned in Section 3, we do not transfer your personal data to recipients in countries outside the European Union or the European Economic Area where a level of data protection comparable to that in the European Union cannot be readily assumed.

5. Data Security

We use appropriate technical and organizational security measures to protect stored personal data against manipulation, partial or complete loss, and unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. In particular, we ensure that sensitive personal data is stored exclusively on servers hosted in the EU that are certified according to DIN ISO/IEC 27001 (as amended).

6. When Do We Delete Your Data?

We delete your data when it is no longer needed for the purposes for which it was originally collected or when you request this. Regardless of this, we store your data processed as part of the use of the Website until the expiry of the statutory periods.

7. Your Rights

In relation to our processing of your personal data, the following rights are available to you free of charge:

7.1 Right to Information pursuant to Art. 15 GDPR

You have the right to obtain information from us about whether and what data we process about you. This includes, among other things, information about how long and for what purpose we process the data, what source it comes from, and to which recipients or categories of recipients we pass it on. In addition, you can obtain a copy of this data from us.

7.2 Right to Rectification pursuant to Art. 16 GDPR

You have the right to have inaccurate or no longer accurate information about you corrected by us without delay. In addition, you can request the completion of your incomplete personal data. If required by law, we will also inform third parties about this correction, provided that we have passed your personal data on to them.

7.3 Right to Erasure pursuant to Art. 17 GDPR

You have the right to request the immediate erasure of your personal data from us if one of the following cases applies:

  • Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved;
  • You revoke your consent and there is no other legal basis for the processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing; in the case of the use of personal data for direct advertising, an objection on your part to the processing alone is sufficient;
  • Your personal data has been processed unlawfully;
  • The erasure of your personal data is necessary to fulfill a legal obligation under the law of the European Union or the law of a Member State to which we are subject.

Your right to erasure may be restricted on the basis of statutory provisions. These include in particular the restrictions listed in Art. 17 GDPR and Section 35 BDSG.

7.4 Right to Restriction of Processing pursuant to Art. 18 GDPR

You have the right to request a restriction of the processing of your personal data from us if one of the following reasons applies:

  • You contest the accuracy of your personal data, for a period that enables us to verify the accuracy of the personal data;
  • The processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of your personal data;
  • We no longer need your personal data for the purposes of the processing, but you need it for the establishment, exercise, or defense of legal claims, or
  • You have objected to the processing, as long as it has not yet been established whether our legitimate grounds outweigh yours.

If you have obtained a restriction of processing under the above list, we will inform you before the restriction is lifted.

7.5 Right to Data Portability pursuant to Art. 20 GDPR

You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to others. The exercise of this right does not affect your right to erasure.

7.6 Right to Object pursuant to Art. 21 GDPR

According to Art. 21 GDPR, you have the right in particular to object at any time, on grounds relating to your particular situation, to the processing of your data if we base this processing on legitimate interests pursuant to Art. 6(1)(1)(f) GDPR. If you object, we will no longer process your personal data, except in two cases:

  • We can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or
  • The processing serves the establishment, exercise, or defense of legal claims.

In particular, if we process your personal data for direct advertising, you have the right to object at any time to the processing of your data for the purposes of such advertising. If you object to the processing of your data for direct advertising purposes, we will no longer use your personal data for this purpose.

7.7 Right to Revoke Consent pursuant to Art. 7 GDPR

You can revoke the consent you have given us at any time with effect for the future. This revocation can take the form of an informal notification to the contact addresses listed above. If you revoke your consent, this does not affect the lawfulness of the data processing carried out up to that point.

7.8 Right to Lodge a Complaint with the Supervisory Authority

If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities. The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Address: Alt-Moabit 59-61, 10555 Berlin, Germany

Phone: +49 30 13889-0

Email: mailbox@datenschutz-berlin.de

In addition, you can complain to the data protection supervisory authority responsible for you at your place of residence.

7.9 Automated Decision-Making in Individual Cases, Including Profiling, pursuant to Art. 22 GDPR

We do not process your data for automated decision-making in individual cases, including profiling within the meaning of Art. 22 GDPR.

Status: 20.05.2026