Privacy Policy for the Seelenfreund Website and App

This Privacy Policy applies to the data processing by Seelenfreund GmbH (“Controller”, “we”, or “us”) when using the Seelenfreund App (“App”) and when visiting our website “https://www.sylodigital.com/” (“Website”).

Seelenfreund offers users support for self-help, reflection, and meditation with the help of Artificial Intelligence, also in the form of paid access (“Subscription”).

The use of our App and the visit to our Website involve certain processing of your personal data. Personal data is all information relating to an identified or identifiable natural person, e.g., name, address, email address. We process data that you provide to us independently as well as data that we collect from you when you use the App and visit our Website.

When processing your personal data, we comply with applicable data protection laws, in particular the European General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”).

With this Privacy Policy, we would like to inform you which personal data we process for which purposes and on which legal basis.

1. Name and Contact Details of the Data Controller

The party responsible for the processing of your data is:

Seelenfreund GmbH;

Address: Kolonnenstraße 8, 10827 Berlin;

Email: support@sylodigital.com

2. Collection and Storage of Personal Data as well as the Type and Purpose of their Processing, Relevant Legal Basis, and Storage Period

2.1 Downloading the App

When downloading our App, the information required for the download is transmitted to the App Store accessed by you, in particular the username, email address, and customer number of your account, the time of the download, payment information, and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the App to your mobile device.

2.2 Use of our App and Website

When you visit our Website, we automatically collect and store data that your browser transmits to our server (so-called server log files), whereby logging only takes place to the technically necessary extent.

The following information is recorded:

• Operating system and information on the internet browser used, including installed add-ons;
• IP address (Internet Protocol address) of the end device from which the online offer is accessed;
• Internet address of the website from which the online offer was called up (so-called origin or referrer URL);
• Name of the service provider through which access to the online offer is made;
• Name of the files or information retrieved;
• Date, time, and duration of the retrieval.

The legal basis for the collection of this data is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest in collecting this data follows from the following purposes:

• Ensuring optimal use of our Website,
• Ensuring a smooth connection setup,
• Evaluation of system security and stability.

2.3 Creation of a Seelenfreund Account

2.3.1 Sign-In with Apple or Google

You have the possibility to register in our App via the Sign-In function of Apple or Google. When signing in with Apple or Google, your email address will be sent to us according to your selection. In this case, Apple or Google receives information that you are a user of our App.

The legal basis for the integration of the Apple and Google Sign-In in our App is Art. 6 para. 1 sentence 1 lit. f) GDPR. We pursue the legitimate interest of offering you a fast and easy registration option. The Sign-In function is therefore in both our and your interest.

2.3.2 Registration with Email Address

Furthermore, you can register directly in our App by entering your email address, a username, and a password.

We process your email address and your username to fulfill the User Agreement concluded with you regarding the use of our App. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

2.3.3 Storage Period

We delete the data collected and stored in connection with the creation of your Seelenfreund Account at the latest when you delete your Seelenfreund Account. However, premature deletion of your personal data is not possible if and to the extent that your data is still required for the processing of a subscription via our App.

Irrespective of this, we store your data processed upon conclusion of a subscription until the expiry of legal or possible contractual warranty rights. After this period, we keep the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (usually ten years from the conclusion of the contract), the data will be processed again solely in the event of an audit by the financial authorities.

2.4 Use of the App

Furthermore, if you voluntarily share this data in the App, we process a series of personal data regarding your well-being and for the personalization of your meditations. This personal data may also contain health data within the meaning of Art. 9 GDPR.

We process this data exclusively with your express consent in accordance with Art. 9 para. 2 lit. a) GDPR. You can revoke this consent at any time with effect for the future by simple email to support@sylodigital.com. Please note that in the event of a revocation, the full functionality of the App cannot be guaranteed.

2.5 Data Processing for Personal Contact via Email

If you give us your express consent, we will send you information about our Seelenfreund offers by email. For this purpose, we collect and process your name and your email address. When registering for our newsletter, we use the so-called Double Opt-In procedure. This means that after registration with your email address, we will send an email to the specified address in which we ask you to confirm that you actually wish to receive the newsletter.

The legal basis for sending our newsletter is Art. 6 para. 1 sentence 1 lit. a) GDPR.

2.6 Optimization of the Apps and Website

2.6.1 Cookies

On our Website, we use cookies that are stored temporarily in the working memory ("session cookie") or permanently on your hard drive ("permanent cookie"). Cookies are small text files that are automatically created by the browser and stored on your end device (laptop, tablet, smartphone, etc.) when you visit our Website. These files allow us to make the Website more efficient. Most of the cookies we use are session cookies, which are only stored in the working memory and not on your hard drive, and which expire and are therefore automatically deleted when you close your internet browser. Session cookies give us the opportunity to recognize that you have already visited individual pages of our Website or that you have already logged into your account. Other cookies remain on the end device you use so that you are recognized on your next visit.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is set. We point out, however, that in this case you may not be able to use all the functions of this Website to their full extent.

The activation of cookies is necessary for the smooth functioning of the Website. We therefore have a legitimate interest in their use. The legal basis for the associated data processing is therefore Art. 6 para. 1 sentence 1 lit. f) GDPR.

Should we use further cookies (e.g., cookies for analyzing your surfing behavior), we will inform you separately in this Privacy Policy.

3. Other Recipients of Personal Data

For the processing of your personal data, we partly use the services of other external service providers (IT providers). These service providers process your personal data only for the purposes specified in this Privacy Policy, on our behalf, and according to our instructions.

3.1 Amazon Web Services

We process the data we store on servers of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, Luxembourg, L-1855, Luxembourg (“AWS”). We store both data that you enter yourself on our Website and in our App on AWS servers (registration data such as email address) as well as data that we collect automatically from you when you visit our Website and use our App (such as your IP address and your location). We have concluded an order processing contract with AWS in accordance with Art. 28 GDPR. Your personal data is stored exclusively on servers in Frankfurt and is therefore not transmitted to data recipients outside the European Union. Further information on data protection at AWS can be found at https://aws.amazon.com/de/compliance/germany-data-protection/.

3.2 Anthropic

We process content that you enter in our App within the framework of using the AI system “Claude” from Anthropic, PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, USA (“Anthropic”). In particular, text inputs are transmitted to Claude and processed there to generate an AI-supported answer. Furthermore, technical usage data (e.g., IP address, timestamp, device, and log data) can be processed for the provision and security of the service. We have concluded an order processing contract with Anthropic in accordance with Art. 28 GDPR. A transmission of personal data to third countries, in particular the USA, cannot be excluded. To the extent that such a transfer takes place, it occurs on the basis of suitable guarantees, in particular the EU standard contractual clauses, or an adequacy decision.

Further information on data protection at Anthropic can be found at https://www.anthropic.com/privacy as well as https://privacy.claude.com/

3.3 OpenAI

We process content that you enter or provide on our Website and in our App within the framework of using AI and voice services from OpenAI Ireland Ltd, Ireland (“OpenAI”). In particular, (i) text inputs are processed to generate AI-supported answers, and (ii) text inputs are processed to generate audio outputs (Text-to-Speech). Additionally, technical usage data (e.g., IP address, timestamp, device, and log data) can be processed for the provision, security, and billing of the service. We have concluded an order processing contract with OpenAI in accordance with Art. 28 GDPR. A transmission of personal data to recipients outside the European Union cannot be excluded within the framework of service provision. To the extent that such a transfer takes place, it occurs on the basis of suitable guarantees, in particular the EU standard contractual clauses, or an adequacy decision.

Further information on data protection at OpenAI can be found at https://openai.com/policies/privacy-policy/ as well as https://openai.com/policies/data-processing-addendum/

3.4 ElevenLabs

We process content that you enter or provide on our Website and in our App within the framework of using services from Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, USA (“ElevenLabs”). In particular, text inputs are processed to generate audio content (Text-to-Speech), e.g., spoken outputs or audio content for meditations. Depending on usage, audio inputs may also be processed if they are required for the creation, adjustment, or optimization of the audio output. Furthermore, technical usage data (e.g., IP address, timestamp, device, and log data) can be processed for the provision and security of the service. We have concluded an order processing contract with ElevenLabs in accordance with Art. 28 GDPR. A transmission of personal data to third countries, in particular the USA, cannot be excluded. To the extent that such a transfer takes place, it occurs on the basis of suitable guarantees, in particular the EU standard contractual clauses, or an adequacy decision.

Further information on data protection at ElevenLabs can be found at https://elevenlabs.io/privacy-policy as well as https://elevenlabs.io/dpa

4. Transmission of Data to Third Countries

Except in the cases mentioned under Section 3, we do not transmit your personal data to recipients in countries outside the European Union or the European Economic Area in which a level of data protection comparable to that in the European Union cannot be readily assumed.

5. Data Security

We use appropriate technical and organizational security measures to protect stored personal data against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. In particular, we ensure that sensitive personal data is stored exclusively on servers hosted in the EU that are certified according to DIN ISO/IEC 27001 (in the currently valid version).

6. When Do We Delete Your Data?

We delete your data when it is no longer needed for the purposes for which it was originally collected or when you request it. Irrespective of this, we store your data processed within the framework of using the Website until the expiry of legal deadlines.

7. Your Rights

In relation to our processing of your personal data, you are entitled to the following rights free of charge:

7.1 Right to access according to Art. 15 GDPR

You have the right to obtain information from us as to whether and which data we process about you. This includes, among other things, information on how long and for what purpose we process the data, what source it comes from, and to which recipients or categories of recipients we pass it on. You can also receive a copy of this data from us.

7.2 Right to rectification according to Art. 16 GDPR

You have the right to have us immediately correct inaccurate information about you. You can also request the completion of your incomplete personal data. If required by law, we will also inform third parties of this rectification if we have passed your personal data on to them.

7.3 Right to erasure according to Art. 17 GDPR

You have the right to demand the immediate erasure of your personal data from us if one of the following cases applies:

• Your data is no longer necessary for the purposes for which it was collected or otherwise processed, or the purpose has been achieved;
• You revoke your consent and there is no other legal basis for the processing;
• You object to the processing and there are no overriding legitimate grounds for the processing; in the case of using personal data for direct marketing, a sole objection on your part against the processing is sufficient;
• Your personal data has been processed unlawfully;
• The erasure of your personal data is necessary to fulfill a legal obligation under European Union law or the law of a Member State to which we are subject.

Your right to erasure may be restricted on the basis of legal provisions. This includes, in particular, the restrictions listed in Art. 17 GDPR and § 35 BDSG.

7.4 Right to restriction of processing according to Art. 18 GDPR

You have the right to demand a restriction of the processing of your personal data from us if one of the following reasons applies:

• You contest the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data;
• The processing is unlawful and you refuse the erasure of the personal data and demand instead the restriction of the use of your personal data;
• We no longer need your personal data for the purposes of the processing; however, you need it for the establishment, exercise, or defense of legal claims, or
• You have objected to the processing, as long as it has not yet been determined whether our legitimate grounds override yours.

If you have obtained a restriction of processing according to the aforementioned list, we will inform you before the restriction is lifted.

7.5 Right to data portability according to Art. 20 GDPR

You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to others. The exercise of this right leaves your right to erasure unaffected.

7.6 Right to object according to Art. 21 GDPR

In accordance with Art. 21 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your data if we base this processing on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR. If you object, we will no longer process your personal data except in two cases:

• We can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or
• The processing serves the establishment, exercise, or defense of legal claims.

In particular, if we process your personal data for direct marketing, you have the right to object at any time to the processing of your data for the purpose of such advertising. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this.

7.7 Right to revoke consent according to Art. 7 GDPR

You can revoke your consent given to us at any time with effect for the future. This revocation can take the form of an informal notification to the contact addresses mentioned above. If you revoke your consent, the legality of the data processing carried out up to that point remains unaffected.

7.8 Right to lodge a complaint with the supervisory authority

If you believe that the processing of your data by us violates applicable data protection law, you have the right to lodge a complaint with one of the competent supervisory authorities. The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Address: Alt-Moabit 59-61, 10555 Berlin

Phone: +49 30 13889-0

Email: mailbox@datenschutz-berlin.de

Furthermore, you can complain to the data protection supervisory authority responsible for you at your place of residence.

7.9 Automated Individual Decision-Making, Including Profiling, according to Art. 22 GDPR

We do not process your data for automated individual decision-making, including profiling, within the meaning of Art. 22 GDPR.

Status: January 2026