Privacy Policy

Last updated: June 5, 2026

Data protection is important to us. We treat this topic with care and inform you below about the handling of your personal data when visiting our website and using our app.

To the extent that we collect, store, or otherwise process personal data from you, this is done within the framework of legal provisions and to provide the functionalities of our app.


1. Controller and Data Protection Officer

Responsible for the processing of personal data when using the website at www.ria-care.de and the “Ria” app is the company Ria Companion App GmbH, D-50999 Cologne. Further information can be found in our imprint/legal notice. You can reach us regarding data protection matters by email at privacy@ria-care.de


2. Subject Matter, Purpose, and Basis of Data Processing


a) Use of the Website


a) Log files

When accessing our websites, a log data record (server log files) is stored on our web server, which includes, among other things, the IP address. The data within these server log files are required, among other things, to display the contents of our websites correctly and to ensure the secure operation of our IT infrastructure. The log files are deleted regularly and automatically. If you wish to receive further information on this, please feel free to contact us at any time using the contact details mentioned above.


b) Cookies

We use cookies on our websites. Details of the cookies used when visiting our website, their storage period, and information on how you can delete the data collected here can be found in the privacy settings of your browser. We distinguish between necessary cookies, which are required, for example, to provide the basic functions of the website.

Cookies that enable us, among other things, to evaluate the visits and hits on the website or to display targeted marketing measures, on the other hand, require prior consent via the Consent Manager on our website. The same applies if access is otherwise gained to information stored on your end device (e.g., IP address).


c) Tools

Our website and our app use various services and applications (collectively “tools”) that are offered either by ourselves or by third parties. These include, in particular, tools that use technologies to store information on the end device or access it (e.g., cookies, web storage, JavaScript, or pixels).

We distinguish between tools that are necessary, for example, to provide the basic functions of the website or to provide a service you have explicitly requested.

On the other hand, we use tools that are not strictly necessary and enable us, for example, to evaluate the visits and hits on the website or to display targeted marketing measures. For the use of these tools, we require your prior consent, which you submit via the Consent Manager on our website.


d) Management and Configuration of Tools and Cookies

Our website uses a so-called Cookie Consent Management Tool to manage and control the consent that may be required for storing or loading certain tools. The associated data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations. You can withdraw your consent for certain tools at any time. To do this, click on the privacy settings in your browser. There you can also change the selection of tools you wish to consent to the use of and find additional information about cookies. Alternatively, you can assert your withdrawal directly with the provider for certain tools. If you have questions about the provider or need further information, please feel free to contact us at any time using the contact details mentioned above.


b) Data Processing when Using the Ria App


a) Profile Creation and User Registration

When creating a profile to use the app, we collect the personal data of the admin, the storyteller, and the data of users from the family/friends circle provided when creating the profile (or later) to the extent specified there.

This initially includes contact and registration data (first and last name, email address, password, telephone number). The data processing serves the purpose of setting up the storyteller’s Ria account and creating and managing the individuals of the account (storyteller, admin, and users from the family/friends circle) who want to record and share their stories (storyteller) or listen to these stories (admin, users from the family/friends circle). In addition, the data is used during the usage term for communication regarding the account and user agreement.


b) Use of the Ria App by Storytellers

As part of the use of the Ria app and the functions accessible to storytellers via it (chatbot, calendar, reminders (push notifications), video calls), we process personal status and contact data (first and last name, email address, telephone number) as well as personal information that forms part of the recorded stories along with supplementary text and voice messages and uploaded photos. These data are captured, stored, and made accessible to the members of the storyteller profile (storyteller, admin, users from the family/friends circle). The processing in this respect is carried out to fulfill the user agreement and provide the functionalities of the app.

Within the scope of using the Ria app and the functions accessible via it (chatbot, calendar, reminders, video calls), we also process special categories of data in individual cases, e.g., health data (e.g., medication and hydration reminders, doctor’s appointments, notes in the shared calendar) or information on religious views, provided these data are part of the stories you record. These data are also captured, stored, and made accessible to the members of the storyteller profile. For the processing in this respect, we obtained your consent when you registered for the app. The processing serves exclusively to provide the app functions within the user group of the respective storyteller profile. The data is stored and only visible to the users registered in the storyteller profile.

In connection with the use of our chatbot, personal data may be processed using artificial intelligence. In doing so, automated/autonomous responses and/or recommendations are generated based on the entered content and information. In particular, contact data as well as form or chat contents are recorded and analyzed by AI models. The basis for this processing is your consent.

For users in the EU, processor is Google Cloud EMEA Limited (Ireland) via Vertex AI. Data is hosted and processed exclusively within EU datacenters (Europe-West1 region, Belgium). For users in the US, processor is Google LLC (USA) via Vertex AI. Data is hosted and processed within the United States (US-Central1 region, Iowa). No further transfer and/or provision of data to third parties takes place.

Your entries or information are processed exclusively on a temporary basis (for the duration of the existence of a Ria account) plus a period of six (6) months thereafter (to download the contents) and serve only to capture and process the provided information and stories. Permanent storage of chat contents (beyond the deletion of the Ria account), profiling, or automated decision-making with legal effect does not occur. If you voluntarily provide personal data during use, this will also be used exclusively for the purpose of story creation and will likewise not be stored permanently.

If and to the extent that we work with service providers, for example, to host, technically maintain, and service the app, we have ensured that this always takes place on the basis of the necessary agreements on order processing and that the technical and organizational measures taken guarantee the highest level of data security. No transfer of your data or other disclosure or processing takes place. In all cases, we strictly observe legal specifications. The scope of data transmission is limited to a minimum.

If you have any questions, please feel free to contact us at privacy@ria-care.de


c) Use of the Ria App by Admins and Network Members

As part of the use of the Ria app and the functions accessible to you via it (reminders (push notifications), video calls, story prompts), we process personal status and contact data (first and last name, email address, telephone number) as well as personal information that forms part of the messages and story prompts to the storyteller, including uploaded photos. These data are captured, stored, and made accessible to the members of your network. The processing in this respect is carried out to fulfill the user agreement and provide the functionalities of the app.


d) Push Notifications

In connection with the use of our app, all users receive push notifications (e.g., notifications of incoming messages, calendar reminders, call announcements) on their device if they have selected this option.

We use the Firebase Cloud Messaging (FCM) service to deliver push notifications. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is the contracting party for FCM in the European Economic Area; the technical processing is carried out with the involvement of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”). On Apple devices, the actual delivery of the push notification is additionally handled via the Apple Push Notification Service (APNs) of Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; on Android devices, delivery takes place directly via Google’s FCM infrastructure.

When the app is started for the first time and after your consent has been granted, FCM assigns a unique, anonymized device token (FCM registration token) to your device, which we store on your end device and on our servers in order to be able to address your app installation for the delivery of push notifications. To deliver a notification, we transmit this token, the message content (title, short text, and, if applicable, other user data) and delivery parameters (priority, time-to-live, timestamp) to FCM. For delivery, FCM and, if applicable, APNs also process the IP address of your device, device and installation identifiers, information about the operating system and app version, as well as delivery and error status.

We reduce the content transmitted in the push payload to what is functionally necessary. In particular, we do not transmit health references, sensitive content, or medication names in plain text in the push notification; these only become visible in the secure session after opening the app.

The processing serves exclusively to inform you promptly about events intended for you in the app (e.g., incoming messages, calendar and medication reminders, scheduled video calls, activities of your family group) without you having to open the app yourself.

You have granted your consent during the initial installation of the app – and additionally via the system-side push permission request of your device.

The storage or retrieval of information (FCM token, device and installation identifiers) on your end device is based on your consent. We base the subsequent processing of your personal data for the delivery of push notifications, including the associated transfer to Google and, if applicable, Apple, on your consent, and additionally – insofar as a transfer to the USA takes place – additionally on your consent.


e) Store / Data Processing during Download and Use of the App

When downloading our mobile app, the required information is initially transferred to the App Store, specifically including the username, email address, and customer number of your account, the time of the download, and the individual device identification number. In addition, the respective App Store independently collects various data and provides you with analysis results. We have no influence on this data processing and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app onto your mobile device.

When you use our mobile app, we process (in addition to the data mentioned above) the following data, which are technically necessary for us to offer you the functions of our mobile app and to ensure stability and security, and therefore must be processed by us: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (visited page), access status/HTTP status code, amount of data transferred in each case, previously visited page, browser, operating system, as well as the language and version of the browser software. Furthermore, to provide the services of the app, we require your device identifier, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, and email address. In addition to the aforementioned data, technical aids are used for various functions when you use our mobile app, in particular cookies, which can be stored on your end device.

In iOS, you have various options to largely restrict advertising and tracking. Tracking basically runs via the so-called “Advertising Identifier” (IDFA). This is a unique, but non-personalized and non-permanent identification number for a specific end device provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate your usage.

If you go to the “Privacy” option in the iOS settings, you can largely deactivate the advertising evaluation under “Tracking”. If you activate the function “Allow Apps to Request to Track”, our app will ask you when you first use it whether you agree to advertising measures, and you can activate or deactivate the advertising. Furthermore, under the “Privacy” option, you can select “Apple Advertising” and deactivate “personalized ads”. In the “Analytics& Improvements” option, you can also deactivate the functions “Share iPhone Analytics” and “Improve Siri & Dictation”, which results in no statistical information about your use of iOS being transmitted to Apple. Please note that you may not be able to use all the functions of our app if you restrict the use of the IDFA.


c) Social Media

We operate presences on online platforms and social networks to interact with potential or existing customers, to exchange information with interested parties and users, or to promote offers and services. We operate our presences in so-called joint responsibility with the providers. We process data that you share or publish directly via the online platforms and networks (e.g., via comment and chat functions) as the controller in order to interact or exchange information with you in this regard. In the course of this interaction, we may also receive statistical data from the platform operators regarding the use of our “channels and fan pages”. This includes, for example, information about interactions, likes, comments, or summarized information and statistics (e.g., IP address; origin of followers) that help us learn about interactions with our page.

However, the providers also process data under their own responsibility. We have no influence on data processed by the provider under its own responsibility according to its own terms of use and privacy policy. We point out that when accessing the aforementioned providers, further data (e.g., from your “usage” and “surfing behavior”) may be collected and, if applicable, transmitted to the provider. Please also note that in the case of interaction via the aforementioned media, data may also be processed outside the European Union.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. You can find more detailed information on this in the privacy notices of the respective providers. Insofar as we have personal data from you in connection with the use of the online platforms and networks, please direct your concerns to us. If you also wish to assert rights against a specific provider, please contact the respective provider.


3. Use of Service Providers and Other Recipients, Data Transfer

To fulfill our tasks, we rely on the assistance of various service providers who in turn employ sub-service providers. Particularly with technical service providers (e.g., web hosting, chatbot function, push notifications), your personal data may also be processed briefly outside the EU (e.g., in the USA). In these third countries, there is usually no comparable legislation for data protection. To ensure an adequate, comparable level of data protection, if such a case occurs, we enter into special agreements to protect your personal data. The same applies to the relationship of the service providers with their sub-service providers. In addition, we also select service providers based on whether they provide additional guarantees, such as acquired security certificates and/or evidence of additional and appropriate technical and organizational measures to protect your personal data (e.g., encryption of data). Your personal data will only be passed on or transmitted by us to third parties to the extent necessary to fulfill the contract with you, there is a legitimate interest on our part, you have given your consent, and/or to the extent we are obliged to do so due to statutory provisions or official or judicial orders.

We employ the following service providers to provide the app:

Chatbot function for the EU: Processor is Google Cloud EMEA Limited (Ireland) via Vertex AI. Data is hosted and processed within the EU (europe-west1 region, Belgium).

Chatbot function for the US: Processor is Google LLC (USA) via Vertex AI. Data is hosted and processed within the United States (us-central1 region, Iowa).

Push notifications: The processor for the Firebase Cloud Messaging push service in the European Economic Area is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; technical processing is carried out with the involvement of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Video call function: Daily.co, located at 548 Market St, Unit 39113, San Francisco, CA, USA.


4. Your Rights

You can assert your rights regarding your processed personal data against us at any time using the contact details provided at the beginning. In particular, you have the following rights:

Right of access to your data processed by us: This includes in particular requesting information on the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

Right to rectification of incorrect data or completion of your data stored with us: The right to rectification means in particular that you have the right to demand from us without delay the rectification of incorrect personal data concerning you as well as the completion of incomplete personal data.

Right to erasure of your data stored with us: The right to erasure means that you generally have the right to demand that we erase personal data concerning you without delay, and we are obliged to erase personal data without delay. This may be the case, for example, if personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

Right to restriction of processing: The right to restriction may become relevant if you contest the accuracy of the personal data.

Right to portability of your data (“data portability”): The right to portability means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us.

Right to object to processing: As a data subject, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you; this also applies to profiling based on these provisions. If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

Right to lodge a complaint with a data protection supervisory authority.


5. Erasure

Your data will be deleted 6 months after the termination and/or deletion of the storyteller account, unless statutory regulations oblige us to keep it for a longer period.