AAphasia.care

Privacy statement

How Aphasia Care handles your personal data, in line with the GDPR and NEN 7510.

Data controller

Aphasia Care (a brand of Only Chrome) is the controller for the processing described here. For questions, contact privacy@aphasia.care.

Data we process

Account data (name, email, role) and β€” for patients β€” health data needed for therapy: aphasia type and severity, exercise results, and recorded speech.

Purpose and legal basis

We process this data to support aphasia therapy. The basis is performance of the contract and your explicit consent for processing health data (special-category data under the GDPR).

Security

Data is encrypted at rest (KMS) and in transit (TLS 1.2+). Access requires strong two-factor authentication (2FA) and times out on inactivity. We keep an access log (NEN 7513) of who viewed or changed which data.

Retention

Speech recordings auto-expire after 180 days. Medical records are kept per the statutory retention obligation. Access logs are kept at least as long.

Your rights

You have the right to access, export (portability) and erasure of your data. In the app you can export your data and delete your account. Erasure of medical records may be limited by the statutory retention obligation.

Subprocessors and data location

Data is hosted with Amazon Web Services in the EU (eu-central-1, Frankfurt). A limited part of AI image generation may occur outside the EU; no patient data is sent in that process.

Last updated: 27 May 2026.