Privacy statement
How Aphasia Care handles your personal data, in line with the GDPR and NEN 7510.
Data controller
Aphasia Care (a brand of Only Chrome) is the controller for the processing described here. For questions, contact privacy@aphasia.care.
Data we process
Account data (name, email, role) and β for patients β health data needed for therapy: aphasia type and severity, exercise results, and recorded speech.
Purpose and legal basis
We process this data to support aphasia therapy. The basis is performance of the contract and your explicit consent for processing health data (special-category data under the GDPR).
Security
Data is encrypted at rest (KMS) and in transit (TLS 1.2+). Access requires strong two-factor authentication (2FA) and times out on inactivity. We keep an access log (NEN 7513) of who viewed or changed which data.
Retention
Speech recordings auto-expire after 180 days. Medical records are kept per the statutory retention obligation. Access logs are kept at least as long.
Your rights
You have the right to access, export (portability) and erasure of your data. In the app you can export your data and delete your account. Erasure of medical records may be limited by the statutory retention obligation.
Subprocessors and data location
Data is hosted with Amazon Web Services in the EU (eu-central-1, Frankfurt). A limited part of AI image generation may occur outside the EU; no patient data is sent in that process.
Last updated: 27 May 2026.