Privacy Policy — SerahrRemind

Note: This English version is provided for informational purposes only. The German text constitutes the sole legal basis.

Version 1.0 — effective from March 19, 2026

Note: This privacy policy applies to the publicly accessible demo version of SerahrRemind at serahrremind.serahr.de. The demo is for testing purposes only. Please enter only fictitious test data. All data is automatically deleted every hour.

1. Data Controller

Thorsten Ahrens
Serahr — serahr.de
Email: contact@serahr.de

2. Overview: What Data Is Processed?

SerahrRemind is a SaaS platform for automated appointment reminders. In the demo version, the following data is processed:

Data	Storage Location	Purpose
Demo credentials (email, password)	Supabase (Frankfurt, DE)	Authentication
Entered patient data (name, email, phone)	Supabase (Frankfurt, DE)	Demo functionality
Appointment data (date, time, type)	Supabase (Frankfurt, DE)	Demo functionality
Email reminders	Resend (USA)	Sending demo reminders
Technical access data (IP, browser)	Vercel (USA)	Website delivery

Demo specifics: All data entered in the demo (patients, appointments, reminders) is automatically deleted every hour. Demo accounts are reset to their initial state. SMS and phone call features are disabled in the demo — only email reminders are sent.

3. Data Processing in Detail

3.1 Website Visits

When visiting serahrremind.serahr.de, the web server automatically collects:

IP address (in server logs)
Browser type, operating system, referrer URL
Date and time of access

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing the website). No tracking cookies or third-party trackers are used.

3.2 Demo Usage

When using the demo, you can enter test data:

Patient data: Name, email address, phone number (please use only fictitious data)
Appointment data: Date, time, appointment type, assigned patient
Reminders: Configuration of reminder sequences

This data is stored in the Supabase database (Frankfurt region, Germany) and automatically deleted every hour.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a functional demo).

3.3 Email Sending (Reminders)

When you trigger an email reminder in the demo, an email is sent to the entered address. Emails are sent via Resend (Resend Inc., USA).

Transmitted data: Recipient email address, reminder text (first name, appointment time)
Note: Please use only your own or fictitious email addresses

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in demonstrating core functionality).

3.4 Disabled Features in the Demo

The following communication channels are disabled in the demo for cost reasons:

SMS sending (normally via Spryng B.V., Netherlands)
Phone calls / Text-to-Speech (normally via Microsoft Azure + Twilio)

These channels are available in the full version. The corresponding privacy information will be described in the full version's privacy policy.

4. Cookies and Local Storage

The application uses only technically necessary cookies:

Cookie / Storage	Purpose	Duration
Session cookie (Supabase Auth)	Login session	Session / 7 days
Language preference	DE/EN preference	1 year
Theme preference	Dark/Light mode	1 year

No tracking cookies, analytics tools, or advertising trackers are used. No consent is required for technically necessary cookies (§ 25(2)(2) TDDDG).

5. Retention Periods

Data	Period
Demo data (patients, appointments, reminders)	Max. 1 hour (automatic deletion)
Server logs (Vercel)	30 days (Vercel default)
Email delivery logs (Resend)	Per Resend privacy policy

6. Disclosure to Law Enforcement

We may be legally required to disclose stored data to law enforcement authorities on the basis of a European Production Order or European Preservation Order pursuant to Regulation (EU) 2023/1543. Such disclosure is made exclusively on the basis of a lawful order and to the extent required by law. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

7. Your Rights

Under GDPR: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Data portability (Art. 20), Objection (Art. 21).

Direct requests to contact@serahr.de. Since all demo data is deleted hourly, typically no personal data is stored beyond the deletion period.

8. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority.

9. Processors

Service Provider	Purpose	Location
Supabase, Inc.	Database and authentication	USA / EU region (Frankfurt)
Vercel, Inc.	Web application hosting	USA (EU SCCs)
Resend, Inc.	Email sending (reminders)	USA (EU SCCs)
netcup GmbH	Domain hosting (serahr.de)	Germany

10. Changes

This privacy policy may be updated as needed. The current version is always available on this page.

Current version: Version 1.1, effective from 03/23/2026.

Previous Versions

Version 1.0Valid: 03/23/2026 to 03/23/2026DE (PDF)EN (PDF)

Terms Privacy Policy