← Back to SilentSuite

Privacy Policy

Last updated: March 23, 2026

The short version

SilentSuite is an end-to-end encrypted sync service for calendars, contacts, and tasks. Your data is encrypted on your device before it reaches our servers. We cannot read, analyze, or share your encrypted data. This is by design, not just by policy.

1. Controller

The controller responsible for data processing on this website is:

SilentSuite
E-Mail: info@silentsuite.io

2. What data we collect

2.1 Website visits (silentsuite.io)

This website is hosted on Cloudflare Pages. Cloudflare may process your IP address to deliver the website. We use Plausible Analytics (self-hosted), a privacy-friendly analytics tool that does not use cookies, does not track individual users, and does not collect personal data. Fonts are self-hosted. No requests are made to Google or other third-party font services.

2.2 Newsletter subscription

When you subscribe to our newsletter, we collect:

  • Email address (required)
  • Name (optional)
  • Consent confirmation

We use a double opt-in process to comply with GDPR. After you submit the subscription form, we send a confirmation email containing a signed link. Your subscription only becomes active once you click that link. Confirmation links expire after 48 hours. If the link expires, you can subscribe again to receive a new one.

We use Resend to send transactional and newsletter emails. Your email address is used solely to send you product updates and announcements about SilentSuite. Legal basis: Art. 6(1)(a) GDPR (consent). You can withdraw consent at any time by using the unsubscribe link in any email, replying with "unsubscribe", or emailing us at info@silentsuite.io.

2.3 SilentSuite service (app.silentsuite.io)

SilentSuite is available as a web app, an Android mobile app, and a CalDAV bridge for use with existing calendar and contacts clients. When you use the service, we process:

  • Account data: Username, hashed authentication public key, account creation timestamp. This is necessary for account operation.
  • Encrypted data: Your calendar events, contacts, and tasks are stored as encrypted blobs. We have no technical ability to decrypt this data. The encryption keys never leave your device.
  • Metadata: Sync timestamps, collection membership, and sync tokens. This metadata is necessary for the sync protocol to function.
  • Server logs: IP address and request timestamps may be logged temporarily for security and abuse prevention. Logs are rotated automatically.

Legal basis: Art. 6(1)(b) GDPR (contract performance) for account and encrypted data. Art. 6(1)(f) GDPR (legitimate interest) for security logs.

2.4 Payment processing

Payments are processed by Stripe. Your card details are handled entirely by Stripe and are never stored on or transmitted to our servers. We receive only a transaction reference, plan type, and billing status from Stripe. Legal basis: Art. 6(1)(b) GDPR (contract performance).

3. Where data is stored

The SilentSuite sync server is hosted on secure, GDPR-compliant infrastructure. Your encrypted data never leaves the EU. The landing page is served via Cloudflare's global CDN. You may also choose to self-host the SilentSuite server for complete data sovereignty.

4. Data sharing

We do not sell, trade, or share your personal data with third parties. We use the following processors:

  • Cloud hosting provider (EU): server hosting
  • Cloudflare, Inc. (US, with EU data processing): website hosting and CDN
  • Resend: transactional and newsletter email delivery
  • Stripe: payment processing
  • Plausible Analytics (self-hosted): privacy-friendly, cookieless website analytics

5. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability (export in ICS, VCF, or ZIP formats)
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email us at info@silentsuite.io.

6. Data retention

Newsletter subscriber data is retained until you unsubscribe or request removal. Account data and encrypted sync data are retained for the duration of your account. Server logs are retained for a maximum of 30 days. When you delete your account, all associated data is permanently removed.

7. Cookies

This website does not use cookies. Plausible Analytics is cookieless. The SilentSuite service uses authentication tokens stored in your application. These are not browser cookies.

8. Self-hosting

SilentSuite offers a self-hosted option. When you run your own server, your data never touches our infrastructure. This privacy policy applies only to services operated by SilentSuite (the hosted service and this website). Self-hosted instances are under your own control and responsibility.

9. Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date. For significant changes, we will notify subscribers and registered users via email.