Privacy Policy

Your family's privacy is built in.

Encrypted by default No ads Delete anytime

Our privacy commitments

  • Encryption in transit and at rest

    Personal data, updates, and content are encrypted when sent to FamilyFeed and when stored in our databases.

  • Authentication on every request

    Each API call is verified so only authorized users can access your family space.

  • Authorization before updates

    No change or deletion happens without confirming a member's permissions inside your family.

  • Secure server-side processing

    FamilyFeed processes data on our backend to run shared family features such as reminders, feeds, appointments, lists, ToDos, permissions, and notifications.

What we collect and why

We gather only what is needed to operate FamilyFeed and deliver personalized, secure experiences.

  • Account information

    We use your email for authentication, password recovery, and account notifications. Real names are optional.

  • Family details

    Country helps us deliver time zone specific reminders. City and state are optional context for family organization features.

  • Content you create

    Photos, notes, reminders, appointments, lists, ToDos, and posts are used to provide the shared family features you choose to use. Delete them anytime.

  • Analytics only

    We collect aggregated, anonymized metrics to monitor reliability and improve the experience.

Bots, AI, and sub-processors

FamilyFeed uses a mix of rule-based backend services and limited user-triggered AI features.

  • Family Bots today

    Current Family Bots are backend rule-based services running on AWS. They are not continuously running LLM agents and do not continuously send family data to external AI systems.

  • OpenAI for scan features

    We use OpenAI APIs for specific actions you start, such as scanning invitations to create appointments, scanning item images to create items, and scanning receipts to bulk add items.

  • No model training

    We do not use your family content to train or fine-tune our own models, and we do not ask our AI provider to train models on your content.

  • Future AI features

    If we add broader AI bots or rules, we will update this policy, identify the relevant providers, explain what data is processed, and provide consent or controls where required.

Sensitive and health-related data

Some families may choose to enter health-related information, such as medicines, health appointments, routines, notes, or reminders.

  • User-provided information

    We process this information only to provide the features you request, such as reminders, tracking, shared context, and family coordination.

  • GDPR legal basis

    Where GDPR applies, we process ordinary personal data to provide the service and, where health-related special category data is involved, rely on explicit consent where applicable.

  • Not medical advice

    FamilyFeed is not a medical, emergency, legal, or professional advice service. You should review important reminders and appointments before relying on them.

Hosting and international transfers

  • AWS hosting

    FamilyFeed uses AWS infrastructure, and family data is currently stored primarily in the AWS us-east-1 region in the United States.

  • No regional residency yet

    We do not currently offer region-based data residency controls, but we will evaluate regional storage options as the service grows.

  • Transfer safeguards

    For users subject to GDPR, international transfers may rely on appropriate contractual safeguards, such as Standard Contractual Clauses where applicable.

Data retention and deletion

  • Family deletion

    Removing a family deletes its posts, images, appointments, lists, ToDos, events, and member access from primary storage immediately or as soon as technically practicable.

  • Profile deletion

    Deleting your profile removes your personal data and associated media across your families from primary storage immediately or as soon as technically practicable.

  • Immediate item deletion

    Deleting individual lists, appointments, ToDos, or events removes them from primary storage. Deleted user content is not user-restorable.

  • Logs and limited records

    System logs are retained for about 24 hours for debugging, reliability, and security. We may retain minimal records longer if required for security, abuse prevention, legal obligations, or account administration.

Retention schedule

  • Account and profile data

    Kept while your account or profile is active, then deleted after you request deletion, subject to limited legal or security needs.

  • Family content

    Kept until you or a family admin deletes the relevant family, profile, post, list, appointment, ToDo, event, image, or note.

  • AI scan inputs and results

    Processed only for the user-triggered scan action and then handled under the same content and log retention rules described here.

  • Support and legal records

    Kept only as long as needed to respond to your request, maintain account records, resolve disputes, or comply with applicable law.

Transparency and control

You can view, download, or delete your information at any time. We provide privacy rights consistent with laws such as GDPR and CCPA where they apply.

  • Data portability

    Export your data in a readable format whenever you need a copy.

  • Right to be forgotten

    Permanently delete your account and receive confirmation once removal is complete.

Have a privacy question?

Contact our privacy team at [email protected]. We typically respond within one business day.