Privacy Policy

Oliver Pitsch

Gerhard-vom-Rath-Straße 63, 50968 Köln, Germany

Email: famili@pitsch.me

If you have questions about data protection, you can contact us at the above address at any time.

We process personal data in the following categories:

Account data: Name, email address (via Clerk authentication, optionally via Google or Apple).

App permissions: When using the native apps, access to the camera and photo library, in each case only after your explicit action (e.g. to add documents or images).

Location data: An optional location you provide for the weather display (no access to your device location).

Family and organization data: Family name, member roles, tasks, calendar entries, reminders, contacts, and notes. When Google Calendar sync is enabled, additionally: Google account email address, OAuth credentials (stored encrypted), and synchronization metadata.

Children's data: First names, dates of birth, clothing/shoe sizes, allergies, medical notes, school/daycare, hobbies.

Documents: Files uploaded by you (e.g., IDs, certificates, contracts).

Payment data: Billing address, payment method, and transaction data (processed by Stripe).

Usage data: Page views, interactions, and device information (via PostHog, only with consent).

Your data is processed on the following legal bases:

Contract performance (Art. 6(1)(b) GDPR): For providing the Famili platform, managing your user account, and processing payments.

Consent (Art. 6(1)(a) GDPR): For processing analytics cookies (PostHog). Consent can be withdrawn at any time via the cookie banner or the imprint page.

Legitimate interests (Art. 6(1)(f) GDPR): For ensuring technical operation and protection against misuse.

Consent for children's data (Art. 6(1)(a) in conjunction with Art. 8 GDPR): The entry of data in child profiles is performed by users with parental authority and requires their consent.

App features (Art. 6(1)(b) and (a) GDPR): For accessing the camera and photos in the apps (in each case only upon your action) and the optional weather display based on a location you provide.

Registration and login are handled by the external service Clerk (Clerk, Inc., USA). The following data is processed:

Email address, name, profile picture (if available), and login metadata (IP address, device, timestamp).

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

Third country transfer: Clerk processes data in the USA based on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

In the native apps, you can additionally sign in via Google (Google LLC, USA) or Apple (Sign in with Apple, Apple Inc., USA). The sign-in is handled by the respective provider; the data required to create your account (e.g. name, email address) is transmitted to Clerk. With "Sign in with Apple" you can choose to hide your email address (Apple Private Relay). Apple and Google are certified under the EU-US Data Privacy Framework.

More information: clerk.com/legal/privacy

Famili is also available as a native app for iOS and Android. The following additional processing is relevant for their features:

Camera and photo library: To add documents and images to your family area, you can grant the app access to the camera and photo library. Access occurs exclusively after your explicit action and only for the operation you initiate; there is no background access. Selected files are transmitted to our servers for upload and stored in accordance with the "Document storage" section (AWS S3, Frankfurt).

Login token: To keep you signed in, an authentication token is stored locally and encrypted in the device's secure key store (iOS Keychain / Android Keystore via Expo SecureStore).

Weather display: The home screen can show a weather forecast. For this, a location (coordinates) provided by you or your family is transmitted to the service Open-Meteo (Open-Meteo, EU). Your device location is not accessed; the apps do not request location permission.

App stores: When obtaining and using the apps, Apple (App Store) and Google (Google Play) process download and — if enabled by you at the operating-system level — diagnostic data in accordance with their own privacy policies. We have no influence over this.

No tracking: The apps contain no analytics, tracking, or advertising functions.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) for upload and login; consent (Art. 6(1)(a) GDPR) for the optional weather display and the system permissions, which you can revoke at any time in your device settings.

All data you create in your family workspace is processed exclusively for providing platform functionality:

Calendar entries, tasks, reminders, contacts, waiting list items, and routines. This data is only visible to members of your family workspace.

If you enable Google Calendar synchronization, calendar entries are synchronized bidirectionally between your family workspace and the connected Google Calendar. For details, see the section on Google Calendar synchronization.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

Storage location: PostgreSQL database on servers in the EU.

Famili allows creating child profiles with the following optional information: first name, date of birth, clothing and shoe sizes, allergies, medical notes, school/daycare, and hobbies.

This data is used exclusively for platform functionality and is only visible to members of the respective family workspace. It is not used for advertising, profiling, or other purposes and is not shared with third parties.

Legal basis: Consent of the person with parental authority (Art. 6(1)(a) in conjunction with Art. 8 GDPR). Providing this data is voluntary.

When the child profile or family workspace is deleted, this data is completely removed.

We use Stripe (Stripe, Inc., USA / Stripe Payments Europe, Ltd., Ireland) for payment processing. The following data is transmitted to Stripe:

Email address, name, billing address, selected plan, and payment information. Payment data (e.g., credit card numbers) is processed exclusively by Stripe and is not accessible to us.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

Third country transfer: Stripe Payments Europe (Ireland) processes payments within the EU. For certain services, transfer to the USA may occur based on SCCs and the EU-US Data Privacy Framework.

More information: stripe.com/privacy

Uploaded documents are stored on Amazon Web Services (AWS) S3 in the eu-central-1 region (Frankfurt).

Documents are only accessible to members of the respective family workspace, unless you actively create a share link. Share links can be revoked at any time.

Legal basis: Contract performance (Art. 6(1)(b) GDPR).

Storage location: EU (Frankfurt, Germany).

Famili offers an optional bidirectional synchronization with Google Calendar (Google LLC, USA). Synchronization is only activated when you explicitly set it up in settings and connect your Google account via OAuth 2.0.

Data processed: Calendar events (title, description, location, start/end time, recurrence rules, status), Google account email address, and OAuth credentials (access token and refresh token).

Scope of access: Famili only requests access to your Google Calendar (scope: calendar). No other Google services (e.g. contacts, Drive, email) are accessed.

Credential storage: OAuth tokens are stored encrypted with AES-256-GCM in our database. Plaintext credentials are not retained.

Synchronization mechanism: Synchronization occurs via push notifications from Google (webhooks), periodic background processes, and manual triggers. New and changed calendar entries are transferred in both directions.

Legal basis: Consent (Art. 6(1)(a) GDPR). You actively initiate the connection and can disconnect it at any time in settings.

Third country transfer: Google LLC is based in the USA. Data transfer occurs based on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.

Disconnection and data deletion: When you disconnect, all OAuth tokens and synchronization metadata are immediately deleted. Previously synchronized calendar entries remain as local entries in your family workspace but lose their link to Google.

More information: policies.google.com/privacy

We use PostHog (PostHog, Inc.) to analyze platform usage. PostHog is only activated when you explicitly consent via the cookie banner.

Data processed: Page views, interactions (e.g., task created, calendar entry added), anonymized IP address, device information.

Data not processed: No content of tasks, documents, contacts, or child profiles. Only event types and IDs are captured, no personal content.

Legal basis: Consent (Art. 6(1)(a) GDPR). Without consent, no analytics cookies are set and no data is transmitted to PostHog.

Storage location: EU (PostHog EU Cloud). Consent can be withdrawn at any time via the cookie banner, the imprint page, or by clearing browser storage.

Native apps: The iOS and Android apps contain no analytics or tracking functions. No cross-app tracking takes place (no App Tracking Transparency prompt), and no advertising or tracking identifiers are processed. PostHog is used exclusively on the website.

The platform is hosted on Vercel (Vercel, Inc., USA). Server logs with IP addresses and access times may be processed.

Legal basis: Legitimate interest in secure and efficient platform delivery (Art. 6(1)(f) GDPR).

Third country transfer: Vercel uses edge networks that preferentially use EU locations. Transfer to the USA occurs based on SCCs and the EU-US Data Privacy Framework.

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR): You can request information about the data we process.

Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.

Right to erasure (Art. 17 GDPR): You can request deletion of your data, provided no statutory retention obligations apply.

Right to restriction (Art. 18 GDPR): You can request restriction of processing.

Right to data portability (Art. 20 GDPR): You can request your data in a structured, machine-readable format.

Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests.

Withdrawal of consent: Consent granted (e.g., for analytics cookies) can be withdrawn at any time with effect for the future.

To exercise your rights, contact famili@pitsch.me.

Account data: Stored for the duration of use and deleted within 30 days after account deletion.

Workspace data: Deleted within 30 days after family workspace deletion.

Payment data: Billing data is retained for up to 10 years in accordance with tax retention requirements (§ 147 AO).

Analytics data: PostHog data is automatically deleted after 90 days.

Server logs: Deleted after 30 days.

We employ appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse:

Encrypted data transmission (TLS/HTTPS), access control through authentication (Clerk), role-based permissions within the family workspace, regular security updates, and encrypted storage of sensitive data.

Complete protection against all risks is technically not possible. We continuously work to improve our security measures.

Some of our service providers are based in the USA. Data transfers are based on the following safeguards:

EU-US Data Privacy Framework: Clerk, Stripe, Google, and Apple are certified under the EU-US Data Privacy Framework.

Standard Contractual Clauses (SCCs): Additionally, Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR are in place with all US service providers.

EU data where possible: PostHog (EU Cloud), AWS S3 (Frankfurt), and the database (EU) process data exclusively within the EU.

We reserve the right to update this privacy policy to reflect changes in legal requirements or our services.

The current version is always available on this page. For significant changes, we will inform you by email or notification on the platform.

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data violates the GDPR.

Competent supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany

poststelle@ldi.nrw.de