FamilyBotPreview← Back

Privacy Policy

Version 1.0 · Effective 2026-05-20

FamilyBot is a private chat space for your family. This policy explains what we collect, how we use it, who we share it with (a short list), and your rights. We treat your family's data as a long-term trust, not a marketing asset.

What we collect

  • Account information — your email, display name, and the year of your birth (year only, not full date). For minor accounts, we also store the user_id of the parent or legal guardian who confirmed the invitation.
  • Family content — everything you and your family members add to your family's space on FamilyBot. This includes contributions (facts, stories, corrections), people-tree entries, relationships, aliases, photos, audio recordings, PDFs, conversations with the bot, and family-to-family messages.
  • Usage logs — pages visited, features used, errors encountered, timestamps. Used for security, reliability, and product improvement. Not used to build advertising profiles.

We do not collect: location data, contacts, device telemetry beyond what your browser sends, social-media identifiers, or any data from third-party trackers. We do not run advertising.

How we use it

  • To operate FamilyBot — store and display your family's content, run AI features (chat, search, photo description, transcription), deliver email notifications you've opted in to.
  • To keep accounts secure — detect and respond to abuse, fraud, and unauthorized access.
  • To improve the product — aggregated, de-identified usage patterns inform feature work. Family content is never used to train AI models. See the sub-processors section below for how AI providers handle prompts and responses.

Sub-processors

We use a small set of vetted vendors to run FamilyBot:

  • Vercel (United States) — application hosting and edge runtime
  • Supabase (United States, with EU region available) — database, authentication, and file storage
  • Anthropic (United States) — the Claude AI model that powers chat responses. Anthropic does not use API inputs to train its models per their commercial terms.
  • OpenAI (United States) — text embeddings for retrieval and Whisper for audio transcription. Inputs are not used to train models per OpenAI's API terms.
  • Resend (United States) — transactional email for invites, notifications, and account flows.

We will keep this list up to date and notify users when a sub-processor is added or replaced.

Data residency

The data is stored in the United States by default. Families based in the European Union may request EU-region storage on signup or during the preview by emailing privacy@familybot.dev (alias of cfrln@cfrln.com during the preview). The standard contractual clauses (SCCs) approved by the European Commission govern cross-border data transfers to our US sub-processors.

Retention

  • We keep your account and family content while your account is active.
  • When you delete your account (see "Your rights"), we permanently delete your personal profile, conversations, uploaded photos, and any of your messages within 30 days. Contributions you made to the family record are anonymized rather than deleted — they remain in the family's history but are no longer attributed to you. This preserves the family's continuity while honoring your deletion.
  • Family-tree person rows are not deleted on individual account deletion; other family members may depend on those rows for their own genealogy. Only the user-to-person link is removed.
  • Backups are retained for up to 30 days, then rotated out.

Your rights

You have the following rights regardless of jurisdiction:

  • Access — get a copy of your data. Visit /me/data while signed in to download a JSON export of your profile, contributions, conversations, photos, and family memberships.
  • Rectification — correct anything that's wrong. Edit it in the chat, or email cfrln@cfrln.com.
  • Erasure — delete your account and have your personal data scrubbed within 30 days. Visit /me/data and click "Delete my account."
  • Restriction — pause our processing of your data while a dispute is resolved. Email cfrln@cfrln.com.
  • Objection — object to specific processing activities. Email cfrln@cfrln.com.
  • Portability — receive your data in a structured, machine-readable format (JSON export at /me/data).
  • Complaint — if you're in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. We'd appreciate hearing from you first so we can try to resolve it directly.

California residents have additional rights under the CCPA: to know what personal information we collect, to know whether it's sold or shared (it is not), to delete personal information, to opt out of "sale" and "sharing" (we do not sell or share), and to non-discrimination for exercising these rights.

Children's data

FamilyBot uses a conservative threshold for children: any user under 18 is treated as a minor, which is more protective than COPPA's 13-year-old threshold in the US and the GDPR-K 16-year-old threshold in the EU. Minor accounts on FamilyBot require:

  • An invitation from the minor's parent or legal guardian (no self-signup for minors)
  • The guardian's explicit acknowledgment of this Privacy Policy and the Terms of Service on the minor's behalf
  • A parental-controls dashboard available to the guardian (see /me/guardian)

When the minor turns 18 (per their declared birth year), the minor flag is automatically cleared and they become a standard adult user. The guardian remains visible in the audit log but no longer controls the account.

We do not knowingly collect more personal data from minors than from adults. The minor-account UX is intentionally narrower than the adult UX.

Cookies and analytics

We use only the cookies needed to keep you signed in (the Supabase auth session cookie). We do not run third-party analytics, advertising trackers, or session-replay tools. We do not run a cookie-consent banner because we do not set non-essential cookies.

How we communicate changes

When we change this policy in a way that affects your rights or how we use your data, we'll notify you by email AND by surfacing a notice in the chat that requires your acknowledgment before continuing. The CURRENT_POLICY_VERSION constant is bumped at every such change. Minor wording fixes that don't affect substance may be made without notification but are logged in the source repository.

Contact

For privacy questions, data-rights requests, or anything else: cfrln@cfrln.com (Christina Noren is the FamilyBot data protection lead during the preview).

Preview notice

FamilyBot is in early preview. This policy is evolving alongside the product. We will give meaningful changes adequate notice and acknowledgment before they take effect.