Data security

Safeguarding your data is essential to how we operate. We have strong security and organisational safeguards in place, and actively perform controls to ensure our operations align with these measures.

In line with the regular controls to ensure safeguarding measures are intact, these controls are also audited by independent external professionals. Please see our audits & certifications section below for more details.

The Famly platform is hosted in an Amazon Web Services (AWS) data center in Frankfurt, Germany. AWS is used by several government bodies, and therefore goes through stringent compliance checks.

We back up your data in a separate data center, located in Switzerland, and do both incremental and daily full backups.

Yes, we are compliant with the GDPR, UK GDPR and the Swiss new Federal Act on Data Protection (nFADP). Our Data Processing Agreement (DPA) automatically forms part of the Terms and Conditions for the Famly platform services, so there’s nothing extra you need to sign. We’ve put strong technical and organisational measures in place - outlined in the DPA - to make sure your data stays safe and protected at all times.

Yes, the Famly platform is built with GDPR in mind, following core principles like privacy by design and by default. This means you have control over who can access what data within your organisation. You can assign different roles and permissions to staff members, ensuring that each user only sees the information that’s relevant to their role. This helps safeguard sensitive personal data making sure it’s only visible to those who truly need it.

Famly works with a selected group of trusted sub-processor to help deliver the Famly platform and services. You can find the full list, along with where they’re located, in the appendix of our Data Processing Agreement. Each sub-processor is carefully vetted for security, compliance, and data processing practices before engagement. We also have data processing agreements in place with all our sub-processors, ensuring they are bound by the same core GDPR obligations that apply to our agreement with you.

All data is stored encrypted at rest and in transit. Data at rest is encrypted using AES-256, and for data in transit we use TLS1.2 or later to protect the data.

When data is transferred - for example, from the UK to our data center in Frankfurt, Germany, or to other approved sub-processors outside the UK - it remains fully encrypted and protected throughout the journey. You can trust that your data is handled with the highest security standards every step of the way and in accordance with the GDPR and UK GDPR.

Staff users with the adequate permission can delete data from the Famly Platform at any time to comply with your organisation’s internal data retention policies. In the event of service termination, all customer data stored on the Famly platform will be securely, permanently and irreversibly deleted within 60 days of termination. We follow industry practices for data deletion, using secure methods that deleted data cannot be recovered or reconstructed. For more detailed information on specific data retention periods, please refer to our Data Processing Agreement (DPA).

Before your access to the Famly Platform ends, you’ll need to export any data you wish to keep. After your access is deactivated, your organisation's data will be securely deleted within the next 60 days. After that, it will be permanently deleted and can no longer be recovered.