We take security and transparency seriously. Learn exactly how we process and store sensitive data.
Every legal detail
Read every detail about compliance, data protection and legal policies
GDPR
You deal with sensitive data every day, so our highest priority is protecting it.
GDPR
Data processing agreement
"While you dedicate your time to the children, we’re busy ensuring your data stays secure and encrypted.”
Jan-Erik Revsbech,
Chief Technical Officer
Safeguarding your data is essential to how we operate. We have strong security and organizational safeguards in place, and actively perform controls to ensure our operations align with these measures.
In line with the regular controls to ensure safeguarding measures are intact, these controls are also audited by independent external professionals. Please see our audits & certifications section below for more details.
The Famly platform is hosted in an Amazon Web Services (AWS) data center in Frankfurt, Germany. AWS is used by several government bodies, and therefore goes through stringent compliance checks.
We back up your data in a separate data center, located in Switzerland, and do both incremental and daily full backups.
All the small details
Yes, we are compliant with the GDPR, UK GDPR and the Swiss new Federal Act on Data Protection (nFADP). Our Data Processing Agreement (DPA) automatically forms part of the Terms and Conditions for the Famly platform services, so there’s nothing extra you need to sign. We’ve put strong technical and organizational measures in place - outlined in the DPA - to make sure your data stays safe and protected at all times.
Yes, the Famly platform is built with GDPR in mind, following core principles like privacy by design and by default. This means you have control over who can access what data within your organization. You can assign different roles and permissions to staff members, ensuring that each user only sees the information that’s relevant to their role. This helps safeguard sensitive personal data making sure it’s only visible to those who truly need it.
Famly works with a selected group of trusted sub-processor to help deliver the Famly platform and services. You can find the full list, along with where they’re located, in the appendix of our Data Processing Agreement. Each sub-processor is carefully vetted for security, compliance, and data processing practices before engagement. We also have data processing agreements in place with all our sub-processors, ensuring they are bound by the same core GDPR obligations that apply to our agreement with you.
All data is stored encrypted at rest and in transit. Data at rest is encrypted using AES-256, and for data in transit we use TLS1.2 or later to protect the data.
When data is transferred - for example, from the US to our data center in Frankfurt, Germany, or to other approved sub-processors - it remains fully encrypted and protected throughout the journey. You can trust that your data is handled with the highest security standards every step of the way and in accordance with the GDPR.
Staff users with adequate permission can delete data from the Famly Platform at any time to comply with your organization’s internal data retention policies. In the event of service termination, all customer data stored on the Famly platform will be securely, permanently and irreversibly deleted within 60 days of termination. We follow industry practices for data deletion, using secure methods that deleted data cannot be recovered or reconstructed. For more detailed information on specific data retention periods, please refer to our Data Processing Agreement (DPA).
Before your access to the Famly Platform ends, you’ll need to export any data you wish to keep. After your access is deactivated, your organization's data will be securely deleted within the next 60 days. After that, it will be permanently deleted and can no longer be recovered.
