Data security

We take security and transparency seriously. Learn exactly how we process and store sensitive data.

Every legal detail

All terms and conditions

Read every detail about compliance, data protection and legal policies

Man and woman working on a computer and smiling
Woman writing code on a computer in office

GDPR

Data protection

You deal with sensitive data every day, so our highest priority is protecting it.

GDPR

Personal data you handle, including that of children & families, is safe, encrypted, and processed in line with GDPR regulations.

Data processing agreement

Our DPA applies to personal data on the Famly platform. You are the data controller, and we act on your behalf as the data processor.
Read data processing agreement

"While you dedicate your time to the children, we’re busy ensuring your data stays secure and encrypted.”

Jan-Erik Revsbech, CTO of Famly

Jan-Erik Revsbech,
Chief Technical Officer

Compliance

Safeguarding

Safeguarding your data is essential to how we operate. We have strong security and organizational safeguards in place, and actively perform controls to ensure our operations align with these measures.

Security audits

In line with the regular controls to ensure safeguarding measures are intact, these controls are also audited by independent external professionals. Please see our audits & certifications section below for more details.

Data centers

The Famly platform is hosted in an Amazon Web Services (AWS) data center in Frankfurt, Germany. AWS is used by several government bodies, and therefore goes through stringent compliance checks.

We back up your data in a separate data center, located in Switzerland, and do both incremental and daily full backups.

All the small details

Frequently asked questions

Female character catching money-birds
Are Famly’s operations compliant with GDPR, UK GDPR, or other relevant data protection regulations?

Yes, we are compliant with the GDPR, UK GDPR and the Swiss new Federal Act on Data Protection (nFADP). Our Data Processing Agreement (DPA) automatically forms part of the Terms and Conditions for the Famly platform services, so there’s nothing extra you need to sign. We’ve put strong technical and organizational measures in place - outlined in the DPA - to make sure your data stays safe and protected at all times.

Can I control who has access to specific data on the Famly Platform? 

Yes, the Famly platform is built with GDPR in mind, following core principles like privacy by design and by default. This means you have control over who can access what data within your organization. You can assign different roles and permissions to staff members, ensuring that each user only sees the information that’s relevant to their role. This helps safeguard sensitive personal data making sure it’s only visible to those who truly need it.

What sub-processors do Famly use, and where are they located?

Famly works with a selected group of trusted sub-processor to help deliver the Famly platform and services. You can find the full list, along with where they’re located, in the appendix of our Data Processing Agreement. Each sub-processor is carefully vetted for security, compliance, and data processing practices before engagement. We also have data processing agreements in place with all our sub-processors, ensuring they are bound by the same core GDPR obligations that apply to our agreement with you.

How is data on the Famly Platform stored and encrypted (in transit and at rest)?

All data is stored encrypted at rest and in transit. Data at rest is encrypted using AES-256, and for data in transit we use TLS1.2 or later to protect the data.

When data is transferred - for example, from the US to our data center in Frankfurt, Germany, or to other approved sub-processors - it remains fully encrypted and protected throughout the journey. You can trust that your data is handled with the highest security standards every step of the way and in accordance with the GDPR.

How long do Famly retain the data stored on the Famly Platform, and how is it securely deleted?

Staff users with adequate permission can delete data from the Famly Platform at any time to comply with your organization’s internal data retention policies. In the event of service termination, all customer data stored on the Famly platform will be securely, permanently and irreversibly deleted within 60 days of termination. We follow industry practices for data deletion, using secure methods that deleted data cannot be recovered or reconstructed. For more detailed information on specific data retention periods, please refer to our Data Processing Agreement (DPA).

What happens to the data if I terminate my contract with Famly? 

Before your access to the Famly Platform ends, you’ll need to export any data you wish to keep. After your access is deactivated, your organization's data will be securely deleted within the next 60 days. After that, it will be permanently deleted and can no longer be recovered.