Privacy Policy

Learn how we protect your family's data.

Privacy Policy

1. Data controller

The controller of your personal data is the developer of the famly app, MTBIZ Marcin Tymków, tax ID (NIP): 7471912158. Contact: hello@thefamly.app.

2. Data we collect

3. Purposes of processing

We process data to provide the app’s services: family data sync, notifications, budget and meal planning, and health management, and — for Firebase tools — to improve stability and usability (diagnostics, aggregated analytics). We do not sell personal data. The app does not show ads and we do not use external behavioural advertising profiling.

The basis for processing health data (section 2c) is your explicit, voluntary consent (Art. 9(2)(a) GDPR), given via an in-app prompt. Additionally, we protect this data with an uncompromising End-to-End Encryption standard.

4. Storage and Medical Encryption

Your account and family content are stored in Firebase (Google Cloud) on servers in the EU/USA. We use encryption in transit (TLS) and at rest. Only members of your family can access your family’s data.

Medical Data Protection (End-to-End Encryption): Health and medical data (e.g., entered medication names, infection details) are fully encrypted on your device (End-to-End Encryption) using universal cryptographic standards compatible with iOS and Android mobile systems (including AES-GCM encryption and HKDF-SHA256 key derivation). The encrypted data format (Base64) guarantees its security in our database regardless of the platform used. The encryption key is securely stored exclusively in the native, protected keystore on your device (e.g., iCloud Keychain or Android Keystore). A 6-digit family Medical PIN is used to share this data with other family members. Due to this standard, neither the famly team nor the employees of infrastructure providers (e.g., Google) have any technical capability to read your medical entries.

Data from Firebase Analytics and Crashlytics is processed by Google under those products’ terms and may use Google infrastructure worldwide. Data transfer to Google (USA) relies on Standard Contractual Clauses and Google’s Data Privacy Framework certification.

5. Local storage and offline queue

When you are offline, the app may temporarily store pending changes on your device (e.g. tasks, shopping, budget transactions) so they can be sent to Firebase when connectivity returns. This data is kept only in the app’s protected storage on your device (including operating system-level file protection — limited access while the device is locked); the relevant folder is excluded from general cloud backup. We do not use a separate queueing service — when you are back online, sync goes directly to Firebase, in line with sections 4 (storage) and 6 (sharing) of this policy.

6. Sharing

We share data only as needed to run the app: Google (Firebase — including Authentication, Firestore, Storage, Analytics, Crashlytics) as infrastructure and tooling provider, and push notification service providers (Apple/Google). Google processes technical and statistical data from Analytics and Crashlytics under Google’s policies and your Firebase project settings. We do not sell user lists to advertisers; the app does not include third‑party behavioural ads from us.

7. Your rights

8. Security and Crashlytics

We use Firebase Firestore security rules so users can only access their own family’s data. Passwords are handled by Firebase Authentication and are never stored in plain text.

The diagnostic tools (Crashlytics) we use to monitor app crashes have been rigorously configured so that they never collect or transmit logs containing content from medical fields entered by the user. We use them strictly to monitor the app's technical performance.

9. Changes to this policy

We will notify you of material changes via an in-app notice. The current version is always available in settings.

10. Contact

For privacy matters, email: hello@thefamly.app

Last updated: 31 March 2026