Skip to main content

Privacy Policy

Last updated: June 2026

1. Controller

Max Bauer (sole trader)
Freiherr-vom-Stein-Str. 4
59558 Lippstadt
Email: info@famprio.com

2. Purposes and legal bases of processing

  • Performance of contract (Art. 6(1)(b) GDPR): Providing the app features (calendar, tasks, chat, budget, recipes, documents, gallery and more) and managing family accounts and members.
  • Authentication and session security (Art. 6(1)(f) GDPR): Strictly necessary session cookies for secure sign-in.
  • Payment processing (Art. 6(1)(b) GDPR): Processing of payment data via Stripe Payments Europe Ltd., Dublin (Ireland) for web payments, or via Apple (in-app purchase on iOS) or Google (Google Play Billing, Android) for purchases through the app stores, once payments are activated.
  • Product analysis and performance measurement (Art. 6(1)(f) GDPR): Anonymized usage statistics via Vercel Web Analytics and Vercel Speed Insights (both cookie-free, no personal data, no cross-site tracking). We collect only page views per route and technical performance metrics (loading times, Core Web Vitals).
  • Adults-only community 18+ (Art. 6(1)(f) GDPR): Operation of a closed community area exclusively for adults. Age verification via the parent account; children and teenagers are excluded by the system.
  • Location sharing (Art. 6(1)(a) GDPR): Only with the explicit consent given on your device. No storage without active consent.
  • Map display (Art. 6(1)(f) GDPR): When you open a map feature, maps are loaded via MapTiler; in doing so, technically necessary connection data (e.g. IP address) is transmitted to the tile server.
  • Push notifications (Art. 6(1)(a)/(b) GDPR): If enabled, we send reminders (e.g. for events and tasks). Delivery is handled technically by the push service of your browser or device manufacturer (e.g. Google, Apple, Mozilla); only an anonymous push endpoint is processed.
  • Error and stability monitoring (Art. 6(1)(f) GDPR): If enabled, we use Sentry to detect technical errors (cookies, auth headers and text are masked in the process) in order to improve the app's stability.
  • Contextual advertising on the Free plan (Art. 6(1)(f) GDPR, legitimate interest): Funding the free offering through non-personalised, contextual advertising. There is no profiling, no behavioral targeting and no cross-site tracking. Premium users receive the service ad-free. As soon as the advertising integration goes live, the specific EU advertising partner will be added here.

3. Storage location and servers

All personal data is processed and stored exclusively on servers in the European Union. The database server is located in Frankfurt am Main, Germany (provider: Neon, Inc., EU region). Hosting is provided by Vercel Inc. (EU edge network).

4. Processors

We work with the following service providers, with whom data processing agreements (DPAs) under Art. 28 GDPR have been concluded:

  • Vercel Inc. (USA, Frankfurt edge) – hosting of the web application. Standard contractual clauses in place.
  • Neon, Inc. (USA, Frankfurt) – PostgreSQL database in the EU region eu-central-1. Standard contractual clauses in place.
  • Cloudflare, Inc. (USA, EU region) – object storage (R2) for file uploads (images, documents, audio, video). Storage location EU. Standard contractual clauses in place.
  • Resend, Inc. (USA) – transactional emails (welcome, password reset, invitation and notification emails). Standard contractual clauses in place.
  • Zoho Corporation (India, EU data centre) – inbound email mailbox info@famprio.com.
  • Stripe Payments Europe Ltd. (Ireland, EU) – payment processing, if a Premium plan is booked. Processed exclusively for payment purposes.
  • Apple Distribution International Ltd. (Ireland, EU) – handling of in-app purchases on iOS via the Apple account.
  • Google Ireland Ltd. (Ireland, EU) – handling of in-app purchases on Android via Google Play Billing.
  • MapTiler AG (Switzerland) – map display, if a map feature is used. For Switzerland there is an adequacy decision by the EU Commission (Art. 45 GDPR); no additional safeguard is required.
  • Functional Software, Inc. (Sentry) (USA) – optional error and stability monitoring, active only if monitoring is configured. Transfer to the USA on the basis of EU standard contractual clauses.

Personal data is not shared with third parties for profiling or personalised advertising. On the Free plan, contextual advertising may be shown via an EU advertising partner — this takes place without the transfer of personal data and without cookies (see Section 2 above). A complete list of technical and organizational measures (TOMs) and a record of processing activities under Art. 30 GDPR are available on request.

5. Cookies

This website uses only strictly necessary cookies (session cookies for sign-in). These cookies are required to operate the service and cannot be disabled. They are deleted automatically at the end of the session, or after 7 days at the latest.

Vercel Web Analytics and Vercel Speed Insights both work without cookies and collect no personal data. They measure only aggregated page views per route and technical performance metrics (Core Web Vitals: LCP, INP, CLS, TTFB). No consent is therefore required.

The contextual advertising on the Free plan (see Section 2) is shown without cookies and without tracking pixels. Premium users see no advertising.

6. Retention period

We store personal data only for as long as it is needed for the respective purpose. After an account is deleted, all associated data is fully removed within 30 days. Backups are rotated after 30 days at the latest.

Data relevant for tax purposes (invoices, payment records) is retained for 10 years in accordance with § 147 of the German Fiscal Code (AO).

7. Your rights

You have the right at any time to:

  • Access to the data we hold about you (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data ("right to be forgotten", Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of consent given, with effect for the future (Art. 7(3) GDPR)

To exercise your rights, contact us at: info@famprio.com

Self-service: You can trigger data export (Art. 20) and account deletion (Art. 17) yourself directly in the "My data" area. Account deletion comes with a 30-day grace period during which you can cancel the process at any time. Family owners must first hand over the owner role so the family is not left without a main person.

Notwithstanding this, you have the right to lodge a complaint with the competent data protection supervisory authority. In North Rhine-Westphalia (NRW) this is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).

8. Children's rights, youth protection and parental authority

FamPrio is aimed at families and allows legal guardians to invite children as family members. For children under 16, Art. 8 GDPR applies: processing personal data requires the explicit consent of the legal guardian.

Anyone who invites a minor child actively confirms during the invitation process that they hold parental authority (parental care under § 1626 ff. of the German Civil Code (BGB) or equivalent authority) for the child. This confirmation counts as data protection consent under Art. 8 GDPR. Persons without parental authority may only invite minors with the prior written consent of the legal guardian.

The adults-only community is accessible exclusively to people aged 18 and over. The system prevents minors from entering community areas or creating content there.

9. Changes to this privacy policy

We reserve the right to adjust this privacy policy as needed. The current version is always available at famprio.com/datenschutz. In the case of significant changes, registered users will be informed by email.