Privacy Policy
Last updated: June 2026
1. Controller
Max Bauer (sole trader)
Freiherr-vom-Stein-Str. 4
59558 Lippstadt
Email: info@famprio.com
2. Purposes and legal bases of processing
- Performance of contract (Art. 6(1)(b) GDPR): Providing the app features (calendar, tasks, chat, budget, recipes, documents, gallery and more) and managing family accounts and members.
- Authentication and session security (Art. 6(1)(f) GDPR): Strictly necessary session cookies for secure sign-in.
- Payment processing (Art. 6(1)(b) GDPR): Processing of payment data via Stripe Payments Europe Ltd., Dublin (Ireland) for web payments, or via Apple (in-app purchase on iOS) or Google (Google Play Billing, Android) for purchases through the app stores, once payments are activated.
- Product analysis and performance measurement (Art. 6(1)(f) GDPR): Anonymized usage statistics via Vercel Web Analytics and Vercel Speed Insights (both cookie-free, no personal data, no cross-site tracking). We collect only page views per route and technical performance metrics (loading times, Core Web Vitals).
- Adults-only community 18+ (Art. 6(1)(f) GDPR): Operation of a closed community area exclusively for adults. Age verification via the parent account; children and teenagers are excluded by the system.
- Location sharing (Art. 6(1)(a) GDPR): Only with the explicit consent given on your device. No storage without active consent.
- Map display (Art. 6(1)(f) GDPR): When you open a map feature, maps are loaded via MapTiler; in doing so, technically necessary connection data (e.g. IP address) is transmitted to the tile server.
- Push notifications (Art. 6(1)(a)/(b) GDPR): If enabled, we send reminders (e.g. for events and tasks). Delivery is handled technically by the push service of your browser or device manufacturer (e.g. Google, Apple, Mozilla); only an anonymous push endpoint is processed.
- Error and stability monitoring (Art. 6(1)(f) GDPR): If enabled, we use Sentry to detect technical errors (cookies, auth headers and text are masked in the process) in order to improve the app's stability.
- Self-promotion on the Free plan (Art. 6 Abs. 1 lit. f DSGVO, legitimate interest): On the free plan we show only references to our own paid features (currently the Plus plan). These are our own product references with no involvement of third parties: no advertising partners, no sharing of data, no additional data processing, no profiling, no behavioural targeting, no cross-site tracking. No third-party advertising takes place. Plus users receive the service free of such references.
3. Storage location and servers
All personal data is processed and stored exclusively on servers in the European Union. The database server is located in Frankfurt am Main, Germany (provider: Neon, Inc., EU region). Hosting is provided by Vercel Inc. (EU edge network).
4. Processors
We work with the following service providers, with whom data processing agreements (DPAs) under Art. 28 GDPR have been concluded:
- Vercel Inc. (USA, Frankfurt edge) – hosting of the web application. Standard contractual clauses in place.
- Neon, Inc. (USA, Frankfurt) – PostgreSQL database in the EU region
eu-central-1. Standard contractual clauses in place. - Cloudflare, Inc. (USA, EU region) – object storage (R2) for file uploads (images, documents, audio, video). Storage location EU. Standard contractual clauses in place.
- Resend, Inc. (USA) – transactional emails (welcome, password reset, invitation and notification emails). Standard contractual clauses in place.
- Zoho Corporation (India, EU data centre) – inbound email mailbox info@famprio.com.
- Stripe Payments Europe Ltd. (Ireland, EU) – payment processing, if a Plus plan is booked. Processed exclusively for payment purposes.
- Apple Distribution International Ltd. (Ireland, EU) – handling of in-app purchases on iOS via the Apple account.
- Google Ireland Ltd. (Ireland, EU) – handling of in-app purchases on Android via Google Play Billing.
- MapTiler AG (Switzerland) – map display, if a map feature is used. For Switzerland there is an adequacy decision by the EU Commission (Art. 45 GDPR); no additional safeguard is required.
- Functional Software, Inc. (Sentry) (USA) – optional error and stability monitoring, active only if monitoring is configured. Transfer to the USA on the basis of EU standard contractual clauses.
No personal data is shared with third parties for profiling or personalised advertising. On the Free plan we show only our own product references to our paid plans (see Section 2 above) — with no involvement of third parties, no advertising partners and no cookies. A complete list of technical and organisational measures (TOMs) and a record of processing activities under Art. 30 DSGVO are available on request.
5. Cookies
This website uses only strictly necessary cookies (session cookies for sign-in). These cookies are required to operate the service and cannot be disabled. They are deleted automatically at the end of the session, or after 7 days at the latest.
Vercel Web Analytics and Vercel Speed Insights both work without cookies and collect no personal data. They measure only aggregated page views per route and technical performance metrics (Core Web Vitals: LCP, INP, CLS, TTFB). No consent is therefore required.
The self-promotion on the Free plan (see Section 2) is shown without cookies and without tracking pixels. Plus users see no such references.
6. Retention period
We store personal data only for as long as it is needed for the respective purpose. After an account is deleted, all associated data is fully removed within 30 days. Backups are rotated after 30 days at the latest.
Data relevant for tax purposes (invoices, payment records) is retained for 10 years in accordance with § 147 of the German Fiscal Code (AO).
7. Your rights
You have the right at any time to:
- Access to the data we hold about you (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data ("right to be forgotten", Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent given, with effect for the future (Art. 7(3) GDPR)
To exercise your rights, contact us at: info@famprio.com
Self-service: You can trigger data export (Art. 20) and account deletion (Art. 17) yourself directly in the "My data" area. Account deletion comes with a 30-day grace period during which you can cancel the process at any time. Family owners must first hand over the owner role so the family is not left without a main person.
Notwithstanding this, you have the right to lodge a complaint with the competent data protection supervisory authority. In North Rhine-Westphalia (NRW) this is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW).
8. Children's rights, youth protection and parental authority
FamPrio is aimed at families and allows legal guardians to invite children as family members. For children under 16, Art. 8 GDPR applies: processing personal data requires the explicit consent of the legal guardian.
Anyone who invites a minor child actively confirms during the invitation process that they hold parental authority (parental care under § 1626 ff. of the German Civil Code (BGB) or equivalent authority) for the child. This confirmation counts as data protection consent under Art. 8 GDPR. Persons without parental authority may only invite minors with the prior written consent of the legal guardian.
The adults-only community is accessible exclusively to people aged 18 and over. The system prevents minors from entering community areas or creating content there.
9. Changes to this privacy policy
We reserve the right to adjust this privacy policy as needed. The current version is always available at famprio.com/datenschutz. In the case of significant changes, registered users will be informed by email.