Privacy Policy
GDPR-compliant privacy policy for famstory
Data Controller
Operator: Gerrit Mädge
Address: Alpenstraße 77, 87509 Immenstadt, Germany
Email: support@famstory.app
End-to-End Encryption
Important: famstory uses client-side, end-to-end encryption to protect your family tree data.
This means your data is encrypted before it leaves your device, and only you can decrypt it using your password.
We cannot read your family tree data, even if we wanted to. Your encryption keys are derived from your password and never transmitted to our servers.
Data Collection
We collect the following data:
- Account information (email address, encrypted authentication tokens)
- Encrypted family tree data (encrypted on your device before transmission)
- Usage analytics (anonymized, for service improvement)
- Payment information (processed securely through Stripe)
Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request deletion of your data
- Data portability
- Object to processing
To exercise these rights, contact us at support@famstory.app.
Data Security
We implement industry-standard security measures:
- HTTPS encryption for all data transmission
- Client-side encryption for family tree data
- Secure password hashing (never stored in plain text)
- Regular security audits and updates
Third-Party Services
We use the following third-party services:
- Supabase: Authentication and database hosting
- Stripe: Payment processing (see Stripe Privacy Policy)
Contact
For privacy-related inquiries, contact us at: support@famstory.app
Last updated: March 1, 2026