Skip to main content

Privacy Policy

Last updated: July 7, 2026 — Version 2.1

1. Who we are

Familink is a family gazette platform operated from Israel. We provide a service allowing families to send a monthly printed gazette made up of photos and messages contributed by their members.

2. Data collected

  • Account: email, first name, last name, password (hashed), preferred language, phone (optional), date of birth (optional), profile picture (optional).
  • Family: family name, members, print recipients (with postal addresses for shipping).
  • Content: uploaded photos, captions, contributions to the pot.
  • Payment: handled by Nedarim Plus. We do not store any card data; Nedarim Plus keeps a secure payment method on file for your monthly subscription charge.
  • Technical: IP address (hashed for audit), user agent, Expo push token (for notifications), app version.
  • Error logs: automatic crash capture via Sentry (PII stripped: email, tokens, Authorization/Cookie headers).
  • Analytics (V2 mobile, implicit opt-in with app usage): 8 funnel events (signup, first photo, payment) with anonymized user ID (SHA-256 hash), hosted on our infrastructure (PostHog self-host).
  • Website analytics (Google Analytics, explicit opt-in via the cookie banner): page views and anonymized traffic statistics. Only runs after your consent; you can refuse it without any impact on using the site.

3. Sub-processors

We use the following sub-processors to provide the service. No data is transferred to third parties for advertising purposes.

  • Railway (USA — adequacy decision SCC): API and database hosting.
  • Cloudflare R2 (USA — SCC): photo storage.
  • Resend (USA — SCC): transactional email delivery.
  • Nedarim Plus (Israel — adequacy decision): payment processing.
  • Google Analytics (Google Ireland Ltd. — SCC): website traffic statistics, only if you accepted the cookie banner.
  • Sentry (USA — SCC): error and crash capture (PII stripped).
  • Apple Push Notification Service (USA — SCC) and Firebase Cloud Messaging (USA — SCC): push notification transit. Push tokens are anonymous (they contain neither email nor name).
  • Local Israeli printer: printing and shipping of paper gazettes (recipient name + postal address only, no other data).

4. Your rights (GDPR)

  • Access and portability (art. 15 + 20): from your mobile profile, "Export my data" section → complete JSON of your account.
  • Erasure (art. 17): from your mobile profile, "Delete my account". 30-day grace period for cancellation. After 30 days, irreversible anonymization.
  • Rectification (art. 16): edit your profile in the application.
  • Objection / restriction (art. 21 + 18): contact support@familink.co.il.

5. Security

  • Mandatory TLS 1.3 encryption (HTTPS everywhere, strict iOS ATS).
  • Passwords stored with bcrypt cost 12. Auth tokens in HttpOnly cookies on the web side, in Keychain/Keystore on the mobile side (never in localStorage or insecure AsyncStorage).
  • Minimal anonymized audit log for sensitive actions (account deletion, admin action).
  • Rate limiting and brute-force protection on authentication (5 attempts = 30 min lock).

6. Contact

For any question about your personal data: dpo@familink.co.il.

You have the right to lodge a complaint with the competent supervisory authority (CNIL in France, Privacy Protection Authority in Israel).