Privacy Policy
Last updated: July 7, 2026 — Version 2.1
1. Who we are
Familink is a family gazette platform operated from Israel. We provide a service allowing families to send a monthly printed gazette made up of photos and messages contributed by their members.
2. Data collected
- Account: email, first name, last name, password (hashed), preferred language, phone (optional), date of birth (optional), profile picture (optional).
- Family: family name, members, print recipients (with postal addresses for shipping).
- Content: uploaded photos, captions, contributions to the pot.
- Payment: handled by Nedarim Plus. We do not store any card data; Nedarim Plus keeps a secure payment method on file for your monthly subscription charge.
- Technical: IP address (hashed for audit), user agent, Expo push token (for notifications), app version.
- Error logs: automatic crash capture via Sentry (PII stripped: email, tokens, Authorization/Cookie headers).
- Analytics (V2 mobile, implicit opt-in with app usage): 8 funnel events (signup, first photo, payment) with anonymized user ID (SHA-256 hash), hosted on our infrastructure (PostHog self-host).
- Website analytics (Google Analytics, explicit opt-in via the cookie banner): page views and anonymized traffic statistics. Only runs after your consent; you can refuse it without any impact on using the site.
3. Sub-processors
We use the following sub-processors to provide the service. No data is transferred to third parties for advertising purposes.
- Railway (USA — adequacy decision SCC): API and database hosting.
- Cloudflare R2 (USA — SCC): photo storage.
- Resend (USA — SCC): transactional email delivery.
- Nedarim Plus (Israel — adequacy decision): payment processing.
- Google Analytics (Google Ireland Ltd. — SCC): website traffic statistics, only if you accepted the cookie banner.
- Sentry (USA — SCC): error and crash capture (PII stripped).
- Apple Push Notification Service (USA — SCC) and Firebase Cloud Messaging (USA — SCC): push notification transit. Push tokens are anonymous (they contain neither email nor name).
- Local Israeli printer: printing and shipping of paper gazettes (recipient name + postal address only, no other data).
4. Your rights (GDPR)
- Access and portability (art. 15 + 20): from your mobile profile, "Export my data" section → complete JSON of your account.
- Erasure (art. 17): from your mobile profile, "Delete my account". 30-day grace period for cancellation. After 30 days, irreversible anonymization.
- Rectification (art. 16): edit your profile in the application.
- Objection / restriction (art. 21 + 18): contact support@familink.co.il.
5. Security
- Mandatory TLS 1.3 encryption (HTTPS everywhere, strict iOS ATS).
- Passwords stored with bcrypt cost 12. Auth tokens in HttpOnly cookies on the web side, in Keychain/Keystore on the mobile side (never in localStorage or insecure AsyncStorage).
- Minimal anonymized audit log for sensitive actions (account deletion, admin action).
- Rate limiting and brute-force protection on authentication (5 attempts = 30 min lock).
6. Contact
For any question about your personal data: dpo@familink.co.il.
You have the right to lodge a complaint with the competent supervisory authority (CNIL in France, Privacy Protection Authority in Israel).