Privacy Policy
Last Updated: April 4, 2026
Introduction
Familoop ("we," "our," or "us") provides a secure messaging application for families. This Privacy Policy explains how we collect, use, and protect information when you use our mobile application.
Information We Collect
From Parent Accounts
| Information | Purpose |
|---|---|
| Device identifier | Message routing and authentication |
| Public encryption key | End-to-end encryption |
| Push notification token | Message delivery alerts |
| Purchase receipt | Parental consent verification |
Note: Familoop uses device-based authentication. No email address or password is collected.
From Child Devices
| Information | Purpose |
|---|---|
| Device identifier | Message routing |
| Public encryption key | End-to-end encryption |
| Push notification token | Message delivery alerts |
Information We Do NOT Collect
- Names (stored locally on parent device only)
- Email addresses
- Passwords
- Phone numbers
- Location data
- Photos or message content (encrypted; we cannot access)
- Contacts
- Browsing history
- Biometric data
Message Encryption
All messages are encrypted end-to-end using XChaCha20-Poly1305 encryption. This means:
- Messages are encrypted on your device before transmission
- Our servers only see encrypted data
- We cannot read your messages
- Only family members with the encryption keys can read messages
How We Use Information
We use collected information solely to:
- Provide the messaging service
- Route encrypted messages between family devices
- Send push notifications for new messages
- Verify parental consent via purchase receipts
- Comply with legal obligations
We do NOT use information for:
- Advertising
- Profiling or behavioral tracking
- Sale to third parties
- Any purpose other than providing the service
Children's Privacy (COPPA Compliance)
Familoop is intended for use by families with children under the age of 13. We comply with the U.S. Children's Online Privacy Protection Act (COPPA), including the amendments finalized in April 2025.
Parental Consent Requirement
We do not permit children to create accounts. A parent or legal guardian must first create and activate a Familoop account by completing a paid subscription via the App Store or Google Play. This monetary transaction — which generates a charge notification to the account holder — serves as verifiable parental consent under 16 CFR §312.5(b)(2).
Only after this consent is obtained and verified may a parent link a child's device to their family account using our QR-code pairing system.
We do not share children's personal information with any third party for purposes that are not integral to providing the messaging service. Therefore, no separate consent is required under §312.5(a)(2).
Information We Collect from Children's Devices
We collect only the following information from a child's device:
- An app-generated device identifier (UUID)
- A cryptographic public key for message encryption
- A push notification token for message delivery
Our infrastructure (Amazon Web Services and Neon) may transiently process IP addresses and device identifiers in server logs as part of normal operations. AWS CloudWatch logs are automatically deleted within 24 hours and are not used for any purpose other than operational debugging.
Information We Do NOT Collect from Children
- Child's name or display name (stored only on parent's device)
- Email address
- Phone number
- Date of birth or age
- Location data
- Photos or media (messages are end-to-end encrypted; we cannot access content)
- Contacts
- Browsing history
- Biometric data or biometric identifiers
How We Use Children's Information
Children's device information is used solely for:
- Routing encrypted messages within the family
- Delivering push notifications when new messages arrive
We do not use children's information for advertising, profiling, or any purpose other than providing the messaging service.
Data Retention Policy
We retain children's personal information only as long as reasonably necessary to provide the messaging service:
- Device records (UUID, public key, push token): Retained only while the device is linked to a family. Deleted when a parent removes the device or deletes the family account.
- Infrastructure logs (IP addresses, request metadata): Automatically deleted within 24 hours.
- Encrypted message queue: Messages pending delivery are deleted within 7 days or upon delivery, whichever is first.
- Database backups: Managed by Neon (encrypted at rest, point-in-time recovery).
- Consent records: Retained for 7 years after account deletion as required by law.
- Message content: Stored only on family members' devices, never retained on our servers in decrypted form.
Parental Rights
Parents may at any time:
- Review the information associated with their child's device
- Delete their child's device from the family (device data deleted immediately)
- Delete the entire family account (all data deleted within 24 hours, except consent records retained for legal purposes)
- Request a copy of all server-stored data (JSON export)
To exercise these rights, use the Settings menu in the Familoop app or contact us at privacy@familoop.app.
Data Security
We maintain a written information security program to protect children's personal information. All messages are encrypted end-to-end using XChaCha20-Poly1305 authenticated encryption. Our servers cannot read message content. Device information is protected using TLS 1.3 encryption in transit and AES-256 encryption at rest. Encryption keys are stored in hardware-backed secure storage (iOS Keychain, Android Keystore).
Data Sharing
Service Providers
| Provider | Data Shared | Purpose | Location |
|---|---|---|---|
| Apple Inc. (App Store) | Purchase receipt | Payment verification | USA |
| Google LLC (Play Store) | Purchase receipt | Payment verification | USA |
| Amazon Web Services | Encrypted data, device tokens | Compute, API routing, push delivery | Australia (ap-southeast-2) |
| Neon Inc. | Device records, consent records | Database | Australia (ap-southeast-2) |
| Cloudflare Inc. | DNS queries | DNS resolution, website hosting | Global |
Legal Requirements
We may disclose information if required by law. However:
- We cannot provide message content (encrypted)
- We can only provide metadata (device IDs, timestamps)
Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until you delete your account |
| Device records | Until device is removed |
| Consent records | 7 years (legal requirement) |
| Infrastructure logs | 24 hours |
Your Rights
You have the right to:
- Access your data
- Delete your account and data
- Export your data
- Remove child devices at any time
Exercise these rights through Settings in the app or by contacting us.
Security
We protect your data using:
- TLS 1.3 encryption for all communications
- End-to-end encryption for all messages
- Secure key storage (iOS Keychain, Android Keystore)
- Regular security audits
Where We Store Your Data
Familoop is operated by Leyline Digital Pty Ltd, based in Australia. Your data is stored on Amazon Web Services (AWS) and Neon servers in Sydney, Australia (ap-southeast-2).
Limited data is transferred to the United States for:
- Purchase verification: Receipt data sent to Apple (USA) or Google (USA) to validate your subscription
- Push notifications: Device tokens sent to Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM) via Amazon SNS
These transfers are protected by the service providers' data processing agreements and, where applicable, Standard Contractual Clauses.
International Users
European Union (GDPR)
Our lawful bases for processing are:
- Contract: To provide the messaging service you purchased
- Consent: Parental consent for children's data (Article 8)
- Legal obligation: Retention of consent records
You have rights under GDPR including access, rectification, erasure, and data portability. To exercise these rights, use the Settings menu in the app or contact privacy@familoop.app.
Australia
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Your data is stored in Australia (AWS Sydney). For complaints, contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
United Kingdom
We comply with the UK Age Appropriate Design Code (AADC) and UK GDPR by minimizing data collection, using privacy-protective default settings, not profiling children, and not using nudge techniques.
Changes to This Policy
We will notify you of material changes via in-app notification and by updating this page. Continued use after changes constitutes acceptance.
Contact Us
Leyline Digital Pty Ltd
For privacy inquiries: privacy@familoop.app
For COPPA inquiries: coppa@familoop.app