Our Security Commitment
At FamilyNest, your trust is our foundation. We treat family data with the highest level of care, implementing defense-in-depth strategies to safeguard personal information, financial details, and children's data.
Core Principles
- Privacy by Design & Default
- Zero-Knowledge Architecture
- Continuous Vulnerability Testing
- Transparent Data Handling
- Parent-First Access Controls
Infrastructure & Encryption
Our systems are built on globally distributed, certified infrastructure with multiple layers of protection. Every piece of data is encrypted in transit and at rest.
- TLS 1.3 Encryption: All data transmitted between your device and our servers uses end-to-end encryption.
- AES-256 At Rest: Databases, backups, and media files are encrypted using military-grade standards.
- Isolated Environments: Production, staging, and development systems are strictly segmented.
- Multi-Factor Authentication (MFA): Mandatory for all staff accessing user data or infrastructure.
Compliance & Certifications
We adhere to global data protection standards and undergo regular third-party audits to ensure compliance.
GDPR Compliant
Full compliance with EU General Data Protection Regulation standards.
COPPA Certified
Strict adherence to Children's Online Privacy Protection Act.
SOC 2 Type II
Annually audited for security, availability, and confidentiality.
CCPA Ready
California Consumer Privacy Act compliance for US residents.
Children's Privacy & Safeguards
We take extra precautions when handling data involving minors. FamilyNest never collects personal information from children under 13 without verifiable parental consent.
We use secure, multi-step verification methods including email confirmation with time-sensitive tokens, optional ID verification for sensitive features, and strict age-gating protocols. Parents maintain full control over their child's digital footprint.
We only collect essential data required for functionality: first name, birth month/year, and activity preferences. We never collect location data, social profiles, or biometric information from minors. All child accounts are linked to a parent's verified master account.
Absolutely. Parents can request immediate deletion of any child-related data through the Family Dashboard or by contacting our privacy team. All associated backups are purged within 30 days per our retention policy.
Your Data Rights & Controls
You maintain full ownership and control over your family's information. We provide transparent tools to manage, export, or delete your data at any time.
Available Rights:
- π₯ Export: Download all your data in JSON/CSV format.
- ποΈ Delete: Permanently remove your account and associated records.
- π Access Controls: Manage team permissions, 2FA, and session limits.
- π Correction: Update inaccurate personal information instantly.
- π« Opt-Out: Disable analytics, marketing communications, or data sharing.
All requests are processed within 30 days. No automated decision-making or profiling is used for account management.
Incident Response & Transparency
We maintain a 24/7 Security Operations Center (SOC) and follow a strict incident response playbook aligned with NIST and ISO 27001 standards.
What happens if a security event occurs?
- Immediate containment & forensic analysis
- 72-hour user notification window (GDPR/CCPA compliant)
- Public status page updates & post-incident reports
- Free credit monitoring for affected users if applicable
We also maintain a Responsible Disclosure Program. If you discover a vulnerability, please report it securely through our dedicated channel below.
Security & Privacy Inquiries
Have questions about our security practices, need to submit a data request, or want to report a vulnerability?