Privacy Policy

Effective date: 4 May 2026 — Last updated: 4 May 2026

This is a starter privacy policy drafted for transparency. Before publication you must customise it with your legal entity name, processors, server locations, and compliance with laws that apply to you (for example GDPR, CCPA, or Turkey's KVKK where relevant), ideally with counsel.

Famora ("app", "we") respects the confidentiality of personal data describing your household. This policy summarises how we may collect and use data when you operate the Famora mobile app or related websites.

1. Controller & contact

For privacy enquiries, prefer in-product support tooling first. A sample web channel:

Famora
Email: privacy@familylocationtracker.com
Replace with a monitored inbox prior to launch.

2. Categories of personal data

The product mechanics may rely on:

• Account & identity: name, email, phone (depending on sign-in path).
• Location: coarse or precise coordinates when GPS / network fusion is authorised, arrivals, departures and safe-zone labels.
• Device & diagnostics: OS build, locale, anonymised crash traces.
• Communications: text you voluntarily send via support tooling.

If minors are represented in your circle, ensure parental authority or guardianship aligns with jurisdictional thresholds.

3. Purposes

• Operate shared map views consistent with invitations you approve.
• Deliver history timelines, automation around geofencing, and push notifications you configure.
• Maintain account security and investigate abuse.
• Meet legal retention or regulator obligations.
• Where allowed, aggregated analytics to roadmap improvements.

4. Lawful bases & retention

Processing rests on contractual necessity, legitimate interests balanced against your rights, or consent when required — especially around optional analytics. You can materially pause location ingestion by adjusting OS preferences. Data is erased or anonymised when the purpose expires unless law demands longer archiving.

5. Location sharing

Location artefacts may appear to other authorised members inside the same hub. Telemetry frequency depends on product settings plus OS power policies. Third-party basemaps or notification transports maintain their own policies.

6. Cookies & similar tech (site)

Static marketing pages might store lightweight preference tokens. Document each cookie's purpose in a layered notice if mandated in your geography.

7. Security safeguards

We target TLS for transport encryption, disciplined access provisioning, patching cadence for servers, and least-privilege credential handling. Still, no networked system can guarantee immunity from intrusion.

8. Your choices

Applicable statutes may guarantee access, rectification, portability, objection, deletion, or restriction rights. Reach out via the mailbox above — attaching enough detail for us to verify ownership without leaking data to spoofers.

9. Cross-border transfers

If infrastructure spans regions, disclose transfer mechanisms — Standard Contractual Clauses or adequacy findings are common scaffolding.

10. Updates

Material revisions should trigger in-product notices or email summaries. Tracking "last updated" at the top preserves auditability for regulators and reviewers.

11. Companion document

Service rules live in our Terms of Use.