Famiqo Privacy Policy
Effective date: pending publication Operated by: Fold and Flock LLC (“Famiqo,” “we,” “us”) Contact: privacy@famiqo.com
The short version
Famiqo is a private, parent-governed “family brain” — chat, a family wiki, schedules, and an always-available AI steward named Iqo. We built it privacy-first:
- Your family’s data is yours. We don’t sell it, rent it, or use it to target ads. There are no ads.
- We pseudonymize before AI sees it. Before any of your content is sent to a third-party AI model (for reasoning or for search indexing), we replace your family’s names and personal identifiers with stable stand-ins. The AI models we use receive the pseudonymized text, not your real identities.
- Voice stays inside our systems. Speech-to-text and Iqo’s spoken replies are processed on our own servers — your voice audio and Iqo’s reply text are not sent to a third-party voice provider, and raw audio is not retained after it is transcribed.
- Parents are in control. A family administrator governs the account, members, children’s visibility, and what Iqo is allowed to do. High-impact actions are proposed for approval, never applied silently.
The sections below give the full detail.
1. Who this policy covers
Famiqo is a family account product. A parent or guardian creates the family, becomes its administrator (admin), and adds household members — including children — and any external contacts. This policy applies to everyone who uses a Famiqo family account and to the information the family puts into Famiqo.
If you are a child, please use Famiqo only with your parent’s or guardian’s permission and supervision. See Section 8 — Children’s privacy.
2. Information we collect
a. Account information. When an admin creates a family, we collect the admin’s email address and password (managed by our authentication provider), the family name, and member profiles the admin enters (name, role, color, and optionally birthdate, email, or phone for contacts and members).
b. Family content you create. Chat messages, wiki pages and notes, tasks and events (“Steps”), people and place records, focus-window summaries, uploaded files and images, and content you forward by email (see (d)).
c. Voice interactions. When you talk to Iqo, your microphone audio is transcribed to text. The text becomes part of the conversation (treated like a chat message). Raw audio is not stored after transcription.
d. Email you forward to Famiqo. Each family can receive email at an address on our domain. Forwarded messages and their attachments are ingested into your family’s wiki. We store the processed (pseudonymized) content and may retain the original message in cold storage subject to your family’s retention settings.
e. Usage and operational data. We record limited operational telemetry — e.g. counts and token/character usage of AI calls (to enforce family budgets and estimate cost), error logs, and standard server logs (IP address, timestamps, user agent) needed to run and secure the service.
f. Location data. If you add addresses (e.g. for a place or a scheduled event), we may send that address to a mapping provider to compute travel times or coordinates. See the subprocessor table in Section 6.
We do not collect device contacts, browsing history outside the app, or advertising identifiers, and we do not use tracking cookies for advertising.
3. How Famiqo’s privacy pipeline works (what makes us different)
This is the core of how we protect your family, so we describe it plainly:
- Pseudonymization before storage, indexing, or AI. Before your content is embedded for search or sent to an AI model, a privacy step replaces personal identifiers (family members’ names and nicknames, and similar personal details) with stable, fake stand-ins. The mapping between a real value and its stand-in is stored encrypted (AES-256-GCM, with a separate key per family). Reasoning AI models and the search-indexing model receive the pseudonymized text.
- Admin transparency. A family admin can review the family’s stand-in map at any time in Settings — what is masked, the fake used for each value — and can edit or forget any stand-in. A best-effort activity log records when new values are masked and when real values are shown back to a member.
- Self-hosted voice. Speech-to-text and text-to-speech run on servers we operate (within our infrastructure), so your voice audio and Iqo’s spoken replies are not handed to a third-party voice service.
- Encryption. Data is encrypted in transit (TLS) and at rest (by our database and storage providers); the real-value mappings are additionally encrypted by us as described above.
Honest limits. Pseudonymization reduces, but cannot perfectly guarantee the removal of, every identifying detail in free-form content you write. Address data sent for travel-time/geocoding is sent as entered. AI models can make mistakes. We describe AI limitations in Section 6 and in our Terms.
4. How we use information
We use your information to:
- provide the service — store and display your family’s content, run chat and Iqo, schedule Steps, deliver digests, and power family-private search;
- let Iqo assist your family (with pseudonymized content as described above);
- enforce per-family usage budgets and estimate operating cost;
- secure the service, prevent abuse, debug, and maintain reliability;
- communicate with you about the service (e.g. the daily digest you enable, or important account/security notices).
We do not sell your personal information, and we do not use your family’s content to train third-party AI models (we use AI provider APIs under terms that do not train on submitted data). There is no advertising in Famiqo.
5. The propose-approve-apply model
Iqo proposes high-impact changes (calendar changes, wiki edits, adding a contact, running a skill) to your family’s inbox with a rationale; a member with permission must approve before anything is applied, and an audit record is kept. Iqo’s outputs are suggestions, not professional advice. See the Terms.
6. AI processing and service providers (subprocessors)
To run Famiqo we use the third-party providers below. Where a provider receives family content for AI processing, it receives pseudonymized text as described in Section 3 (or, for self-hosted components, the data is processed on our own servers and not shared with the provider as a data consumer).
| Provider | Purpose | What it receives |
|---|---|---|
| Supabase | Database, authentication, file storage, realtime | Account data and family content (stored; encrypted at rest); auth credentials |
| Vercel | Web application hosting | Standard request/server logs |
| Fly.io | Hosts our self-operated services (document conversion, speech-to-text, text-to-speech) | Family content/audio processed on our containers; not used by Fly as a data consumer |
| Cloudflare | DNS, inbound email routing, cold object storage (R2) | Inbound family email; archived raw email/attachments |
| Resend | Sending digest and notification emails | Recipient email + the email content we send |
| xAI (Grok) | AI reasoning for Iqo | Pseudonymized conversation/context text |
| Google Cloud / Vertex AI (Gemini) | AI reasoning / long-context and batch jobs | Pseudonymized content text |
| OpenAI | Text embeddings for family-private search | Pseudonymized (redacted) text only |
| Google Maps Platform | Travel-time / geocoding for places & events | Addresses you enter (as entered) |
Not in use at launch (will update this policy before enabling): group-voice infrastructure (LiveKit), optional phone-call voice (Twilio), and payment processing (Stripe) for any future paid plans.
We sign data-processing terms with providers where applicable and choose providers whose API terms do not train on submitted data.
7. Data sharing and disclosure
We share information only: (a) with the subprocessors above, to run the service; (b) when you direct us to (e.g. inviting a member, or content you choose to share); © if required by law or to protect rights, safety, and the integrity of the service; or (d) in connection with a business transfer, with notice and continued protection under this policy. We never sell your personal information.
8. Children’s privacy (parental consent and control)
Famiqo is designed for households that include children, and a parent/guardian admin operates the account on the family’s behalf.
- Parental consent. By adding a child to the family or letting a child use Famiqo, the admin (the parent/guardian) consents on the child’s behalf to the collection and use of that child’s information as described in this policy. We rely on the family admin to be a parent or legal guardian with authority to consent for the children in the household.
- Parental control and access. The admin can view, edit, restrict visibility of, export, and delete a child’s information and content, and governs what Iqo may do.
- Data minimization for children. We collect only what’s needed to provide the family service. We do not show advertising to children, do not build advertising profiles, and do not sell children’s information.
- No public exposure. Family content is private to the family by default; there is no public profile, feed, or social discovery.
- Revoking consent / deletion. A parent/guardian may review or delete a child’s information at any time, or contact us at privacy@famiqo.com to request deletion. See Section 9.
If you believe a child has provided us information without the required parental consent, contact privacy@famiqo.com and we will delete it.
9. Data retention and deletion
- We keep your family’s content while your account is active.
- Voice: raw audio is not retained after transcription.
- Email ingestion: processed content follows your family’s retention settings; archived originals follow your auto-delete rules.
- Operational records: transient processing queues and internal job logs are pruned on a rolling basis (e.g. processed queue items after ~7 days; internal run logs after ~90 days).
- Account deletion: an admin can request deletion of the family account and its content. On deletion we remove your content from active systems and schedule removal from backups within our providers’ backup-retention windows. Some records may be retained where required by law.
Request access, export, or deletion at privacy@famiqo.com.
10. Security
We use TLS in transit and encryption at rest, per-family encryption of the real-value pseudonym map, row-level access controls so a family’s data is isolated to that family, and least-privilege access for operators. No system is perfectly secure; we cannot guarantee absolute security, but we work to protect your information and will notify you of a breach as required by law.
11. Your rights and choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. Admins can exercise most of these directly in the app (member management, the pseudonym-map review, content editing/deletion, digest settings). For anything else, contact privacy@famiqo.com. We will not discriminate against you for exercising your rights.
12. Where your data is processed
Famiqo’s providers process and store data primarily in the United States. If you use Famiqo from outside that region, you consent to processing there.
13. Changes to this policy
We may update this policy. For material changes we will notify the family admin (e.g. by email or in-app) before they take effect. The “Effective date” above reflects the current version.
14. Contact
Questions or requests: privacy@famiqo.com · Fold and Flock LLC