Famerlo handles the most personal information a family has — your children's schedules, school messages, medical appointments, the rhythm of your week. We take that seriously. This page lists, in plain language, what we do to keep that data safe.
These are the same guarantees you see in the in-app green shield in the top-right corner of Famerlo.app, and on the badge during sign-up. If you ever want to confirm the live state, click the shield — it pulls from the same source you're reading here.
Stored in Sweden
Your family's data lives on Microsoft Azure servers in Sweden Central — a Microsoft data region physically located in Sweden, inside the European Union. Your data never leaves the EU.
Encrypted at rest
Every family's data is encrypted with AES-256-GCM — the same family of bank-grade symmetric encryption used by online banking, secure messaging, and modern operating systems.
Each family gets its own encryption key. One family's key cannot open another family's data — the family identifier is cryptographically bound into every encrypted file (a technique called Additional Authenticated Data, or AAD).
Each family's key is itself encrypted with a master key held in a hardware-protected vault (Azure Key Vault, using RSA-OAEP-256 with an RSA-2048 master). Even Famerlo's own engineers cannot read your data without going through the vault, and every vault access is logged.
On top of that, Microsoft Azure applies its own platform-level encryption at rest — so your data is effectively encrypted twice.
Encrypted in transit
All communication between your browser and Famerlo is encrypted using TLS 1.2 or newer (HTTPS). The browser-to-server connection has HSTS enabled with a one-year duration, so even an accidental "http://" link is upgraded to a secure connection automatically.
AI processing stays inside the EU
When you chat with Famerlo, the AI runs on AWS Bedrock using an EU-only cross-region inference profile. This means the request and response are routed exclusively through an EU-only set of AWS regions — never through US or APAC.
The backend refuses to start if it's configured with anything other than an EU-only profile. The in-app shield turns yellow if it ever detects a non-EU setting, so you'd see a problem immediately rather than silently.
Your conversations are not used to train AI models. Famerlo uses a dedicated enterprise inference service with data-isolation guarantees.
No passwords stored
Famerlo signs you in with a magic link sent to your email — there is no password to remember, and there is no password for us to store. We could not leak your password in a breach because we don't have one.
Your session is then carried by a short-lived signed token (a JWT signed with HMAC-SHA256) that expires on its own short-lived schedule. When you sign out, your browser discards the token; in either case you'll be asked to sign in again on next use.
Your family's data is yours
Each Famerlo family lives in its own cryptographic silo. Even if a sophisticated attacker tampered with a family's encryption key inside our infrastructure, the AAD binding means that key still couldn't decrypt another family's data — the math simply doesn't allow it.
Only people you invite into your Famerlo family can see your family's data. Famerlo does not sell, share, or use your data for advertising. For the full picture, see our Privacy Policy.
Questions or concerns?
Security is a conversation, not a checklist. If you have a question, a concern, or a finding you'd like to report, please reach out: