Legal

Privacy Policy

Last updated: June 21, 2026

Fam is a private iOS app for sharing photos with a small group. This page covers what we collect, why, and what you can do about it.

SMS verification. If you sign in with your phone number, we send one-time verification codes by text message to confirm it is yours. Message frequency varies (typically one code per sign-in attempt). Message and data rates may apply. Reply STOP to opt out of non-essential SMS, or HELP for help. See Section 5 for details.

1. Who we are

Fam is operated by Aether (“we,” “us,” or “our”) at fam.day. Fam lets authenticated users share photos, short videos, captions, comments, and reactions within a private circle (“Fam”) they belong to.

Contact: privacy@fam.day

2. Information we collect

Account and identity

Phone number: if you choose phone sign-in, for sending verification codes and associating your account.
Email address: if you choose email sign-in or Sign in with Apple relays an address, for verification and account recovery.
Name and profile details: display name and optional profile information you provide during onboarding.
Apple ID token: if you use Sign in with Apple, we receive the authentication token Apple provides (not your Apple ID password).

Content you create

Photos, videos, captions, comments, likes, and saves you post within your Fam.
Invite codes or QR flows you use to join or create a Fam.

Technical and usage data

Device type, operating system version, app version, and general diagnostic logs needed to operate and secure the service.
Authentication session identifiers and timestamps.
IP address and request metadata processed by our infrastructure providers when you use the app.

We do not sell your personal information.

3. How we use information

We use the information above to:

Create and secure your account (including SMS and email one-time passcodes).
Deliver the Fam service: show your feed, store and display media within your circle, sync comments and reactions.
Enforce access controls so only members of your Fam can see its content.
Respond to support requests and protect against abuse, fraud, or security incidents.
Comply with law and enforce our Terms of Service.

We do not use your phone number for marketing or promotional text messages without your separate opt-in consent.

4. Who can see your content

Fam is private by design. Posts, comments, and media are visible only to members of the Fam they belong to, subject to our access rules and storage policies. Content is not published to a public feed, searchable directory, or open web URL.

Photos and videos are stored in private cloud storage with time-limited signed access links. They are not world-readable.

5. SMS and email communications

When you provide a phone number and request a sign-in code, you consent to receive transactional SMS messages from Fam (or our messaging providers) for authentication and account security. These messages are not marketing.

Purpose: deliver one-time verification codes and essential account-related notices tied to your request.
Frequency: varies with your activity; typically one message per sign-in attempt.
Cost: message and data rates may apply depending on your carrier.
Opt-out: reply STOP to cancel non-essential SMS. You may still receive messages required to complete an in-progress verification or as required by law. Reply HELP for assistance or email support@fam.day.
Carriers: we are not liable for delayed or undelivered messages. Carriers are not liable for delayed or undelivered messages.

Email verification codes are sent for the same authentication purpose. You can stop email codes by no longer requesting sign-in to that address.

6. Service providers

We use trusted vendors to run Fam. They process data only on our instructions and for the purposes described in this policy:

Supabase: authentication, database, and private media storage.
Telecommunications providers (which may include Twilio or similar carriers): delivery of SMS verification messages when you sign in with a phone number.
Apple: Sign in with Apple authentication, when you choose that option.
Cloud infrastructure: hosting, logging, and security operations supporting the above.

We require providers that handle personal data to maintain appropriate security and confidentiality obligations.

7. Retention

We keep account and content data while your account is active and as needed to provide Fam. Verification codes expire quickly and are not stored as long-term secrets.

If you delete your account or request deletion, we delete or anonymize personal data within a reasonable period, except where we must retain information for security, legal compliance, dispute resolution, or backup integrity (typically up to 90 days in backups).

8. Security

We use industry-standard measures including encrypted transport (HTTPS/TLS), access-controlled storage, row-level database policies, and signed URLs for media access. No method of transmission or storage is 100% secure; we work to protect your data and will notify you of significant breaches where required by law.

9. Your choices and rights

Depending on where you live, you may have the right to:

Access, correct, or delete personal information we hold about you.
Export a copy of your data.
Object to or restrict certain processing.
Withdraw consent where processing is consent-based (without affecting prior lawful processing).

To exercise these rights, email privacy@fam.day. We may need to verify your identity before fulfilling a request.

California residents: we do not sell personal information. You may request disclosure of categories collected and deletion as described above.

EEA/UK residents: our legal bases include contract performance (providing Fam), legitimate interests (security and abuse prevention), and consent (where required, such as optional communications).

10. Children

Fam is intended for users who can form a binding contract with us (typically 18+, or 13+ with parental consent where applicable). Fam is a private family-and-friends product; parents and guardians are responsible for minors they allow to use the app within their circle. If you believe a child has provided us personal information without appropriate consent, contact privacy@fam.day and we will take appropriate steps.

11. International transfers

We may process data in the United States and other countries where our providers operate. When we transfer data internationally, we use appropriate safeguards such as standard contractual clauses where required.

12. Changes

We may update this policy from time to time. We will post the revised version with a new “Last updated” date. Material changes may be communicated in-app or by email where appropriate.

13. Contact

Questions about this policy:

Privacy: privacy@fam.day
Support: support@fam.day