Overview

Family Legacy is built around private family workspaces. We collect and process information so users can create accounts, switch between family workspaces, build family trees, preserve memories, upload media and documents, manage invitations, and use dashboard tools.

This policy explains the main types of data Family Legacy handles and how that data is used.

Account information

We collect account details such as your name, email address, authentication provider, login session information, and email verification status.

We use this information to create and secure your account, authenticate sessions, support password reset, and connect you to the family workspaces where you have an active membership.

Profile information

Profiles store user-level information such as display name and account identity. Family workspace access is managed through memberships rather than using a profile as the only access model.

This allows one person to belong to more than one family workspace without moving their account from one family to another.

Family relationships

Family Legacy stores family members and relationships, including parent, child, spouse, sibling, adopted, step, and guardian relationships where users add them.

We use this information to render family trees, profile relationship panels, member lists, search, and related family context.

Photos, videos, and audio

Gallery items may include titles, descriptions, categories, media links, uploaded files, dates, linked family members, linked timeline memories, visibility settings, and file metadata such as storage path and file size.

We use this information to display family galleries, previews, member media, timeline connections, and family feed media.

Documents

Digital Vault items may include document titles, descriptions, document types, file links, private storage paths, linked members, visibility settings, uploader information, and file size.

Vault documents are intended to be private. We use signed URLs for private file access where appropriate and do not intentionally expose vault files publicly.

Calendar events

Family Legacy stores events and uses member birthdays, event dates, and selected timeline items to power calendar and upcoming list views.

This helps families remember birthdays, reunions, memorial days, anniversaries, and other important moments.

Timeline memories

Timeline items may include a title, description, event date, category, linked member, media link, visibility setting, and creator information.

We use timeline data to show family history in chronological order and to display memories on related member profiles.

Invitations

Invitations may include invitee name, email, phone, linked member, invite type, invite token, status, expiration, inviter, and acceptance details.

Invite pages are designed to show limited information, such as family name and invite context, without exposing private workspace data to the public.

AI requests

AI request records may include family ID, user ID, tool type, input data, output data, and request status.

Today, AI-assisted tools provide simple beta draft output inside Family Legacy. Future AI providers may process prompts or selected family content when users choose to use those tools.

Cookies

Family Legacy uses essential cookies and similar browser storage for authentication, sessions, family switching, preferences, and security.

See the Cookie Policy for more detail.

Analytics

Analytics are planned for future product improvement but are not required for core private family workspace functionality.

If analytics are enabled later, they should be configured to understand product usage without unnecessarily exposing sensitive family content.

Billing

Billing is future-ready but not active today. When paid plans are introduced, billing data may be processed by a payment provider such as Stripe.

Family Legacy should not store full payment card numbers on its own servers.

How data is stored

Family Legacy uses Supabase infrastructure, including Supabase Auth, Postgres, Row Level Security, and Supabase Storage.

Private tables are designed to scope records by family workspace and active membership. Storage paths are designed to be family-scoped.

Who can access family data

Users can access family data only for workspaces where they have an active membership, subject to role, visibility, and product rules.

Workspace owners and admins may have broader management abilities inside their family workspace. Public invite pages should only reveal limited invite-safe data.

Deleting data

Users may delete many records directly in the dashboard, including members, events, gallery items, vault items, timeline items, announcements, feed posts, and notifications where supported.

Account, family, and full workspace deletion requests can be handled through the Data Deletion page or by contacting hello@familylegacy.family.

Contact

Questions about privacy can be sent to hello@familylegacy.family.

Related policies