Privacy Policy

Effective date: May 11, 2026 · Last updated: June 23, 2026

FamTrust ("we," "our," or "us") is operated by The BG LLC. This policy explains what personal and financial information we collect, how we use and protect it, who we share it with, and the rights you have over your data. FamTrust is a household financial visibility tool — not a bank, broker, or financial advisor.

1. Information We Collect

Account and identity information

• Email address (used for authentication and alert delivery)
• Display name (optional)
• Authentication method: magic link or Google OAuth. We never store passwords.

Household and member information

• Household name and timezone
• Member roles you assign (owner, spouse, adult child, executor, POA agent, advisor)
• Invitation records and acceptance timestamps
• Role-specific access settings you configure

Financial account data (via Plaid)

When you connect a financial institution via Plaid, we receive:

• Account names, types, and current balances
• Up to 24 months of transaction history (merchant, amount, date, category)
• Credit card and loan liability details (APR, minimum payment, due dates)
• Recurring transaction patterns derived from your transaction history
• Balance history snapshots written on each sync

We do not initiate payments, transfers, or write operations to your financial accounts. Plaid access is read-only.

Computed data

• Net worth snapshots (liquid, near-liquid, illiquid totals, total debts)
• Full Picture health status (on track, watch, needs attention)
• Monthly burn rate, liquid runway, and net worth trend calculations
• Budget category spend vs. target comparisons

Alert and notification data

• Alert rule configurations and firing history
• Which transactions triggered which alerts
• Alert acknowledgment records
• Email delivery records via Resend
• Plaid connection health events (pending expiration notices, login-required flags, new accounts detected)

Usage and technical data

• Authentication session tokens (managed by Supabase Auth; not stored in our database)
• Application logs for error diagnosis
• Webhook delivery deduplication records (internal; used to prevent double-processing of Plaid events)
• Audit log of owner-initiated actions (account changes, member management, data exports)
• Onboarding session progress (which setup steps were completed)
• Dismissed institution suggestions (which auto-detected institutions you chose not to add)
• File import history (what files were uploaded for account discovery and their results)

2. How We Use Your Information

• Provide the service — synchronize financial accounts, compute the Full Picture dashboard, evaluate alert rules, and deliver notifications.
• Access control — enforce role-based visibility so each household member sees only what the owner has permitted.
• Alerts and notifications — send email and in-app alerts when rule thresholds are crossed (low balance, large transaction, budget exceeded, account inactivity).
• Authentication — verify identity via magic link or Google OAuth for every login session.
• Improve reliability — diagnose sync failures, API errors, and data quality issues using application logs.
• Legal compliance — respond to lawful requests and enforce our Terms of Service.

We do not sell your data. We do not use your financial data for advertising or share it with data brokers.

3. Data Sharing

Service providers

We share data only with the vendors necessary to operate FamTrust:

• Plaid — bank connectivity and transaction data. Governed by Plaid's End User Privacy Policy.
• Stripe — payment processing. Receives your email address and payment card data when you subscribe. Governed by Stripe's Privacy Policy.
• Supabase — database hosting and authentication (US region). Row-level security policies are enforced at the database layer.
• Vercel — application hosting for the web app, API routes, and scheduled background jobs.
• Resend — transactional email delivery for alerts and invitations.
• Sentry — error tracking and cron failure alerting. Request bodies and financial data are stripped before any event is sent.
• PostHog — product analytics. Receives usage and behavioral data (pages visited, features used). Does not receive financial account data or transaction details.
• Cloudflare Turnstile — bot detection at login. Receives your IP address and browser signals to verify you are human. No data is retained for advertising purposes.
• Cloudflare R2 — encrypted object storage for document images you choose to upload (scanned or photographed copies of estate documents such as wills and powers of attorney). Files are stored in a private bucket, encrypted at rest, and are never publicly accessible — they are retrieved only through short-lived private links issued after an access check.

Each provider is contractually bound to use your data only to provide services to us.

Household members

Members you invite to your household can see data according to the role and access settings you configure. The owner controls all sharing within their household. We do not share data between separate households, even when the same person belongs to more than one.

Legal requirements

We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public. We will notify you of any such request when legally permitted to do so.

Business transfers

If FamTrust is acquired or merged, user data may transfer to the successor entity. We will notify you before your data is subject to a materially different privacy policy.

4. Data Security

• All data is encrypted in transit (TLS 1.2+) and at rest.
• Row-level security (RLS) is enforced at the database layer — API-level access controls are a second layer, not the only layer.
• Plaid access tokens are stored encrypted and are scoped read-only. They are never exposed in API responses.
• Authentication is passwordless (magic link or Google OAuth). No passwords are stored.
• Optional bank login credentials you choose to store in the vault are encrypted with AES-256-GCM before being written to our database. The encryption key is held separately in our hosting environment — never in the database — and is versioned to support rotation. Reading a stored credential requires a one-time email verification code.
• Stored credentials may also be released through emergency access. A member you designate as an executor or power-of-attorney holder can request access to your stored login credentials. You are notified immediately and may approve or deny the request; if you do not respond within the household's configured window (48 hours by default; you can change it in Settings), access is granted automatically. Emergency access is time-limited (30 days), revocable at any time, and every request and credential view is written to an audit log.
• Document images you upload (e.g. a scan of a will or power of attorney) are stored in a private, encrypted-at-rest object store, never in a public location. They are viewable only by members of your household, through links that expire within minutes and cannot be shared; every view is written to an audit log. When you remove a document, or delete your data, the stored files are deleted from the object store.
• We conduct periodic access reviews and rotate secrets on a scheduled basis.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@famtrust.life.

5. Data Retention

• Active accounts — data is retained for as long as your account is active.
• Transaction history — we store up to 24 months of transaction data pulled from Plaid.
• Net worth snapshots — retained for the life of the account to support trend analysis.
• Alert history — retained for 12 months after firing.
• After account deletion — deleting your account removes your personal data, financial data, and computed data within 30 days. If you own a household, deleting your account deletes that entire household and all data within it, including information about its other members. If you are an invited member of another person's household, deleting your account removes you from it, but information the owner has recorded there (including information about you) remains under that owner's control and is deleted only by them. Anonymized aggregate statistics may be retained. Backups are purged on their normal rotation schedule (maximum 90 days).
• After estate closure — when an executor closes the account following the account owner's death, we cancel the subscription and retain household data for 90 days so the estate can complete settlement, after which all household data is permanently deleted.

6. Bank Connectivity (Plaid)

FamTrust uses Plaid to connect to financial institutions. By connecting an account, you also agree to Plaid's End User Privacy Policy. You can disconnect any institution at any time from the Manage page, which revokes Plaid's access token for that institution.

FamTrust does not use financial data for credit decisions, insurance underwriting, employment screening, or any purpose covered by the Fair Credit Reporting Act (FCRA).

7. Children's Privacy

FamTrust is intended for adults 18 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

8. Changes to This Policy

We may update this policy as the product evolves. For material changes, we will notify you by email at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of FamTrust after the effective date constitutes acceptance of the revised policy.

9. Contact

Questions or requests related to privacy:

• Email: privacy@famtrust.life
• Website: famtrust.life
• The BG LLC

10. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and under California Civil Code § 1798.83 (the “Shine the Light” law). A plain-English summary is also available on our Your California Privacy Rights page.

Shine the Light (Cal. Civ. Code § 1798.83)

We do not disclose your personal information to third parties for those third parties' own direct marketing purposes. California residents may submit a written request, once per year, for information about any such disclosures; we will respond to confirm that none were made. Send requests to privacy@famtrust.life.

No sale or sharing of personal information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CPRA. We have not done so in the preceding 12 months.

Sensitive personal information

To provide FamTrust we collect information that is “sensitive personal information” under the CPRA, including financial account numbers, access credentials you choose to store, and account balance data. We use this information only to provide and improve the FamTrust service. We do not use or disclose it to infer characteristics about you, and we do not use it for any secondary purpose beyond delivering the service you asked for.

Plaid data sharing

When you connect a financial account, your credentials and account data are transmitted to Plaid Technologies, Inc. to enable the connection. Plaid's own privacy policy governs Plaid's use of that data. We do not share your data with any other third parties for commercial purposes.

Your rights under the CPRA

• Right to know what personal information we collect, use, disclose, and share.
• Right to delete personal information we hold about you, subject to legal exceptions.
• Right to correct inaccurate personal information we hold about you.
• Right to opt out of the sale or sharing of personal information. We do not sell or share personal information, but the right exists.
• Right to limit the use and disclosure of sensitive personal information to what is necessary to provide the service.
• Right to non-discrimination — we will not deny service, charge a different price, or provide a different quality of service because you exercised any of these rights.

How to exercise your rights

Email privacy@famtrust.life with the subject line “California Privacy Rights Request.” Please include your full name, the email address associated with your FamTrust account, and the right you wish to exercise. We will take reasonable steps to verify your identity before acting on the request. We will respond within 45 days; if we need more time, we will notify you and may extend by an additional 45 days as permitted by law. You may also use an authorized agent to submit a request on your behalf. Account owners and spouses can exercise the rights to access, export, and delete directly from the data-rights tools below.

This section is effective as of the “Effective date” shown at the top of this policy and was last updated on the “Last updated” date shown there.