How we protect your data
FamiliaLista stores sensitive information — your phone, your family's phones and emails, what you write in your manual, the personal messages you leave. Here's exactly how we look after it.
What you write is encrypted
When you create your account, we generate a unique encryption key for you (AES-256). That key never leaves our servers and is only used to encrypt your information.
Everything sensitive — your manual content, the personal messages you write for each person, the phones and emails of your loved ones — is encrypted before being saved to the database.
If someone gained access to the database (it hasn't happened, but real security plans for those scenarios), what they'd see is meaningless noise. Without our master key, your manual cannot be read.
The companies we work with
To run the app, we need technology partners. Each one does a specific job and all hold top-tier security certifications. You can read their practices by clicking through.
Supabase
Stores your information (database + accounts)
Postgres with encryption at rest (AES-256) and in transit (TLS 1.3). SOC 2 Type II certified, HIPAA-compatible. Your data lives on servers in the United States.
Stripe
Processes payments
We never see or store your card number — Stripe handles it directly. PCI-DSS Level 1 certified, the highest payment-security standard in the world.
Twilio
Sends the WhatsApp messages
The bridge between our app and WhatsApp/Meta. Messages to your family travel through WhatsApp's network with their end-to-end encryption. Twilio is SOC 2 Type II and ISO 27001 certified.
Resend
Sends the emails
Our transactional email provider — the one that sends your check-ins by email when applicable. SOC 2 Type II certified. Your email is never sold or used for marketing lists.
Vercel
Hosts the application
The service that serves familialista.com and app.familialista.com. Every connection uses TLS 1.3. SOC 2 Type II certified. Same platform trusted by Netflix, Stripe, and others.
What we DON'T do
- We don't sell your data to anyone. Not to advertisers, brokers, or insurers.
- We don't use your manual to train artificial intelligence.
- We don't share your information with your family until the cascade fires — and only with the people you chose.
- We don't read your manual. It's encrypted and only decrypted at the moment of delivery if something happens to you.
More questions?
If you have a specific question about how we handle your data, write to us. We respond in less than 24 hours.
This page is updated when something changes in the stack. Last updated: 2026-05-27.