Private by architecture, not just by promise.

What we don't do

• · No public profiles, no public posts, no search-engine indexing of your family content. Ever.
• · No third-party advertising trackers in the family portal.
• · No data sales. We do not, and will not, sell your data to anyone.
• · No AI training on your family's content. If we add AI features later, they're opt-in and your content is excluded from training.

How access works

• · Family portals are invite-only. The only way in is through an invite from an existing member.
• · Sign-in is passwordless. We send a one-tap magic link to your email; the link expires in 15 minutes.
• · Sessions are stored as SHA-256 hashes, not raw tokens. We can revoke any session immediately.
• · IP addresses on sessions are stored as salted hashes, never plain.

How data is stored

• · All data is encrypted at rest by our managed Postgres + object storage providers.
• · All connections use TLS 1.2+.
• · Photos and videos are served via short-lived signed URLs scoped to your tenant — direct object access from outside the portal is not possible.
• · Every family lives in a logically isolated tenant; queries are scoped by tenant on every read and write.

What we keep, and for how long

• · Your family's posts, photos, comments, and reactions stay as long as your subscription is active.
• · If you stop paying: 30-day grace period (read-only), then offline archive for 1 year, then full deletion.
• · You can export everything as JSON + a photo/video archive at any time, from settings.
• · Soft-deleted members are kept for 30 days, then hard-deleted along with their authored content metadata.

If you need to report something

Security disclosures, abuse reports, or account compromises: security@jamaarich.com. We'll acknowledge within 1 business day and keep you posted while we investigate.