familybrain

Security

Last updated 29 May 2026

Your family's plan is private. Here's how we protect it — in plain terms, and without overclaiming. familybrain is a personal, non-commercial project run by one person in Zürich, so we'd rather tell you exactly what we do than wave badges around.

Your family is walled off

Each household's data is isolated. Access rules are enforced at the database level so one family can never read or write another family's events, tasks, people, or notes — not just hidden in the app, but blocked at the source.

Encrypted in transit

All traffic between your device and familybrain runs over HTTPS/TLS. Data stored with our infrastructure providers is encrypted at rest by those providers.

Sign-in

Authentication is handled by Google Firebase Authentication. Your session is kept in a single secure cookie, and protected areas of the app require a valid session.

We ask for as little as possible

familybrain only stores what the service needs to work. If you connect Google Calendar, you choose which calendars sync, and you can disconnect and wipe imported events at any time from the Integrations screen.

Trusted providers

We build on established infrastructure — Google Cloud / Firebase (storage, auth), Anthropic (the AI behind Iris), Resend (email), and Vercel (hosting) — and rely on their security programs for the layers they run. See the Privacy page for the full list and where data is processed.

What we don't do

We don't sell your data, we don't use it for advertising, and Iris's AI provider doesn't train its models on it.

Reporting a problem

Found something that looks like a security issue? Please tell us privately first via the contact form or at security@familybrain.ch. We'll acknowledge it and work with you on a fix — and we're grateful for the heads-up.

Setup note (remove before public launch): verify security@familybrain.ch forwards to a monitored inbox, and keep this page honest — only add compliance claims (e.g. certifications) once they're actually true.