Authentication
Firebase Authentication handles account sign-in and identity tokens. FamStak does not store your account password in its application database.
Trust is a product feature
FamStak is designed to hold practical family information without pretending every security question has a one-line answer. This page describes the protections and controls currently implemented.
Firebase Authentication handles account sign-in and identity tokens. FamStak does not store your account password in its application database.
Authenticated API routes check the current user and apply owner, family, visibility, or explicit-sharing rules before returning household content.
Stripe handles checkout, saved payment methods, invoices, cancellation, and billing changes. FamStak stores subscription status and Stripe account references—not complete card numbers.
The production site uses HTTPS and browser security headers, including frame restrictions, content-type protections, and a restrictive permissions policy.
Signed-in users can export their FamStak data as JSON. Free accounts can be permanently deleted in-app; Pro users cancel billing first.
Optional Google Analytics for Firebase remains off until consent. Global Privacy Control is honored by the consent experience.
FamStak does not currently claim two-way Google, Apple, or Outlook synchronization; background push delivery; bank-account connectivity; or automatic payment execution. Calendar import and feeds are deliberately described by their actual direction and behavior.
Use in-app Privacy & Data settings for export or deletion, or contact the support address for account and privacy assistance.