Where is Familiar's infrastructure hosted?

Familiar's infrastructure is hosted within the European Union. Hosting environments are operated in Tier III (or equivalent) data centers designed for high availability and resilience. Infrastructure components are monitored continuously to detect failures, anomalies, or security events.

What access control measures does Familiar implement?

Familiar implements access control measures designed to prevent unauthorized access, including: Role-based access control (RBAC), Principle of least privilege, Secure authentication mechanisms, and Logging and monitoring of access and administrative actions. Access rights are reviewed periodically and revoked when no longer required.

What encryption measures does Familiar use?

Familiar applies encryption measures designed to protect data confidentiality and integrity, including: Encryption in transit using industry-standard protocols (such as TLS) and Encryption at rest using strong encryption algorithms (such as AES-256), where appropriate. Encryption keys and secrets are managed securely and access is restricted.

How does Familiar handle security incidents?

Familiar maintains an incident response process designed to: Assess and contain security incidents, Mitigate potential impact, and Restore normal operations without undue delay and, where applicable, within 72 hours.

What business continuity measures does Familiar implement?

Familiar implements measures designed to support business continuity, including: Daily automated backups, Redundancy and availability mechanisms, and Periodically tested recovery procedures. These measures are intended to reduce the impact of incidents affecting availability or data integrity.

Is Familiar GDPR compliant?

Yes, Familiar complies with the General Data Protection Regulation (GDPR). Depending on the context: Familiar acts as a data controller for limited processing activities described in the Privacy Policy, or acts as a data processor when processing customer data on behalf of its Clients, under the Data Processing Agreement.

Security & Compliance

Security and Compliance represent key aspects of any product your team uses. Familiar is committed to securing access to your data, eliminating systems vulnerabilities and ensuring continuity of access.

Last updated: January 2026

Acceptable Use Cookie Policy Privacy Policy Security & Compliance Terms & Conditions Vulnerability Disclosure Legal Notice

1. Introduction

At Familiar, security, data protection, and compliance are foundational to how we design, build, and operate our platform.

This page provides an overview of the technical and organizational measures implemented to protect data processed through the Familiar platform.
It is provided for informational purposes only and does not form part of any contractual commitment.

Binding obligations relating to security, availability, and data protection are defined in our Terms and Conditions and Data Processing Agreement (DPA).

2. Security governance

Familiar maintains internal security policies and procedures designed to ensure an appropriate level of protection for the data processed through the platform.

Security responsibilities are clearly defined within the organization, and access to systems and data is restricted to authorized personnel only, based on role, responsibility, and necessity.

3. Infrastructure and hosting

Familiar’s infrastructure is hosted within the European Union.
Hosting environments are operated in Tier III (or equivalent) data centers designed for high availability and resilience.
Infrastructure components are monitored continuously to detect failures, anomalies, or security events.

4. Access control and authentication

Familiar implements access control measures designed to prevent unauthorized access, including:

Role-based access control (RBAC)
Principle of least privilege
Secure authentication mechanisms
Logging and monitoring of access and administrative actions

Access rights are reviewed periodically and revoked when no longer required.

5. Data encryption

Familiar applies encryption measures designed to protect data confidentiality and integrity, including:

Encryption in transit using industry-standard protocols (such as TLS)
Encryption at rest using strong encryption algorithms (such as AES-256), where appropriate

Encryption keys and secrets are managed securely and access is restricted.

6. Application security

Security is integrated throughout the software development lifecycle, including:

Secure coding practices
Code reviews and testing
Dependency and vulnerability monitoring
Separation of environments (development, staging, production)

Familiar continuously improves its security controls in line with evolving threats and best practices.

7. Monitoring and logging

Familiar uses monitoring and logging mechanisms designed to:

Detect suspicious or abnormal activity
Identify security incidents
Support investigation and remediation efforts

Logs are retained for a limited duration and access is restricted.

8. Incident response

Familiar maintains an incident response process designed to:

Assess and contain security incidents
Mitigate potential impact
Restore normal operations

Where a security incident involves personal data, Familiar will notify affected Clients without undue delay and, where applicable, within 72 hours, in accordance with GDPR requirements and the Data Processing Agreement.

9. Business continuity and backups

Familiar implements measures designed to support business continuity, including:

Daily automated backups
Redundancy and availability mechanisms
Periodically tested recovery procedures

These measures are intended to reduce the impact of incidents affecting availability or data integrity.

10. Data protection and GDPR compliance

Familiar is committed to compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Depending on the context:

Familiar acts as a data controller for limited processing activities described in the Privacy Policy
Familiar acts as a data processor when processing customer data on behalf of its Clients, under the Data Processing Agreement

11. Sub-processors and third-party services

Familiar relies on selected third-party service providers for hosting, analytics, communications, and support services.

We:

Carefully select and assess service providers
Enter into appropriate contractual safeguards
Monitor compliance with security and data protection requirements

A list of current sub-processors is available upon request or as set out in the Data Processing Agreement.

12. Certifications and standards

Familiar aligns its security practices with recognized industry standards.

Current and planned initiatives may include, where applicable:

GDPR compliance
EU-based data hosting
Preparation for recognized security frameworks (such as SOC 2 or ISO/IEC 27001)

Any certifications are referenced only once formally obtained.

13. Service availability

Service availability targets and any applicable service level commitments are defined in the relevant Order Form and Conditions Générales de Services.

Historical uptime or availability information may be made available upon request.

14. Shared responsibility

Security is a shared responsibility.

Clients and Users are responsible for:

Protecting account credentials
Managing user access appropriately
Using the Services in compliance with the Acceptable Use Policy

15. Changes to this page

This Security & Compliance page may be updated from time to time to reflect changes in technology, practices, or regulatory requirements.

The updated version will apply upon publication.

16. Contact

For security-related questions or concerns, you may contact us at security@familiarhq.com.