Familiar

Product

ScenariosAudiencesCampaignsSurveysAgentSoon

Solutions

For IndependentsFor GroupsFor Enterprise

Resources

PricingManifestoBlogDocs
Start for free

Privacy policy

Familiar takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers all the time.

Last updated: January 2026

1. Introduction

This Privacy Policy describes how Familiarcollects, uses, stores, shares, and protects personal data when you visit our website, use our platform, or interact with our services (collectively, the “Services”).

We are committed to protecting your privacy and processing your personal data in compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), the French Data Protection Act (Loi Informatique et Libertés), and all other applicable data protection laws.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Services.

2. Scope — Controller vs. Processor

Familiar acts in two distinct capacities depending on the context in which personal data is processed:

  • As a Data Controller: When we collect and process personal data about our prospects, website visitors, clients, and users for our own purposes (e.g., account management, marketing, analytics, and platform improvement). This Privacy Policy applies in full to such processing.
  • As a Data Processor: When we process personal data on behalf of our clients (e.g., hotel guest data, reservation data, or customer records imported into or generated through the platform). In this capacity, we act strictly on the instructions of the client, who remains the Data Controller. Processing in this capacity is governed by the Data Processing Agreement (DPA) entered into between Familiar and the client, not by this Privacy Policy.

If you are a guest or end customer of one of our clients, please refer to that client’s own privacy policy for information about how your data is handled.

3. Identity of the Controller

The data controller for processing described in this Privacy Policy is:

  • Company name: Familiar SAS
  • Legal form:Société par actions simplifiée (SAS)
  • Registered office: 1663, rue de Majornas, 01440 Viriat, France
  • Registration number: RCS Bourg-en-Bresse 925 238 495
  • VAT number: FR66925238495

4. Data Protection Officer

Familiar has designated a point of contact for all matters related to data protection. You may reach our Data Protection Officer at:

  • Email: privacy@familiarhq.com

You may contact our DPO to exercise your rights, ask questions about this Privacy Policy, or raise any concerns regarding the processing of your personal data.

5. Categories of Personal Data Collected

Depending on how you interact with us, we may collect the following categories of personal data:

5.1 Data you provide directly

  • Identity data: first name, last name, job title, company name
  • Contact data: email address, phone number, postal address
  • Account data: login credentials, profile information, preferences
  • Billing data: company billing details, VAT number, payment method (processed by our payment provider)
  • Communication data: messages sent via contact forms, support tickets, or email correspondence

5.2 Data collected automatically

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, features used, clicks, session duration, referral source
  • Cookie data: identifiers stored via cookies and similar technologies (see our Cookie Policy for details)
  • Log data: server logs, error logs, access timestamps

5.3 Data received from third parties

  • Integration data: data received through connected third-party services (e.g., property management systems) as part of your use of the platform
  • Referral data: information provided by partners or referral sources

6. Purposes and Legal Bases for Processing

We process personal data for the following purposes, each associated with a legal basis under Article 6(1) of the GDPR:

  • Performance of a contract (Art. 6(1)(b)): creating and managing your account, providing the Services, processing transactions, delivering customer support
  • Legitimate interests (Art. 6(1)(f)): improving the Services, analyzing usage patterns, preventing fraud and abuse, ensuring platform security, conducting internal analytics, and sending non-promotional service communications
  • Consent (Art. 6(1)(a)): sending marketing communications, placing non-essential cookies, and conducting satisfaction surveys
  • Legal obligation (Art. 6(1)(c)): complying with accounting, tax, and regulatory requirements, responding to lawful requests from authorities

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

7. Cookies

We use cookies and similar tracking technologies on our website and platform. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

8. Recipients of Personal Data

Your personal data may be shared with the following categories of recipients, strictly on a need-to-know basis and in accordance with applicable data protection laws:

  • Authorized personnel: employees and contractors of Familiar who require access to perform their duties
  • Sub-processors and service providers: hosting providers, email delivery services, analytics providers, payment processors, and customer support tools, each bound by appropriate data processing agreements
  • Professional advisors: legal, accounting, and auditing professionals bound by professional secrecy
  • Authorities: regulatory bodies, law enforcement, or judicial authorities when required by law or to protect our rights

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

9. International Data Transfers

Familiar primarily hosts and processes data within the European Union. However, certain sub-processors or service providers may be located outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place, including:

  • European Commission adequacy decisions (Article 45 GDPR)
  • Standard Contractual Clauses (SCCs) adopted by the European Commission (Article 46(2)(c) GDPR)
  • Binding Corporate Rules or other approved transfer mechanisms where applicable

You may request a copy of the relevant safeguards by contacting us at privacy@familiarhq.com.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

  • Prospect data: 3 years from the last point of contact. If no interaction occurs within this period, the data is deleted or anonymized.
  • Customer and user data: for the duration of the contractual relationship, plus 5 years following termination for legal and regulatory purposes (e.g., statute of limitations for contractual claims under French law).
  • Accounting and billing data: 10 years from the end of the relevant fiscal year, in accordance with French commercial and tax law.
  • Server and application logs: 6 to 12 months depending on the type and sensitivity of the logs, after which they are deleted or anonymized.
  • Cookie data: a maximum of 13 months from the date the cookie is set (in accordance with CNIL guidelines).

At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymized.

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption of data in transit (TLS) and at rest (AES-256)
  • Role-based access control with the principle of least privilege
  • Regular security assessments and vulnerability testing
  • Monitoring, logging, and alerting for suspicious activity
  • Incident response procedures in accordance with GDPR requirements
  • Employee awareness and training on data protection

For more details about our security practices, please refer to our Security & Compliance page.

12. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR with respect to your personal data:

  • Right of access (Art. 15): You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to access that data along with information about the processing.
  • Right to rectification (Art. 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
  • Right to erasure (Art. 17): You have the right to request the deletion of your personal data where it is no longer necessary, where you withdraw consent, or where the processing is unlawful.
  • Right to restriction (Art. 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  • Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to object (Art. 21): You have the right to object to processing based on legitimate interests or direct marketing at any time.
  • Right not to be subject to automated decision-making (Art. 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint:You have the right to lodge a complaint with a supervisory authority. In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr.

13. Post-Mortem Data Rights (France)

In accordance with French law (Article 85 of the Loi Informatique et Libertés), you may issue directives regarding the storage, deletion, and communication of your personal data after your death.

These directives may be:

  • General directives: registered with a trusted digital third party certified by the CNIL
  • Specific directives: communicated directly to Familiar at privacy@familiarhq.com

In the absence of directives, your heirs may exercise certain rights in respect of your data, including the right to access data necessary to settle the estate, and the right to request closure of your account and cessation of data processing.

14. How to Exercise Your Rights

You may exercise any of the rights described above by contacting us at:

  • Email: privacy@familiarhq.com
  • Postal mail: Familiar SAS, 1663 rue de Majornas, 01440 Viriat, France — Attn: Data Protection Officer

We will respond to your request within one month of receipt. This period may be extended by two additional months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt.

We may ask you to verify your identity before processing your request to ensure the security of your personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by providing additional notice (such as an in-app notification or email).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

  • Email: privacy@familiarhq.com
  • Postal mail: Familiar SAS, 1663 rue de Majornas, 01440 Viriat, France

Put your marketing on autopilot

Join leading hotel groups and be ready for an AI-first world.

Start for freeTalk to sales