FM2Yfm2y
FM2Y

Privacy Policy

Last updated: June 2026

What we collect

Account information (name, email, date of birth), timeline content you upload, billing metadata processed by Stripe, and usage signals needed to operate timelines and funding features.

How we use data

  • Provide timelines, invites, and contributor permissions
  • Process subscriptions, timeline funding, and storage add-ons
  • Generate offline exports for owners and authorized admin fulfillment
  • Send service notifications (renewals, storage limits, funding state changes)

Sharing

We use Supabase (database and authentication) and Cloudflare R2 (media storage) to operate the service, and Stripe for payments. We do not sell personal information. Timeline visibility is controlled by the timeline owner and permission settings.

Media security & access control

All photos, videos, voice notes, and other media files you upload are stored in a private cloud vault (Cloudflare R2). No file has a public URL — every media request is authenticated server-side before a time-limited access token is issued.

  • No public links. Media URLs are signed and expire after one hour. A link you share stops working when the token expires.
  • Access control. Only users the timeline owner has invited can receive a signed URL. Non-members receive a 403 error.
  • Audit logging. Every media access event is recorded with a timestamp, user identity, and IP address. Timeline admins can review this log at any time inside the admin panel.
  • Encryption. All data is encrypted in transit (TLS 1.2+) and at rest by Cloudflare’s storage infrastructure.

Our security commitment

FM2Y is built with the strictest data security standards in mind. We apply industry-leading practices including private storage, per-user access controls, tamper-evident audit logging, and encryption in transit and at rest — the same principles used by the most security-conscious organizations in the world.

We are committed to continuously improving our security posture to protect the memories and personal moments families trust us with. If you have questions about our security practices, contact us at support@fm2y.com.

Retention & export

Timelines in paid-through-age-25 or admin-review states are preserved according to product rules. Owners may request exports where the product allows download.

Your choices

You may update profile settings, cancel subscriptions via the billing portal, and contact support for account questions.

Terms of Service