Who we are
The Family Word is a DBA of UpfrontOps LLC, a Wyoming single-member LLC operated from New Jersey. The business is run by Ryan Murphy in Highland Park, NJ. You can reach us at hello@thefamilyword.com.
Scope
This policy covers thefamilyword.com and the hotline routing service we operate for customers of the kit.
Information we collect
We collect the following categories of information.
- Identity. Your name, shipping address, email, and phone number, used to fulfill the order and route the hotline.
- Payment. Stripe processes the payment. We never see your card number. We receive a payment token plus the brand and last 4 digits so we can show a receipt.
- Order. What you bought, quantity, gift-note text if any, and delivery status.
- Hotline routing. The phone numbers you list as the family members to ring, and the order you chose for the routing.
- Site analytics. Page views, referrer, and country-level IP, aggregated. No cross-site tracking.
- Email and SMS engagement. Opens and clicks, if you opt in.
What we do not collect or store
- The family's chosen phrase, or any specifics of the verification routine. By design, that lives on the physical card with the family and is never transmitted to us. Even we don't know it.
- Biometric data of any kind.
- Precise geolocation beyond country-level IP-based inference.
- Voice recordings. The routing service does not record calls by default. See the hotline policy for details.
If someone claims to be us, they are not
We will never call, email, or text you to ask for your family's word, your hotline PIN, an order number, a credit-card code, a password, or any other secret. The whole point of the kit is that the secret lives with your family, not with us, so a call from "The Family Word" asking for it is, by definition, an impersonation attempt.
If anyone reaches out claiming to be from The Family Word and asks for anything sensitive, treat it as fraud. Hang up, do not reply. Instead, forward the message (with full headers if it was email) or a description of the call to report-fraud@thefamilyword.com. Reports go to the operator inbox at that address. As reports come in, we file abuse and takedown requests with the relevant carriers, hosts, and registrars. See the security audit log for the current state of every control we publish.
We planned for this from day one. The same defense the kit gives your parents (a question only your family knows) is the defense we apply to ourselves: we never need a secret from you, so any request for one is the signal.
How we use it
We use the information to fulfill your order, run the hotline routing, respond to support requests, defend against fraud and abuse, and comply with law.
Legal bases
For US customers (CCPA and CPRA), we rely on contract performance, our legitimate interest in operating the service, and your consent for marketing and SMS. For EEA and UK residents (GDPR), the same mapping applies: contract for fulfillment, legitimate interest for security and service operation, and consent for marketing and SMS.
Sharing and sub-processors
We share information with a small set of vendors who help us operate the service. We do not share with anyone else for marketing.
| Sub-processor | Purpose |
|---|---|
| Stripe | Payment processing |
| Twilio | SMS messaging and hotline call routing |
| Cloudflare | Hosting, DNS, and edge security |
| Resend | Transactional email delivery |
| USPS (or a successor carrier) | Shipping |
No sale of personal information
We do not sell or rent personal information. The CCPA Section 1798.120 right is automatic for every customer. We do not share personal information with third parties for cross-context behavioral advertising.
Retention
- Order records: 7 years, for tax compliance.
- Hotline routing list: while you use the service, plus 30 days after cancellation.
- Site analytics: aggregated indefinitely. Individual page-view rows are kept for 90 days.
- Email and SMS engagement: 24 months.
Your rights
You have the right to access, correct, delete, and port your information, and to opt out of marketing. Email privacy@thefamilyword.com with your request (or hello@thefamilyword.com if the alias is not yet set up) and we will respond within 30 days.
California residents: the Limit Use of Sensitive Personal Information right does not apply here, because we do not process sensitive personal information by the CCPA definition. EEA and UK residents: you may also lodge a complaint with your supervisory authority.
Children
We do not knowingly collect information from anyone under 13. The product is sold to adults for the benefit of older parents.
Cookies and tracking
First-party cookies only, strictly necessary (session, cart hint, CSRF). No third-party advertising cookies.
Security posture
We use TLS in transit and encryption at rest with our cloud provider's defaults. Every operator account that touches customer data is protected by YubiKey hardware 2FA, with no SMS-2FA fallback. See the security page for the full posture and the responsible-disclosure scope.
Changes
We may update this policy. The "Last updated" date at the top will bump, and material changes are emailed to active customers.
Contact
Privacy questions: privacy@thefamilyword.com (or hello@thefamilyword.com).
Questions? Contact us.