Embers

Privacy Policy

Effective date: April 24, 2026 · Last updated: May 10, 2026

Embers is built for two people — not for advertisers. This policy explains what data we collect, why we collect it, and what rights you have. Our default is to collect as little as possible.

1. Who We Are

Embers (the "App") is operated by the Embers team. Contact us at zfy3712z@gmail.com.

2. What We Collect

2.1 Account & profile data

Your Sign in with Apple / Google identifier (or email + hashed password for email sign-in).
Display name and profile photo you choose.
Couple pairing relationships (which account is paired with which).

2.2 Content you create

Stickies (drawings + captions), whispers (letters + optional photo / doodle), affection taps, mood shares, and memory reel entries that you and your partner send each other.
Support messages you send to the Embers team, including optional screenshots or images you attach for troubleshooting.
Stored encrypted-at-rest on our backend (Supabase + Apple CloudKit). Only you and your paired partner can read the content.

2.3 Device & usage data

Anonymous APNs device token used to deliver push notifications.
App version, iOS version, device model, language, time-zone.
Product-analytics events (e.g. "sticky_sent", "paywall_viewed") via Mixpanel. We never send the text of your stickies, whispers, or captions to analytics — only structural metadata (length, whether a photo is attached, etc.). You can opt out in Settings → Analytics.
Subscription / purchase state from Apple's StoreKit (for entitlement checks).

2.4 What we do NOT collect

We do not collect your precise location, your contacts, your calendar, your camera roll outside of what you explicitly attach, IDFA, your browsing history, or biometric data.

3. How We Use Your Data

Deliver the Service — authenticate you, sync content between you and your partner, send push notifications.
Provide customer support — read and reply to support conversations you initiate, investigate bugs you report, and review screenshots you choose to attach.
Improve the Service — understand which features are used, diagnose bugs, make product decisions.
Process purchases and prevent fraud.
Communicate important updates (e.g. changes to this policy, security incidents).

We do not sell your personal data. We do not use your content to train machine-learning models.

4. Who Sees Your Data

Your paired partner — by design. Anything you send them is theirs to read.
The Embers support team — only for support conversations, bug reports, and screenshots/images you intentionally send to us through the in-app support inbox or email.
Infrastructure processors — Apple (iCloud / CloudKit / APNs / Sign in with Apple / IAP), Google (OAuth only), Supabase (auth + database + storage), Mixpanel (anonymous analytics only). Each acts as a data processor on our behalf under written agreements.
Nobody else, except when required by law (valid subpoena, court order) or to protect the safety of our users.

5. Data Retention

Your account and the content you send are retained until you delete them.
Support conversations and support attachments are retained for as long as reasonably needed to resolve your request, maintain service quality, or comply with legal obligations, unless you ask us to delete them sooner where applicable.
Deleting an individual sticky, whisper, or the whole account removes the data from our active systems. Backups are rotated within 30 days.
Deleted accounts cannot be recovered — you'll need to start fresh.

6. Your Rights

Depending on where you live, you may have rights to:

Access a copy of the personal data we hold about you.
Correct inaccurate data (most profile fields are editable in Settings).
Delete your account and data from Settings → Delete account, or by emailing us.
Port a copy of your content to another service.
Object to certain processing (e.g. analytics) — toggle it off in Settings.
Withdraw consent for any processing that relies on consent, without affecting past lawful processing.

Email zfy3712z@gmail.com to exercise any of these rights. We'll respond within 30 days.

7. Children

Embers is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, email us and we'll delete it.

8. International Transfers

Your data may be processed in the United States or other countries where our infrastructure providers (Apple, Supabase, Google, Mixpanel) operate. Where required, we use standard contractual clauses or equivalent safeguards to protect your data during transfer.

9. Security

We use TLS for data in transit, encryption-at-rest on our databases, per-user access control at the database layer (Supabase Row-Level Security), and Apple's end-to-end protections for iCloud data. No system is 100% secure — if we ever learn of a breach that affects you, we'll notify you without undue delay.

10. Changes to This Policy

If we make material changes, we'll notify you in the App or by email at least 7 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

Privacy questions, requests, or complaints: zfy3712z@gmail.com.