emberprivacy policy

last updated: may 2026 · this policy explains what data ember collects, how it's used, and your rights.

what we collect

when you use ember, we collect:

  • account info: email address and a hashed password (we never see your password in plain text — firebase authentication handles it)
  • conversations: the messages you send and the replies the ai characters send back, stored per character
  • long-term memories: structured facts the system extracts from your conversations so the characters can remember things about you across sessions (e.g., “user has a dog named otis”). you can view and wipe these any time from the app.
  • basic technical data: server logs (ip, timestamps, error traces) for debugging and abuse prevention

we do not collect:

  • your real name (unless you put it in a message)
  • your location beyond what your ip implies
  • tracking or advertising identifiers
  • biometric data, voice recordings, or images

how we use it

we use your data to:

  • let you sign in
  • show you your past conversations and memories
  • generate replies (we send your conversation history and extracted memories to anthropic's claude api as part of each chat call)
  • extract new memories from your conversations
  • investigate bugs and prevent abuse

we do not:

  • sell your data to anyone
  • use your conversations to train any ai model
  • share your data with advertisers
  • read your conversations except as needed to debug a problem you reported

third-party processors

ember runs on a small number of services we use to operate the product:

  • vercel — hosts the website and serverless functions
  • firebase (google) — handles authentication and stores your conversations and memories
  • anthropic — the claude api generates the character replies and extracts memories. when you send a message, your conversation history (plus your stored memories) is sent to anthropic to produce the reply. anthropic states it does not use api inputs to train its models.

data retention

your conversations and memories are stored until you delete them. you can:

  • clear an individual conversation from the chat (the “new chat” button — keeps long-term memories)
  • wipe all long-term memories for a character (the “wipe all” button in the memory panel)
  • delete your entire account by reaching out through your beta invite channel — we'll remove all your data within 30 days. an in-app account-delete control is coming.

your rights

depending on where you live (e.g., california, eu, uk), you have rights to access, correct, export, and delete your personal data. to exercise these rights, contact us through your beta invite channel. we'll respond within 30 days. a public support address will be published before ember leaves private beta.

children

ember is for users 18 and older. we do not knowingly collect data from anyone under 18. if you believe a minor has signed up, contact us and we'll delete the account and its data.

security

authentication and storage use firebase, which encrypts data in transit and at rest. our application code is hosted on vercel with https. we follow reasonable industry practices but no system is perfectly secure. you can reduce your risk by using a strong, unique password.

international users

ember is operated from the united states. if you use it from outside the us, your data will be transferred to and processed in the us and other countries where our service providers operate.

changes

we may update this policy. we'll update the “last updated” date and, for material changes, notify you in the product or by email.

contact

privacy questions or requests: please reach out through your beta invite channel. a public privacy contact will be published before ember leaves private beta.

← backterms of use →