Privacy Policy

Last updated: 24 May 2026

Embers ("we", "us") is a self-reflection and journaling companion. It is not therapy, medical advice, diagnosis, or crisis support. This policy explains what we collect, why, how we use AI, how long we keep it, and the rights you have under UK and EU GDPR.

What we collect

• Account data: email and authentication identifiers.
• Reflection data: assessment answers, check-ins, journal entries, plans, and AI-generated reflections.
• Sensitive content: what you write may describe mood, stress, health, work, or relationships. Only write what you're comfortable storing.
• Preferences: reminder settings, notification subscriptions, time zone.
• Technical data: basic device and log information for security and reliability.

How AI processing works

When you ask for a reflection, insight, or transcription, the relevant text or audio is sent over an encrypted connection to a third-party AI provider (Google or OpenAI) via our gateway. Providers process it only to return your result. Your content is not used to train third-party models, and we never sell it.

AI reflections are generated automatically and can be wrong. Nothing the AI says is medical, psychological or clinical advice. If your writing contains language about self-harm, suicide, abuse or being in danger, we won't generate a reflection. We'll show our safety resources instead.

Human access

A very small number of operators may access stored content only when strictly necessary to investigate a serious bug, security incident, or abuse report. All such access is logged and never used to read journals out of curiosity.

Retention and deletion

• Reflections are kept while your account is active.
• Delete individual journal entries any time from the Journal page.
• Request full deletion from Settings. Your account and content are removed within 30 days.
• Backups are rotated and overwritten within 35 days.

Your GDPR rights

You can access, correct, export, restrict, or erase your personal data, and object to processing. Export and deletion are self-serve in Settings; for anything else, emailhello@embers.me. You may also complain to your local data-protection authority (e.g. the UK ICO).

Processors we use

Hosting and database (Supabase), AI gateway (Lovable AI, using Google Gemini and OpenAI), email delivery and payments. Each is bound by data-processing terms.

Contact

Questions or requests? Email hello@embers.me.