Privacy Policy

Last Updated: October 22, 2025

Effective Date: October 1, 2025

Introduction

At Ember Flow ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered development platform and services.

By accessing or using Ember Flow, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

1. Information You Provide

  • Account Information: Name, email address, username, password
  • Profile Data: Profile picture, bio, preferences
  • Payment Information: Billing address, payment method (processed securely via Stripe)
  • Project Data: Code, configurations, deployment settings
  • Communications: Support tickets, feedback, survey responses

2. Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Performance Data: API response times, error logs, system metrics
  • Cookies & Tracking: Session tokens, preference cookies, analytics cookies

3. Information from Third Parties

  • OAuth Providers: GitHub, Google, GitLab authentication data
  • Payment Processors: Stripe transaction data
  • Cloud Providers: AWS, GCP, Azure deployment logs

How We Use Your Information

  • Provide Services: Generate code, deploy applications, manage your account
  • Improve Platform: Analyze usage patterns, fix bugs, develop new features
  • Personalization: Customize your experience, remember preferences
  • Security: Detect fraud, prevent abuse, protect against threats
  • Communication: Send updates, notifications, marketing (opt-out available)
  • Compliance: Meet legal obligations, enforce terms of service
  • Analytics: Understand performance, usage trends, user behavior

What We NEVER Do With Your Data

  • Never sell your data to third parties, advertisers, or data brokers
  • Never use your code to train AI models or improve algorithms
  • Never track you across other websites or apps
  • Never share without consent - your data stays private

Data Sharing & Disclosure

We may share your information only in the following circumstances:

  • Service Providers: AWS, Stripe, SendGrid (under strict contracts)
  • Legal Requirements: Court orders, subpoenas, legal compliance
  • Business Transfers: Mergers, acquisitions (you'll be notified)
  • With Your Consent: Explicit permission for specific purposes
  • Aggregated Data: Anonymous, non-identifiable statistics

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access Controls: Role-based permissions, 2FA, least privilege
  • Monitoring: 24/7 security monitoring, intrusion detection
  • Audits: Regular security audits, penetration testing
  • Backups: Encrypted, geographically distributed
  • Incident Response: Documented procedures, breach notification

Data Retention

We retain your information for as long as necessary to provide services:

  • Active Accounts: Duration of account + 90 days after closure
  • Project Data: Until deleted by you + 30-day recovery period
  • Logs: 90 days for analytics, 1 year for security
  • Financial Records: 7 years (legal requirement)
  • Marketing Data: Until opt-out + 30 days

Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Restrict Processing: Limit how we use your data
  • Object: Object to data processing based on legitimate interests
  • Withdraw Consent: Revoke previously granted permissions

To exercise these rights, contact us at privacy@emberflow.ai

Cookies & Tracking Technologies

We use cookies and similar technologies as described in our cookie consent popup:

  • Essential Cookies: Required for basic functionality (cannot be disabled)
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings and choices

You can manage cookie preferences through our cookie consent tool or your browser settings.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Adequacy decisions by relevant authorities

Children's Privacy

Ember Flow is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for material changes)
  • In-app notification

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@emberflow.ai

Data Protection Officer: dpo@emberflow.ai

Address: Ember Flow Inc., 123 Developer Lane, San Francisco, CA 94107

Support: Contact Form

Compliance

Ember Flow complies with:

  • GDPR: EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • SOC 2: Type II certification (in progress)
  • ISO 27001: Information security management
Back to Home