← Back to Ember Stories
Privacy Policy
Effective Date: May 5, 2026 ·
Last Updated: May 5, 2026
Introduction
Ember Stories Inc ("we," "us," or "our") operates the Ember mobile application (the "Service") that helps families and households create collaborative photo and video memory stories.
This Privacy Policy describes how we collect, use, and share information when you use our Service, and explains your privacy rights and how the law protects you.
Information We Collect
Information You Provide Directly
- Account Information: Email address, name, and household details you provide during registration
- Profile Information: Personal details you choose to share in your user profile
- Household Member Information: Names, birth dates, and other details of family members you choose to add to your household (with their consent)
- Relationship Data: Family relationships and connections you define within your household
- Contact Information: When you contact us for support or feedback
Information Collected Automatically
- Photos and Media: With your explicit permission, we access your device's photo library to help you create stories
- Photo Metadata (EXIF Data): We automatically extract technical information from your photos including:
- Date and time photos were taken
- Camera settings and device information
- Location Data: GPS coordinates (latitude/longitude) embedded in photos
- File size, format, and other technical metadata
- Location Services: We use Google Geocoding API to convert GPS coordinates from your photos into readable location names (e.g., "Central Park, New York") to enhance story narratives. We do not access your device's real-time location.
- Device Information: Device type, operating system version, app version, and unique device identifiers
- Usage Information: How you interact with the app, features used, and time spent in the app
- Technical Information: IP address, browser type, and network connection information
Information from Third-Party Services
- Authentication Services: When you sign in with Apple or Google, we receive basic profile information
- Google Geocoding API: We send GPS coordinates from your photos to Google to obtain location names and addresses for story context
- Push Notifications: Device tokens from OneSignal to send you notifications (only if you opt-in)
How We Use Your Information
We use the information we collect to:
- Provide the Service: Create personalized photo stories and manage your account
- Story Enhancement: Use photo metadata including location data to create richer, more contextual stories
- AI-Assisted Content: Generate narrative text and story enrichment using artificial intelligence and large language models based on your photos and metadata
- Household Features: Enable story sharing and collaboration among household members
- Person Recognition: Help identify and tag household members in photos and stories
- Story Personalization: Use household member information to create more meaningful family narratives
- Location Context: Convert GPS coordinates to readable location names to enhance story narratives
- Photo Organization: Group photos by location, date, people, and other metadata to create meaningful story collections
- Improve the Service: Analyze usage patterns to enhance app functionality and user experience
- Communicate: Send you service-related notifications, updates, and support responses
- Personalization: Customize your experience and story recommendations based on your photo patterns and locations
- Security: Protect against fraud, abuse, and security threats
How We Share Your Information
We do not sell, rent, or trade your personal information. We may share information in these limited circumstances:
Service Providers
We work with trusted third-party service providers:
- Supabase: Secure cloud database for account and app data storage
- Google Cloud and Firebase: Application infrastructure, including Google Analytics for Firebase (anonymized usage analytics), Firebase Crashlytics (crash diagnostics), Firebase Remote Config (feature configuration), and the Google Geocoding API (which converts GPS coordinates from your photos into location names and addresses for story context)
- Anthropic: We send photo metadata (such as dates, locations, and household member context) to Anthropic's Claude API to generate story narrative text. We do not send photo image data to Anthropic. Anthropic processes this data on our behalf and does not retain it for training
- OneSignal: Push notification delivery (only if you opt-in to notifications)
- Superwall: Subscription and payment management (processes subscription status only; payment transactions are handled directly by Apple and Google)
Household Sharing
When you create or join a household, certain information is shared with other household members:
- Stories you mark as "household" visibility
- Your name and profile information within the household
- Household member details you add
Stories you mark as "private" are visible only to you and are never shared with other household members.
Household Sharing and Account Deletion
Ember treats the "Share with Household" action as an explicit, informed distribution of content to the other members of your household. This means:
- When you share a story with your household, you confer ongoing access to that content to all current and future members of that household
- If you later delete your account, shared stories and their photos remain accessible to the remaining household members. Your identifying attribution on shared content (for example, "created by [your name]") is removed
- Private stories, in contrast, are never shared and are permanently deleted when you delete your account
We designed this model to reflect how families and households actually use shared memories — analogous to handing out printed photos at a family gathering, where the act of giving distributes ongoing access to those memories. Our Terms of Service contain a parallel description of this model.
Legal Requirements
We may disclose information if required by law or to:
- Comply with legal processes or government requests
- Protect our rights, property, or safety, or that of our users
- Investigate potential violations of our terms of service
Business Transfers
If we are acquired or merged, your information may be transferred as part of that transaction. We will notify you via email or in-app notice before your information becomes subject to a different privacy policy.
Data Security
We take reasonable measures to protect your information, including:
- Encryption of data in transit using TLS/SSL
- Encryption of data at rest in our cloud infrastructure
- Authentication and access controls to limit data access
- Regular security reviews of our systems and practices
No method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
Data Retention and Deletion
We retain your information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: Retained while your account is active and for up to 30 days after deletion for operational cleanup. Accounts cannot be recovered after a deletion request is confirmed
- Private stories and photos: Permanently deleted within 30 days of your account deletion request
- Photo metadata (EXIF data): Deleted or anonymized alongside its associated photo or story
- Shared household content: Stories and photos you have shared with your household (by selecting "Share with Household" in the app) are retained by that household for the lifetime of the household — or until individual household members delete them. When you delete your account, your identifying attribution on shared content is removed, but the underlying content remains accessible to other household members (see "Household Sharing and Account Deletion" below)
- Attribution data: When you delete your account, identifying links to you on collaborative data — shared story authorship, story contributions, face tags, location creator records — are removed (set to null). The underlying data remains where other household members rely on it
- Usage and analytics data: Retained in anonymized or aggregated form for up to 12 months
- Billing and audit records: Records required for billing reconciliation, fraud investigation, or legal compliance are retained with identifying user links removed
When you delete your account, we delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or household-continuity purposes as described above.
Household dissolution: If you are the sole active Ember user of a household when you delete your account, the household itself and all its shared content will also be deleted on the same 30-day timeline.
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate or incomplete information
- Deletion: Request that we delete your personal information
- Data Portability: Request a copy of your data in a structured, machine-readable format
- Objection: Object to our processing of your personal information in certain circumstances
- Restriction: Request that we restrict the processing of your personal information
- Withdraw Consent: Where processing is based on consent, withdraw that consent at any time
To exercise any of these rights, contact us at privacy@emberstories.com. We will respond to your request within 30 days.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- The right to know what personal information we collect, use, and disclose
- The right to request deletion of your personal information
- The right to opt out of the sale of personal information (we do not sell your personal information)
- The right to non-discrimination for exercising your privacy rights
European Users (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing your information includes:
- Contract performance: Processing necessary to provide the Service you requested
- Consent: Processing based on your explicit consent (e.g., photo library access)
- Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service and ensuring security
Children's Privacy
Ember is a family-oriented service. While users must be at least 13 years old to create an account, we recognize that account holders will share photos and information about family members of all ages, including children under 13.
- We do not knowingly collect personal information directly from children under 13
- Account holders who add children's information to their household represent that they have parental authority to do so
- Children's photos and information are protected by the same security measures as all user data
- Parents or guardians may request access to, correction of, or deletion of their child's information at any time by contacting us
If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.
Cookies and Tracking
The Ember mobile application does not use cookies. We do not use third-party advertising trackers or cross-app tracking technologies. We do not participate in ad networks or share data for targeted advertising purposes.
We use Google Analytics for Firebase to understand aggregate, anonymized usage patterns within the app. This service uses an installation-specific identifier rather than cookies and is configured to limit collection to anonymized event and device data — it does not include personally identifiable information.
Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we make changes:
- We will post the updated policy with a new "Last Updated" date
- For material changes, we will notify you via email or in-app notification
- Your continued use of the Service after changes constitutes acceptance of the updated policy
Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us:
Email: privacy@emberstories.com
Address: Ember Stories Inc, 5534 Saint Joe Road, Fort Wayne, IN 46835, USA
Response Time: We will respond to requests within 30 days
For EU users, you may also contact your local data protection authority if you have concerns about how we handle your data.