Back to home

Privacy Policy

Last updated: February 13, 2026

1. Scope

This Privacy Policy explains how EmberCloud Systems (EmberCloud, we, us, or our) collects, uses, discloses, and otherwise processes personal data when you use our website, dashboard, and API services. This Privacy Policy is for transparency and does not modify any separate contract terms.

2. Key Privacy Commitments

  • We do not use your API prompts or outputs to train general foundation models unless you explicitly opt in.
  • You can request access, correction, export, or deletion of personal data, subject to legal and security limits.
  • Our primary usage billing tables are designed to store usage metadata (for example, token counts and costs), not full prompt or completion text.

3. What Is Personal Data?

Personal data means information that identifies, relates to, describes, or can reasonably be linked to an individual.

4. Information We Collect

We may collect the following categories of information:

  • Account and identity data, such as user ID, email address, and profile details from our authentication provider.
  • API credential metadata, including key name, short token, hashed key value, creation and last-used timestamps, and revocation status.
  • Usage and operational data, such as model identifier, request timing, token counts, latency, and error information.
  • Billing and transaction data, such as wallet balances, transaction history, Stripe customer references, and payment intent IDs.
  • Support and communication data, including information you provide when contacting us.
  • Device and technical data, including logs, IP address, and browser metadata used for security and reliability.

5. Prompt and Output Handling

We process prompts and request payloads to generate outputs and return responses.

We do not intentionally store full prompt or completion text in our primary usage billing tables, which store request metadata such as token counts and costs. Prompt or output data may still be handled transiently in memory and may appear in short-lived operational logs where reasonably necessary for security, abuse prevention, incident response, and debugging.

6. How We Use Information

We use collected information to:

  • Provide, maintain, and secure the Service.
  • Authenticate users and manage account access.
  • Issue, validate, and revoke API credentials.
  • Measure usage, calculate charges, and process billing.
  • Detect, investigate, and prevent abuse or fraud.
  • Comply with legal obligations and enforce our agreements.
  • Improve performance, reliability, and product features.

Depending on your location, legal bases may include contract performance, legal compliance, legitimate interests, and where required, your consent.

7. How We Share Information

We may share information with:

  • Service providers that support operations, such as Clerk, Supabase, and Stripe.
  • Infrastructure, security, and analytics vendors acting on our instructions.
  • Professional advisors (for example, legal, accounting, or audit advisors).
  • Government and law enforcement authorities when required by law.
  • A successor entity in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets.

We do not sell personal information for monetary consideration.

8. International Transfers

Information may be processed in countries other than your own, including the United States. Where required by law, we implement appropriate safeguards for cross-border transfers, such as contractual transfer protections and equivalent mechanisms.

9. Data Retention

We retain information for as long as needed for the purposes in this Policy, including service delivery, security, legal compliance, and dispute resolution. Typical retention periods are:

  • Account profile and settings data: while your account is active and for a limited period after closure.
  • API key metadata and security logs: generally up to 24 months.
  • Usage and billing ledger records: generally up to 7 years for accounting and compliance.
  • Support communications: generally up to 24 months.

Retention may be longer where required by law, court order, or ongoing dispute resolution.

10. Rights Requests and Account Deletion

Depending on applicable law, you may have rights to request access, correction, deletion, portability, or restriction of certain personal information, and to object to certain processing.

To submit a privacy request:

  • Email support@embercloud.ai with the subject line Privacy Request.
  • We may verify identity before fulfilling requests, including by confirming account ownership and requesting additional details.
  • Authorized agents may submit requests where applicable with proof of authority.
  • We generally respond within 45 days where required by law and may extend as permitted with notice.
  • If a request is denied, you may appeal by replying with the subject line Privacy Appeal.

You can also request account deletion through support. After verification, we generally aim to process account deletion within 30 days, subject to legal, security, and billing record retention requirements.

11. U.S. State Privacy Rights

If you are a resident of a U.S. state with an applicable privacy law, you may have rights described in Section 10 and rights related to opting out of certain processing where required by law. We do not discriminate against individuals for exercising privacy rights.

12. EEA and UK Rights

If you are in the EEA or UK, you may have rights to access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with your local supervisory authority.

13. Cookies and Similar Technologies

We use essential cookies and related technologies for authentication, session continuity, security, and core website functionality. We may also use limited analytics or operational telemetry to improve reliability.

14. Security

We use administrative, technical, and organizational safeguards designed to protect information. No system is completely secure, and we cannot guarantee absolute security.

15. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

16. Changes to This Policy

We may update this Privacy Policy periodically. If changes are material, we will post the updated policy and revise the last updated date above.

17. Contact

If you have questions about this Privacy Policy, contact support@embercloud.ai.

For service usage terms, see our Terms of Service.