Ember Privacy Policy

Ember does not require an account, and you do not sign in. Everything you write — your Sparks, reflections, shift intentions, shift debriefs and Friday reflections — is stored only in a private database on your device. We never receive, sync, or back up that content to our servers.

The only information that leaves your device is described below: anonymous usage analytics, subscription information handled by the app stores, and — if you choose to send one — a bug report or feature request.

The following is created and kept locally on your device. It is not transmitted to EventMedConnect and is not accessible to us:

• Your Sparks, including the moments you write about and how you felt.
• Your reflections, shift intentions, shift debriefs and Friday reflections.
• Your profile and preferences: your name, age range, role, weekly commitment, onboarding answers (challenges, goals, how work affects you, stress level), badges, streaks and reminder settings.

Because this data lives only on your device, deleting the app, or using the reset option in Settings, permanently removes it. We cannot recover it for you.

We use PostHog to understand how Ember is used so we can improve it. Analytics are tied to a randomly generated anonymous identifier, not to your name or any account. We collect:

• Product events such as completing onboarding, creating a Spark, completing a reflection, viewing the paywall, starting or restoring a subscription, unlocking a badge, and moving between screens.
• Coarse, non-identifying attributes attached to events, for example your role, age range, weekly commitment, whether notifications are enabled, and whether you are a premium subscriber.
• Basic device and app information (such as app version, operating system, and general device type) and app lifecycle events used for stability and diagnostics.
• Session replays of how the interface is used. All text inputs and images are masked before anything leaves your device, so the words you type are never captured.

By design, the following is never sent to our analytics:

• The text of your Sparks, reflections, intentions, debriefs or Friday reflections.
• Your name or any free-text you enter, as part of analytics events.
• Health records, medical data, or precise location.
• Your contacts, photos, or microphone.

Ember Pro subscriptions are processed by RevenueCat together with the Apple App Store or Google Play. When you subscribe, restore a purchase, or start a trial, RevenueCat receives an anonymous app-user identifier and purchase/receipt details so we can unlock and verify your subscription.

Your payment details (card numbers and billing information) are handled directly by Apple or Google. We never see or store them. You can manage or cancel a subscription at any time in your App Store or Google Play account settings.

If you choose to send us a bug report or feature request from within the app, the text you submit — and any contact detail you decide to include — is sent to and stored in our database hosted on Supabase in Ireland (EU). This is the only content you write that we receive, and only when you choose to submit it.

We use this information solely to diagnose issues, respond to you where relevant, and improve Ember. Please avoid including sensitive personal or health information in these messages.

Reminders such as reflection nudges, weekly commitment reminders, the Friday Reflection, and trial reminders are scheduled and delivered locally on your device. We do not operate a push-notification server and do not transmit a device token to us. You can turn notifications off at any time in your device settings.

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

• Legitimate interests (Article 6(1)(f)) for anonymous analytics, stability diagnostics, and improving the app, balanced against your privacy through anonymity and input masking.
• Performance of a contract (Article 6(1)(b)) for processing necessary to provide and verify subscriptions.
• Consent (Article 6(1)(a)) where required, for example to send a bug report or feature request, which you provide by choosing to submit it. You can withdraw consent at any time.

We do not sell your personal information. We share the limited data above only with service providers who process it on our behalf:

• PostHog — product analytics and session replay.
• RevenueCat — subscription management.
• Apple and Google — payment processing and app distribution.
• Supabase — storage for bug reports and feature requests.

Analytics (PostHog) and subscription processing (RevenueCat) may involve transfer of data to the United States. Where this occurs, transfers are protected by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

Bug reports and feature requests are stored on Supabase infrastructure located in Ireland (EU), so that data is not transferred outside the EU.

On-device data remains until you delete it or uninstall the app. Anonymous analytics are retained for as long as needed to understand product trends and are then aggregated or deleted in line with our analytics provider's retention settings. Subscription records are retained as required to provide the service and meet legal and accounting obligations. Bug reports and feature requests are kept only as long as needed to resolve the issue and improve the app.

On-device data is protected by your device's own security and operating-system protections. Data in transit to our service providers is encrypted using industry standard transport encryption. No method of storage or transmission is completely secure, but we take reasonable measures to protect your information.

Depending on where you live, you have rights over your personal information. Under the GDPR and UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction (rectification) of inaccurate data.
• Request erasure of your data.
• Restrict or object to certain processing.
• Request portability of your data.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local supervisory authority (for example, the Irish Data Protection Commission or the UK Information Commissioner's Office).

Under the California Consumer Privacy Act (as amended by the CPRA) you have the right to know, delete, and correct personal information, and to opt out of the sale or sharing of personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising any of these rights.

Because your reflections and profile live only on your device, you can delete all of that data yourself at any time using the reset option in Settings, or by uninstalling the app.

For analytics, subscription, or bug-report data held by us or our processors, or to exercise any of the rights above, contact us at info@eventmedconnect.com. As our analytics are anonymous, we may ask for information to help locate the relevant data, and in some cases may be unable to link it to you.

Ember is intended for adults in demanding professions and is not directed to children under 16. Onboarding is designed for users aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

We may update this policy as the app evolves. When we make material changes, we will update the date at the top and, where appropriate, notify you in the app. Your continued use of Ember after an update means you accept the revised policy.

For any privacy questions or requests, contact EventMedConnect at info@eventmedconnect.com.