top of page

Privacy Policy

Ember Technologies, LLC d/b/a Amber AI
Effective Date: July 10, 2025

  1. INTRODUCTION
    This Privacy Policy explains in detail how Ember Technologies, LLC, a Montana limited-liability company doing business as Amber AI, collects, uses, discloses, stores, and protects personal data when you access or use any Amber AI voice-based conversational interface, website, mobile or telephony client, application-programming interface, or any associated software, content, or services (collectively, the service). The service is a private, invite-only beta available to adults aged eighteen or older worldwide. By using the service, you acknowledge that you have read and understood this Policy and agree to its terms. If you do not agree, you should discontinue use immediately. Capitalized terms that are not defined here have the meanings given in our Terms and Conditions.

  2. PERSONAL DATA WE COLLECT
    We collect only the categories of personal data that are necessary to operate and improve the service, verify your identity, process your subscription, and comply with legal obligations. The information we gather falls into five main groups:
    (a) Account identifiers such as the mobile phone number you supply during registration and any verification codes we send to that number.
    (b) Conversational data consisting of the voice or audio you submit, the corresponding speech-to-text transcripts, internal embeddings, summaries, and the model outputs returned to you.
    (c) Device and network metadata including internet protocol address, user-agent string, approximate time-zone, diagnostic event logs, and crash reports that help us secure and maintain the service.
    (d) Payment-related information, limited to a tokenized card reference and billing postal code generated and stored by Stripe, our PCI-DSS-compliant payment processor. We never handle or store raw card numbers or security codes on our servers.
    (e) Support and feedback content, such as emails, bug reports, feature requests, or survey responses you voluntarily send to us.
    We do not intentionally collect cookies, precise geolocation, biometric voiceprints, health information, or any other sensitive data unless you choose to reveal such information during a conversation, in which case it will be processed only as conversational data.

  3. HOW WE USE PERSONAL DATA
    Personal data is used for a limited set of purposes that are compatible with the reasons for which it was collected:
    (a) To provide the service, including authenticating your account, transcribing speech, generating and returning AI responses, preserving conversational memory, and delivering synthesized audio.
    (b) To maintain, secure, debug, and improve the service by monitoring quality, analyzing aggregated usage patterns, optimizing model performance, and developing new features.
    (c) To process payments, manage subscriptions, issue invoices, detect fraud, and enforce our terms through Stripe and related financial service providers.
    (d) To communicate with you, including sending transactional notices such as authentication codes, payment confirmations, security alerts, onboarding materials, and occasional promotional updates about new capabilities.
    (e) To comply with applicable law, respond to lawful requests, resolve disputes, and protect the rights, property, or safety of users, the public, or the company.
    We do not sell, rent, trade, or share personal data for advertising or cross-context behavioral marketing, and we do not engage in automated decision-making that produces legal or similarly significant effects on individuals.

  4. DISCLOSURE OF PERSONAL DATA
    We never disclose personal data to unaffiliated third parties for their independent use. Disclosure is limited to:
    (a) Service providers and sub-processors that perform tasks on our behalf under binding contracts requiring confidentiality, data protection, and prohibition of secondary use. These include OpenAI, Google Gemini, and ElevenLabs for language generation and speech synthesis; Stripe for payment processing; Twilio for telephony, messaging, and voice connectivity; MongoDB Atlas for encrypted database hosting; and Modal for secure on-demand compute infrastructure.
    (b) Our controlled affiliates and carefully vetted independent contractors who need access to personal data to help operate or improve the service, each subject to strict nondisclosure obligations and least-privilege access controls.
    (c) Competent governmental, regulatory, or judicial authorities when disclosure is mandated by applicable law, subpoena, court order, or similar legal process. Before disclosing, we will, where legally permissible, attempt to narrow or challenge the request and notify you.

  5. DATA RETENTION AND DELETION
    We store conversational data indefinitely to provide the infinite memory feature that enables personalized context across sessions. You may delete individual messages, entire conversations, or your entire account at any time using in-service controls. Deletions take effect immediately in active systems and are permanently enforced in encrypted backups within thirty days. Account records and billing information are retained for as long as your subscription remains active and for seven years afterward to comply with tax, accounting, and anti-fraud requirements. System and security logs are automatically purged after ninety days unless a longer retention is required for an active investigation or legal obligation.

  6. INTERNATIONAL DATA TRANSFERS
    We operate primarily from the United States. When you use the service from other countries, personal data may be transferred to, stored, or processed in the United States or other jurisdictions that may have different privacy protections. We rely on standard contractual clauses or other approved transfer mechanisms to provide appropriate safeguards for cross-border data flows. By continuing to use the service, you consent to such transfers where required by law.

  7. SECURITY MEASURES
    We employ administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, and destruction. These measures include encryption in transit using TLS 1.2 or higher, encryption at rest using AES-256 or equivalent algorithms, multi-factor authentication for all privileged accounts, rigorous access-control policies based on the principle of least privilege, segmented network architecture that isolates model-processing workloads, continuous vulnerability scanning, regular third-party penetration testing, detailed audit logging, and an incident response plan that obligates us to notify affected users within seventy-two hours of any confirmed material data breach. We have not yet completed SOC 2 or ISO 27001 certification because the product is in private beta, but these audits are scheduled before general availability.

  8. YOUR PRIVACY RIGHTS
    Depending on your country or state of residence, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing activities. We honor all valid requests without charge and without discrimination. To exercise your rights, send an email from your registered phone number’s primary address to privacy@amberai.app, specifying the request type. We will verify your identity via an SMS code sent to your registered number and respond within thirty days unless a longer period is legally permissible. We may refuse or limit a request if we are unable to verify your identity, if disclosure would adversely affect the rights and freedoms of others, or if the request is manifestly unfounded or excessive.

  9. CHILDREN AND MINORS
    The service is not directed to anyone under eighteen years of age. We do not knowingly collect personal data from children. If we discover that a registered user is under eighteen, we will delete the account, erase all personal data, and block further access. Parents or legal guardians who believe their child has provided us with personal data should contact us promptly.

  10. COMMUNICATIONS
    We send transactional communications that are necessary to provide the service, such as verification codes, payment receipts, renewal reminders, incident notifications, and important updates to our terms or policies. We may also send occasional promotional messages about new features or beta programs. Promotional communications require your prior consent where mandated by law and always include a clear and simple opt-out mechanism, such as replying STOP for SMS or clicking an unsubscribe link in email. We are developing expanded notification preferences to let you tailor the frequency and channel of any non-essential messages.

  11. CHANGES TO THIS POLICY
    We may revise this Privacy Policy to reflect new features, changes in our practices, or legal and regulatory developments. Material changes will be communicated to you by email, SMS, or a prominent in-service banner at least thirty days before they become effective, unless a shorter notice period is required to comply with law. The effective date at the top of the document will be updated to indicate the latest revision. Your continued use of the service after the effective date constitutes acceptance of the revised Policy.

  12. CONTACT INFORMATION
    If you have any questions, concerns, or requests relating to privacy or data protection, you may contact us as follows:
    Email: info@myamber.ai
    We strive to acknowledge all legitimate correspondence within seven days and to resolve complaints within thirty days. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local supervisory authority.

bottom of page