Privacy Policy

Effective date: 28 March 2026

Ember by Tanopy ("Ember", "we", "us") is a social and events app operated by Tanopy. This Privacy Policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

Account information

When you create an account, we collect:

• Phone number — used for account verification via one-time passcode (OTP)
• Display name and username — chosen by you, visible to other users
• Email address (optional) — for account recovery
• Profile photo (optional) — visible to other users

Messages

Ember uses end-to-end encryption (E2EE) for all messages. This means:

• We cannot read your messages — they are encrypted on your device before being sent
• Only you and your intended recipients can decrypt and read message content
• Encryption keys are generated and stored on your device, not on our servers
• Media files (photos, videos, voice messages) sent in chats are also end-to-end encrypted

We store encrypted message data on our servers only to deliver messages to recipients who may be offline. We cannot decrypt this data.

Events

When you create or interact with events, we collect:

• Event details you provide (title, description, date, location, cover image)
• Your RSVP status and comments on events

Event information is visible to other users as determined by the event creator's settings.

Flares (posts)

Content you post as Flares (text, images, GIFs) is stored on our servers and visible to other users.

Device information

We collect limited device information to deliver push notifications and ensure app compatibility:

• Push notification token (APNs for iOS, FCM for Android)
• App version and operating system version

Usage analytics

We collect anonymous, aggregated analytics (e.g., encryption success rates) to monitor app health and reliability. These analytics contain no personally identifiable information and cannot be linked to individual users.

2. How We Use Your Information

• Provide the service — deliver messages, manage events, display social content
• Verify your identity — send OTP codes during registration and login
• Send notifications — alert you to new messages, event updates, and social activity
• Maintain security — detect abuse, enforce rate limits, and protect the integrity of E2EE
• Improve reliability — monitor app health using anonymous analytics

3. Third-Party Services

We use the following third-party services to operate Ember:

• Twilio — to send OTP verification codes via SMS. Twilio receives your phone number for this purpose. See Twilio's Privacy Policy.
• Amazon Web Services (S3) — to store uploaded media files (profile photos, event images, chat attachments). Chat attachments are end-to-end encrypted before upload.
• Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) — to deliver push notifications to your device.
• GIPHY — to provide GIF search within the app. Your search queries are sent to GIPHY. See GIPHY's Privacy Policy.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

4. Data Storage and Security

• Your data is stored on servers located in Germany (Hetzner Cloud)
• All connections use TLS 1.2/1.3 encryption in transit
• Messages are end-to-end encrypted — we cannot access their content
• Passwords are hashed using bcrypt with individual salts
• Authentication uses RSA-256 signed JSON Web Tokens (JWT)

5. Data Retention

• Your account data is retained while your account is active
• When you delete your account, your personal data is permanently removed from our servers
• Encrypted messages that have already been delivered to recipients remain on their devices — we cannot remotely delete them

6. Your Rights

You have the right to:

• Access your personal data — view your profile and account information within the app
• Correct your data — update your display name, username, email, or profile photo at any time
• Delete your account — permanently remove your account and associated data from our servers via the app settings
• Export your data — contact us to request a copy of your personal data

7. Children's Privacy

Ember is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by updating the effective date above.

9. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: privacy@tanopy.io