Privacy Policy — Ember

Last updated: [DATE] Effective date: [DATE]

This Privacy Policy describes how FLYER LLC ("we", "us", "our") collects, uses, and shares information when you use Ember, our AI English speaking tutor mobile application (the "Service").

By using Ember, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information you provide

Account information: email address, name, and any profile data you choose to provide (mascot, target CEFR level, native language, daily goal time, reminder preferences).
Authentication tokens: when you sign in via Apple Sign-In or Google Sign-In, we receive a verified email and a unique account identifier from Apple or Google. We do not receive your Apple/Google password.
Payment information: payment is processed by Stripe. We never see or store your card details. We store only your subscription status (active / trial / canceled), period end date, and Stripe customer/subscription IDs.

1.2 Information collected automatically

Voice recordings: audio captured by your device's microphone during lessons and free-talk sessions. We send this audio to our speech-to-text provider for transcription and to our pronunciation scoring engine for grading. Audio is processed in real time; raw audio is not retained after grading completes (transcripts are retained — see §3).
Camera footage: when you opt in to video roleplay, your camera feed is streamed in real time to the AI tutor service. No video is recorded or retained by Ember; the stream exists only for the duration of the live session.
Lesson activity: which lessons you start/complete, time spent, accuracy scores, streak count, XP earned.
Device information: device model, operating system and version, app version, language and region settings, anonymized device identifier (used for crash reports and analytics).
Analytics events: app screens viewed, buttons tapped, features used. We use PostHog for product analytics and Sentry for crash reporting.

1.3 What we do NOT collect

We do not access your contacts, photo library, calendar, or location.
We do not use third-party advertising SDKs or share data with advertising networks.
We do not sell your personal information.

2. How We Use Information

We use the information we collect to:

Provide the Service: deliver lessons, grade pronunciation, run live voice/video sessions, sync progress across devices.
Personalize your experience: tailor lesson difficulty to your CEFR level, native language, and prior performance.
Communicate with you: send transactional emails (account, billing, password reset) and the daily reminder you opted into.
Improve the Service: analyze aggregated usage to identify bugs, measure feature adoption, and prioritize improvements. Analytics data is aggregated and anonymized where possible.
Comply with legal obligations and protect rights: detect and prevent fraud, abuse, and security incidents.

We do not use your voice recordings, transcripts, or learning data to train third-party AI models without your explicit consent.

3. How We Share Information

We share information only with the third-party processors listed below, each strictly to deliver the Service. They act on our behalf under data processing agreements and may not use the data for their own purposes.

Processor	Purpose	Data shared	Region
Supabase	Database, authentication, file storage	Profile data, lesson progress, subscription status, transcripts	US (us-east)
Anthropic	LLM for tutor conversation	Transcribed text from your turns + tutor system prompt	US
Deepgram	Speech-to-text transcription	Voice audio (transient — not retained by Deepgram beyond request)	US
ElevenLabs / Cartesia	Text-to-speech for tutor voice	Tutor text replies (no learner voice sent)	US
LiveKit Cloud	Real-time voice/video infrastructure	Audio + (if camera on) video streams	US
Fly.io	Voice agent compute	Voice session metadata	US
Stripe	Payment processing	Email, Stripe customer ID, subscription state	US
PostHog	Product analytics	Event data, anonymized device ID	US
Sentry	Crash reporting	Error stack traces, device info	US
Apple / Google	Authentication	Verified email, user ID	Per platform

We do not share your information for marketing, profiling, or sale to third parties. We may disclose information when required by law (subpoena, court order) or to protect the rights, property, or safety of FLYER LLC, our users, or the public.

4. Data Retention

Account data: retained while your account is active. Deleted within 30 days of account deletion request.
Voice recordings: not retained after grading. Transcripts (text only) retained as part of your lesson history while your account is active.
Lesson progress: retained while your account is active.
Analytics events: retained for 12 months in aggregated form; raw event data deleted or anonymized after 90 days.
Crash reports: retained for 90 days.
Subscription records: retained for 7 years per US tax/accounting requirements (legal obligation).

5. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your data ("right to be forgotten").
Export your data in a portable format.
Opt out of analytics tracking (Settings → Privacy → Analytics).
Withdraw consent for optional data processing.

To exercise any of these rights, email [privacy@embertutor.net] with the subject "Privacy Request — Ember". We respond within 30 days.

California residents (CCPA): you have the right to know what personal information we collect, to request deletion, and to opt out of the "sale" of personal information (we do not sell). Contact the same email above.

EU/UK residents (GDPR): the lawful bases on which we process your data are:

Performance of contract (delivering the Service after you sign up)
Legitimate interests (improving the Service, fraud prevention)
Consent (camera access, daily reminders, optional analytics)

You may lodge a complaint with your local data protection authority.

6. Children's Privacy

Ember is intended for users 18 years of age or older. We do not knowingly collect information from children under 13 (US) or 16 (EU). If you believe a child has provided us with personal information, please contact [privacy@embertutor.net] and we will delete it.

7. Security

We protect your data with:

Encryption in transit (TLS 1.2+) for all network communication.
Encryption at rest for stored data on Supabase.
Row-level security policies that prevent users from accessing each other's data.
Limited employee access on a need-to-know basis.
Security monitoring and incident response procedures.

No system is perfectly secure. If we discover a breach affecting your data, we will notify affected users within 72 hours of confirming the incident, as required by applicable law.

8. International Transfers

Ember operates from the United States. If you use the Service from outside the US, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses (for EU/UK users) and equivalent legal mechanisms to safeguard cross-border transfers.

9. Changes to This Policy

We may update this policy as the Service evolves or as required by law. When we make material changes:

We will post the updated policy in the app and at [https://embertutor.net/privacy].
We will update the "Last updated" date at the top of this document.
For significant changes, we will notify you via email or in-app notice at least 30 days before the change takes effect.

Continued use of the Service after the effective date constitutes acceptance of the updated policy.

10. Contact

FLYER LLC [Address line 1] [City, State ZIP] United States

Privacy questions: [privacy@embertutor.net]
General support: [support@embertutor.net]
Data Protection Officer (EU/UK): [dpo@embertutor.net]

This policy is a template and should be reviewed by legal counsel before publication. Placeholders in [brackets] must be filled in with your actual business information. Country-specific requirements (e.g., Vietnam PDPL, India DPDP Act) may apply if you launch in those markets.