Ember AI

Migrate AI DBA Ember AI (“Ember”, “we”, “our”, or “the Company”) is committed to protecting the personal and proprietary data of individuals and organizations who engage with our platform. This Privacy Policy outlines how personal information and technical data are collected, used, stored, and protected when interacting with Ember's services.

Topics Covered

What Data Is Collected
How Data Is Collected
How Collected Data Is Used
AI Model Training & Code Privacy
List of Subprocessors
Security Practices
Data Breach Notification
How Data Is Stored & Retained
Children's Privacy
Marketing
Data Protection Rights
Cookies and Tracking
Third-party Policies
No Coding Advice & Liability
Contact Information

What Data Is Collected

Ember collects two distinct categories of data: Customer Data (your content) and Service Data (how you use the tool).

1. Customer Data (Your Content)

→Project Artifacts: Code snippets, natural language prompts, repository files, and deployment configurations you upload or input into the AI.
→Communication Content: Chat logs with the AI, history of prompts, and interactions with human experts.
→Account Information: Name, email, profile picture, and billing details.

2. Service Data (Telemetry)

→Usage Metrics: API calls, storage usage, prompt volumes, and error logs.
→Device Telemetry: IP address, browser type, operating system, and IDE extension version.
→Interaction Data: Clickstreams, feature usage patterns, and session duration.

How Data Is Collected

Ember collects data through:

Direct Input: When you paste code, type prompts, or upload files.
IDE Extensions: Through our VS Code extensions (only accessing files/folders you explicitly authorize).
AI Gateway Integrations: When you connect third-party repos (GitHub, GitLab) or deploy via our cloud tools.
Automated Telemetry: Background collection of performance metrics and error rates.

How Collected Data Is Used

We use Service Data to:

Monitor platform stability and security.
Meter usage for billing (e.g., API token consumption).
Analyze user behavior to improve UI/UX.

We use Customer Data to:

Generate Code: Transmit inputs to our AI processing partners to return code solutions.
Provide Contextual Continuity: Store session history and prompts to allow the AI to “remember” previous parts of your conversation across different login sessions.
Facilitate Expert Sessions: Share relevant context with human experts you hire for pair programming.

AI Model Training & Code Privacy

We understand that your code is your intellectual property. Our stance on training is as follows:

Pass-Through Processing: When you use our AI features, your prompts and code are transmitted to Large Language Model (LLM) providers (e.g., OpenAI, Anthropic) solely for the purpose of generating a response.
Internal Improvements: We may use anonymized and aggregated interaction data (e.g., “User accepted this code suggestion”) to fine-tune our internal matching algorithms and prompt engineering strategies.
Opt-Out: Enterprise and Business plan users may opt out of all data aggregation for internal improvements by contacting support@ember.ai.

List of Subprocessors

To provide our service, we utilize third-party sub-processors. These vendors process data on our behalf. We perform due diligence to ensure they maintain high security and privacy standards.

Provider	Purpose	Location
AWS	Cloud Infrastructure & Hosting	USA
Neon DB	Database Hosting (PostgreSQL)	USA
MongoDB	Database Hosting (NoSQL)	USA
Supabase	Backend-as-a-Service & Storage	USA
Stack Auth	Authentication & User Management	USA
OpenAI	LLM Processing (AI Model)	USA
Anthropic	LLM Processing (AI Model)	USA
GitHub	Repository Integration	USA
Render	Application Deployment/Hosting	USA
Stripe	Payment Processing	USA
Clarity	Analytics & Session Recording	USA

Security Practices

Ember employs industry-standard security measures to ensure the confidentiality, integrity, and availability of your data.

Infrastructure Security: We host our services on AWS, which is SOC 2 Type II and ISO 27001 certified. While Ember is currently in the process of aligning its own internal controls for future certification, we leverage the certified security of our infrastructure providers.
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 standards).
Access Control: We support Single Sign-On (SSO) to help organizations manage access securely. Internal access to customer data is restricted to authorized employees on a strictly “need-to-know” basis (e.g., for debugging specific support tickets).
Vulnerability Management: We conduct regular code reviews and dependency scanning to identify security vulnerabilities.

Data Breach Notification

In the event of a confirmable data breach that affects your personal data or proprietary code, Ember will notify you without undue delay after becoming aware of the breach.

This notification will include:

The nature of the breach.
The data potentially compromised.
Recommended steps you can take to protect yourself.

How Data Is Stored & Retained

All data is securely stored using AWS, Neon DB, MongoDB, and Supabase.

Retention Policy:

AI Conversation & Prompts: We retain your prompt history and chat logs in our database to provide long-term project memory and context continuity. This data is retained until you explicitly delete your account or delete specific projects/chats within the interface.
Sensitive Data Warning: While we encrypt data, we strongly advise users not to input secrets (API keys, passwords, production credentials) directly into AI chat prompts, as this history is persisted.
Billing/Service Data: Retained for 7 years as required by tax and accounting laws.

Children's Privacy

Ember is a professional development tool intended for use by adults and businesses.

Age Restriction: Our services are not directed to individuals under the age of 18.
COPPA Compliance: We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information immediately.

Marketing

Ember uses contact information to send product updates and relevant offers. We never sell your personal data or code snippets to third parties for advertising. You may opt out at any time.

Data Protection Rights

In accordance with GDPR, CCPA, and other global privacy laws, you have the right to:

Access: Request a copy of all personal data and code artifacts we hold.
Correction: Fix inaccurate account details.
Erasure: Request complete deletion of your account and all associated code data (“Right to be Forgotten”).
Portability: Receive your saved code snippets and chat logs in a structured format (JSON/CSV).

To exercise these rights, email support@ember.ai.

Cookies and Tracking

We use cookies strictly for:

Authentication: Keeping you logged in.
Security: Detecting unusual login attempts.
Analytics: Understanding which features are used most (via Clarity).

You can manage cookie preferences via your browser settings.

Privacy Policies of Other Websites

Ember integrates with third-party tools (GitHub, Render, Stripe). Your interactions with these platforms are governed by their respective privacy policies. We encourage you to review them.

No Coding Advice & Liability

Ember is an AI-assisted development tool. The code, suggestions, and explanations generated by our AI models are for informational and assistance purposes only.

No Warranty: We do not guarantee that AI-generated code is bug-free, secure, or suitable for production environments.
User Responsibility: You are responsible for reviewing, testing, and vetting all code before deployment. Ember is not liable for any errors, outages, or security vulnerabilities introduced by the use of AI-generated code.

Contact Information

For privacy concerns, data requests, or security reports:

Ember AI

Email: support@ember.ai