Legal

Privacy Policy

This policy explains how Ember collects, uses, discloses, and protects information when you use the App.

Effective Date: February 20, 2026 Last Updated: April 1, 2026
We do not sell your personal information. We do not share your data for cross-context behavioral advertising.

Quick navigation

  1. Who We Are
  2. Summary
  3. Information We Collect
  4. How We Use
  5. Where Stored
  6. Sharing
  7. Children
  8. Retention
  9. Your Rights
  10. Security
  11. U.S. Notice
  12. UK Notice
  13. Canada Notice
  14. European Users
  15. Do Not Track
  16. Third Parties
  17. Changes
  18. Contact

This Privacy Policy explains how Tolanko vGmbH (“Ember”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you use the Ember mobile application (the “App”). If you do not agree with this policy, do not use the App.

1) Who We Are

Tolanko vGmbH
Holzländestrasse 65a
I-39010 St. Martin in Passeier
Italy
Contact: info@emberfaith.com

2) Summary (What We Collect and Where It Lives)

  • Account data (email address, display name): Provided when you sign in with Apple or Google. Stored securely in Firebase Authentication.
  • Family profile data (parent names, child name and age/birth year, faith tradition): Stored locally on your device AND securely synced to Google Firebase Firestore (cloud database) so your data is available if you sign in on a new device.
  • Purchases/subscriptions: Processed through Apple In-App Purchases and managed by RevenueCat.
  • Story inputs you type: Used to generate stories via third-party AI services. By default we do not aim to permanently store your story prompts on our servers, but they must be transmitted to our service providers to generate responses.
  • Marketing preferences: Whether you have opted in to email updates, stored alongside your profile.

3) Information We Collect

A) Account information (authentication)

When you sign in using Sign in with Apple or Sign in with Google, we receive:

  • Your email address (Apple may provide a private relay email if you choose to hide your email)
  • Your display name (if provided by the identity provider)
  • A unique user identifier (UID) used to associate your data with your account

We use Firebase Authentication (operated by Google) to manage sign-in. We do not store or have access to your Apple ID password, Google password, or any authentication credentials.

B) Family profile data

  • Parent names
  • Child name and age or birth year
  • Faith tradition preference
  • Onboarding completion status
  • Total stories created (star count)

This data is stored locally on your device for offline access and synced to Firebase Firestore (cloud) so it persists across devices and app reinstalls. Your cloud data is stored under your unique user ID and is only accessible by you.

C) Journal and story data

  • Story entries (generated stories, the situation prompt you entered, child name, creation date)
  • Preview story data (temporary, used during onboarding)

This data is stored locally on your device and synced to Firebase Firestore under your user account.

D) Marketing preferences

  • Whether you opted in to email updates (defaults to OFF)
  • The date you opted in (if applicable)

Marketing communications require your explicit opt-in consent. You can change your preference at any time in Settings.

E) Purchase and subscription information

Purchases are handled by Apple. We use RevenueCat to help us manage subscription status.

  • We do not receive or store your full payment card details.
  • We may receive subscription status and related identifiers (e.g., whether you have an active subscription, product entitlement, and purchase history metadata).
  • Your Firebase UID is linked to your RevenueCat customer ID so subscription status can be restored across devices.

F) Device/analytics data

We may collect basic technical information necessary to operate the App and prevent fraud or abuse, such as:

  • Device type, operating system version, language settings
  • App version, crash logs, diagnostics

We do not attempt to use this to identify you directly unless required for support, security, or legal compliance.

4) How We Use Your Information

We use information to:

  • Authenticate your identity and manage your account
  • Store and sync your family profile and journal across devices
  • Generate personalized stories based on your inputs
  • Manage subscriptions and restore purchases across devices
  • Provide customer support and respond to inquiries
  • Monitor performance, fix bugs, and improve reliability
  • Protect against fraud, abuse, or security incidents
  • Comply with legal obligations

5) Where Your Data Is Stored and International Transfers

  • Local on-device storage: Profile, journal, and preferences are cached locally for offline access and fast performance.
  • Firebase Firestore (cloud): Your profile and journal data is synced to Google Firebase Firestore, hosted in Google Cloud data centers. Data may be stored and processed in the United States and other countries where Google operates data centers.
  • Firebase Authentication: Your sign-in credentials are managed by Firebase Authentication (Google), processed in the United States.
  • AI service providers: When you request a story, your prompt and relevant context are transmitted to our backend and AI service providers, which may process data in the United States.

Because we are based in Italy and use service providers in the United States, your personal data may be transferred internationally. For users in the United Kingdom, Canada, and the European Economic Area, these transfers are made in compliance with applicable data protection laws (see the jurisdiction-specific sections below).

6) Sharing and Disclosure

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We may share information with:

  • Firebase / Google Cloud: For authentication, data storage, and sync (as a data processor acting on our instructions).
  • RevenueCat: For subscription management (as a data processor).
  • Apple: In connection with Sign in with Apple and in-app purchases.
  • AI content generation providers: For story generation (prompts only, as a data processor).
  • Legal/Compliance: If required by law, subpoena, court order, or to protect rights, safety, and security.
  • Business transfers: If we are involved in a merger, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
Important

7) Children’s Privacy

The App is intended for use by parents and guardians. It is not directed to children under 13 (or under the applicable minimum age in your jurisdiction).

  • We store child name and age/birth year to personalize stories. This data is entered by the parent/guardian and stored in the parent’s account.
  • We do not knowingly collect personal information directly from children.
  • Child data is stored under the parent’s authenticated account and protected by the same security rules.
  • We comply with the U.S. Children’s Online Privacy Protection Act (COPPA), the UK Age Appropriate Design Code, and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) as they apply to children’s data.

If you believe a child has provided personal information to us directly, contact us at info@emberfaith.com so we can promptly delete it.

8) Data Retention

  • On-device data remains on your device until you delete it in the App, delete your account, or uninstall the App.
  • Cloud data (Firebase Firestore) is retained as long as your account exists. When you delete your account, all cloud data is permanently deleted.
  • When you use “Delete All Data” in Settings, both local and cloud data are deleted but your account remains active.
  • Operational logs (if any) are retained only as long as necessary for security and reliability.

9) Your Rights and Controls

Regardless of where you live, you can:

  • View and edit your profile data, children, and faith tradition in Settings.
  • Delete all your stories and profile data using “Delete All Data” in Settings. Your account remains active and you can start fresh.
  • Permanently delete your account and all associated data using “Delete Account” in Settings. This deletes your Firebase Authentication account, revokes any Apple tokens, and removes all data from Firestore. This action is irreversible.
  • Toggle email updates on or off at any time in Settings.
  • Manage or cancel your subscription through your Apple ID settings or in the App.
  • Request a copy of your data by contacting info@emberfaith.com.

10) Security

We use reasonable administrative, technical, and physical safeguards designed to protect information, including:

  • Firebase Security Rules that restrict data access to authenticated users accessing only their own data
  • Encrypted data transmission (HTTPS/TLS)
  • Apple token revocation on account deletion (per App Store guidelines)

However, no method of transmission or storage is 100% secure.

11) United States Privacy Notice

A) California (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to know/access categories of personal information collected and disclosed
  • Right to delete your personal information (use “Delete Account” in Settings or contact us)
  • Right to correct inaccurate personal information (edit in Settings or contact us)
  • Right to opt out of “selling” or “sharing” (we do not sell or share personal information for cross-context behavioral advertising)
  • Right to non-discrimination for exercising your rights

To exercise a request, contact info@emberfaith.com. We will verify your identity before fulfilling your request.

Categories of personal information we collect:

  • Identifiers (email address, unique user ID, device identifiers)
  • Personal information (parent names, child names, birth years)
  • Commercial information (subscription status/entitlements via Apple/RevenueCat)
  • Internet or other electronic activity (app diagnostics, crash logs)

Sensitive information: We do not intentionally collect sensitive information as defined by CPRA for the purpose of inferring characteristics. Faith tradition is collected solely for story personalization at your explicit request.

B) Other U.S. States

Several U.S. states have enacted privacy laws granting residents rights similar to those described for California above (including Virginia, Colorado, Connecticut, Utah, and others). If you are a resident of one of these states, you may exercise the applicable rights described in Section 9 above or contact us at info@emberfaith.com.

C) COPPA (Children)

We comply with the Children’s Online Privacy Protection Act. The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. All child-related data is entered by and associated with a parent/guardian account.

12) United Kingdom Privacy Notice (UK GDPR)

If you are located in the United Kingdom, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 apply to our processing of your personal data.

Your rights under the UK GDPR:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate data (edit in Settings or contact us).
  • Right to erasure: Delete your account and all data (“Delete Account” in Settings).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw marketing consent at any time (toggle in Settings).
  • Right to lodge a complaint: You may file a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Legal basis for processing: We process your data based on (a) your consent (marketing emails), (b) performance of a contract (providing the App services you requested), and (c) legitimate interests (security, fraud prevention, service improvement).

International transfers: Your data is transferred to the United States (Google/Firebase, AI providers). These transfers are protected by Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under UK data protection law.

Data controller: Tolanko vGmbH. Contact: info@emberfaith.com.

13) Canada Privacy Notice (PIPEDA)

If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation apply.

Your rights under PIPEDA:

  • Right of access: Request access to the personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete personal information.
  • Right to withdraw consent: You may withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawal of consent may affect our ability to provide the Services.
  • Right to deletion: Delete your account and all data (“Delete Account” in Settings).
  • Right to complain: You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Consent: By using the App and providing your personal information, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. Marketing communications require separate explicit opt-in consent.

International transfers: Your data is transferred to and processed in the United States (Google/Firebase, AI providers). By using the App, you acknowledge that your data may be processed outside Canada in jurisdictions that may not provide the same level of data protection.

Data controller: Tolanko vGmbH. Contact: info@emberfaith.com.

14) European Users (GDPR/DSGVO)

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) applies.

Your rights under the GDPR:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate data (edit in Settings).
  • Right to erasure: Delete your account and all data (“Delete Account” in Settings).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw marketing consent at any time (toggle in Settings).
  • Right to lodge a complaint: You may file a complaint with your local supervisory authority.

Legal basis for processing: We process your data based on (a) your consent (marketing), (b) performance of a contract (providing the App services), and (c) legitimate interests (security, fraud prevention).

International transfers: Transfers to the United States are protected by Standard Contractual Clauses (SCCs) or other approved mechanisms under the GDPR.

Data controller: Tolanko vGmbH. Contact: info@emberfaith.com.

15) Do Not Track

Some browsers offer a “Do Not Track” signal. The App does not currently respond to DNT signals.

16) Third-Party Links and Services

The App relies on third-party services (Apple, Google/Firebase, RevenueCat, AI content generation providers). Their privacy practices are governed by their own policies.

17) Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date above. Material changes may be communicated in-app or through other reasonable means. If you continue to use the App after changes take effect, you accept the updated policy.

18) Contact Us

Tolanko vGmbH
Holzländestrasse 65a
I-39010 St. Martin in Passeier
Italy

Email: info@emberfaith.com

Back to Ember Download for iOS