Effective Date: November 1, 2025
Last Updated: November 1, 2025
Company: Ember Relationship Labs, Inc. (Delaware C-Corp)
Contact: privacy@ember.date

Data Controller:

If you live in the United States, the company responsible for your personal data (the "data controller") is:

Ember Relationship Labs, Inc.
PO Box 355
Los Altos, California 94022
United States
Email: privacy@ember.date
Phone: (408) 638-9584

International Expansion (2026):

When Ember expands to the European Union and United Kingdom in 2026, we will:

• Designate an EU/UK data controller representative
• Update this Privacy Policy to include GDPR-compliant disclosures
• Provide lawful bases for data processing (consent, legitimate interest, etc.)
• Support full GDPR rights (access, rectification, erasure, portability, restriction, objection)
• Establish EU/UK-specific contact and complaint channels
• Implement Standard Contractual Clauses for international data transfers

Until international expansion, Ember processes all data under U.S. law (Delaware, Federal, and California CCPA/CPRA).

When you create an Ember account and use the Services, you provide:

Account and Registration Information:

• Full name
• Date of birth (to verify you are 18+)
• Gender identity and pronouns
• Email address
• Phone number (for verification and notifications)
• Password and login credentials
• Location (city, state, ZIP code)

Profile Information:

• Demographic information (ethnicity, religion, education, occupation)
• Physical characteristics (height, body type)
• Lifestyle information (smoking, drinking, exercise habits)
• Dating preferences and relationship goals
• Interests, hobbies, and personal values
• Photos and images (including required in-app photo)
• Responses to personality quizzes and assessments
• Any other information you choose to share

Conversational Data with EmberAI:

• Text conversations and chat transcripts
• Voice recordings and audio data
• Responses to questions and prompts
• Feedback and preferences expressed during conversations
• Topics discussed and information shared

Payment Information:

• Credit card or payment method details
• Billing address
• Transaction history and purchase records
• Subscription and payment plan information

Communications:

• Messages with matches
• Communications with customer support
• Feedback, surveys, and testimonials
• Reports of inappropriate behavior

When you use the Services, we automatically collect:

Device Information:

• Device type, model, and operating system
• Unique device identifiers (IDFA, Android ID)
• IP address
• Browser type and version
• Mobile carrier
• Device settings and configurations

Usage Information:

• Pages viewed and features used
• Time spent on different sections
• Click and navigation patterns
• Search queries and filters applied
• Matches viewed, liked, or passed on
• Response rates and engagement metrics
• Session duration and frequency
• Referring and exit pages

Location Information:

• Precise geolocation data (if you enable location services)
• Approximate location based on IP address
• Location history and patterns
• Distance calculations for matching purposes

Cookies and Similar Technologies:

• Cookies, web beacons, and pixel tags
• Local storage and cache data
• Analytics and tracking identifiers
• Session and preference data

Ember collects biometric information, including:

Voice Biometrics:

• Voice recordings from conversations with EmberAI
• Voiceprints and voice-derived characteristics
• Speech patterns, tone, and inflection
• Audio transcriptions and metadata

Facial Recognition Data:

• Facial geometry and characteristics from photos
• Facial recognition for identity verification
• In-app photo analysis and verification
• Photo authenticity and manipulation detection

Purpose of Biometric Collection:

• Identity verification and fraud prevention
• User authentication and account security
• AI-driven personality assessment and matching
• Photo verification and quality assurance
• Improving AI accuracy and performance

Biometric Data Retention:

• We retain biometric data only as long as necessary for the purposes described above
• You may request deletion of biometric data at any time
• We will permanently delete biometric data within three (3) years of your last interaction with the Services, or upon request, whichever comes first

Legal Notice for Illinois and California Residents: See Section 11 for specific biometric privacy rights under BIPA (Illinois) and CPRA (California).

We may collect information about you from:

Social Media Platforms:

• If you link your social media accounts (Facebook, Instagram, LinkedIn)
• Public profile information, photos, and interests
• Friend lists and social connections
• Content you've shared publicly

Professional Networks:

• LinkedIn profile and employment history
• Educational background and credentials
• Professional accomplishments and skills

Data Brokers and Public Sources:

• Publicly available information (social media, professional profiles)
• Public records and databases
• Marketing and analytics providers
• Demographic and interest data

Identity Verification Services:

• Government-issued ID verification
• Document authentication results
• Identity validation and fraud detection data

Background Check Providers:

• Criminal history records (if applicable)
• Sex offender registry searches
• Public records and court documents

Other Users:

• Reports and complaints about your behavior
• Feedback and reviews
• Blocking and safety reports

Partner Portal Subscribers (Matchmakers):

• Information shared by professional matchmakers about potential introductions
• Client preferences and requirements
• Feedback about dates and interactions

Based on the data we collect, we may infer additional information about you, including:

• Personality traits and characteristics
• Compatibility factors with other users
• Dating preferences and patterns
• Likelihood of match success
• Engagement and activity predictions
• Communication style and preferences

We use your information to:

Provide and Operate the Services:

• Create and maintain your account
• Generate your AI-driven dating profile
• Conduct personality assessments and create visualizations
• Identify and recommend compatible matches
• Facilitate introductions and connections
• Enable messaging and communication features
• Verify your identity and prevent fraud
• Process payments and manage subscriptions

Personalize Your Experience:

• Customize match recommendations based on preferences
• Tailor content and features to your interests
• Improve AI accuracy and relevance for your profile
• Remember your settings and preferences
• Provide personalized notifications and updates

Ensure Safety and Security:

• Verify user identities and authenticate accounts
• Detect and prevent fraud, abuse, and illegal activity
• Conduct background checks and safety screenings
• Investigate reports of misconduct or violations
• Enforce our Terms of Use and community guidelines
• Protect against security threats and vulnerabilities

Communicate with You:

• Send match notifications and introduction alerts
• Provide customer support and respond to inquiries
• Send service updates and important notices
• Request feedback and conduct surveys
• Deliver promotional and marketing communications (with consent)

Improve and Develop Services:

• Analyze usage patterns and user behavior
• Test new features and functionalities
• Conduct research and data analysis
• Train and improve AI algorithms
• Identify trends and insights
• Optimize performance and user experience

Legal and Compliance:

• Comply with legal obligations and regulations
• Respond to legal requests and court orders
• Protect our rights and property
• Resolve disputes and enforce agreements
• Maintain records for regulatory purposes

We use AI and machine learning for:

• Profile Generation: Creating comprehensive dating profiles based on your conversational inputs and data
• Personality Analysis: Assessing personality traits, values, and compatibility factors
• Match Recommendations: Identifying potential matches based on compatibility algorithms
• Natural Language Processing: Understanding and analyzing conversational data
• Voice Analysis: Processing voice recordings to enhance profile accuracy
• Photo Verification: Detecting photo manipulation and verifying authenticity
• Predictive Modeling: Forecasting match success and user engagement
• Content Moderation: Identifying inappropriate content and behavior
• Algorithm Improvement: Training AI models to enhance accuracy and performance

Important Considerations:

• AI decisions are not always perfect and may contain errors or biases
• You have the right to request human review of significant AI-driven decisions
• You can request explanations of how AI recommendations are made
• AI-generated content should be reviewed for accuracy

With your consent, we may use your information to:

• Send promotional emails and notifications about Ember features
• Display personalized advertisements on third-party platforms
• Conduct marketing campaigns and special offers
• Share success stories and testimonials (with explicit permission)
• Analyze marketing effectiveness and campaign performance

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in emails
• Adjusting notification settings in your account
• Contacting privacy@ember.date

Note: You cannot opt out of transactional or service-related communications (account verification, billing notices, safety alerts).

When you are matched with another user, we share:

• Your AI-generated dating profile
• Your photos (including in-app photo)
• Your personality assessment results (in visual/text format)
• Your approximate location (city/region)
• Your preferences and interests
• Your first name and age

We do NOT share with matches (unless you choose to share):

• Your last name or full contact information
• Your exact address or precise location
• Your phone number or email address
• Your payment information
• Your conversations with EmberAI
• Your private messages with other matches

After a mutual match, you control what additional information to share through in-app messaging.

Professional matchmakers who subscribe to our Partner Portal may access:

• Your photos and AI-generated profile
• Visual and textual representations of your personality assessments
• Your dating preferences and relationship goals
• Your demographic information (age, location, education, occupation)
• Your interests, values, and lifestyle information
• Your activity status and engagement level

Matchmakers may access this information to:

• Identify potential candidates for introduction to their own paying clients
• Facilitate introductions between you and their clients
• Offer or provide professional matchmaking services

Important Protections:

• You can opt out of Partner Portal sharing at any time by contacting support@ember.date or adjusting your privacy settings
• If a matchmaker identifies you as a potential candidate, we will ask your permission before sharing your personal contact information unless you have already provided permission.
• If we identify you as a potential paying client for a matchmaker, we will ask your consent before making an introduction unless you have already provided consent.
• Matchmakers are contractually obligated to keep your information confidential and use it only for legitimate matchmaking purposes
• Partner Portal subscribers are  not Ember employees and have asserted that they are independent businesses,

We share information with trusted third-party service providers who help us operate the Services:

Technology and Infrastructure:

• Cloud hosting providers (AWS, Google Cloud, etc.)
• Database and storage services
• Content delivery networks (CDNs)
• Software development and IT services

Payment Processing:

• Payment processors and gateways (Stripe, PayPal, etc.)
• Fraud detection and prevention services
• Billing and subscription management platforms

Analytics and Performance:

• Analytics providers (Google Analytics, Mixpanel, etc.)
• A/B testing and optimization tools
• Performance monitoring and error tracking
• User behavior and engagement analysis

Identity Verification and Safety:

• Identity verification services (Jumio, Onfido, etc.)
• Background check providers
• Facial recognition and biometric authentication services
• Fraud detection and risk assessment tools

Communications:

• Email service providers (SendGrid, Mailchimp, etc.)
• SMS and push notification services
• Customer support platforms (Zendesk, Intercom, etc.)

AI and Machine Learning:

• AI model training and hosting platforms
• Natural language processing services
• Voice transcription and analysis services

Marketing and Advertising:

• Advertising networks and platforms
• Marketing automation tools
• Social media advertising partners

Important: All service providers are contractually obligated to:

• Use your data only as directed by Ember
• Maintain appropriate security measures
• Comply with applicable privacy laws
• Not use your data for their own purposes (except as required for service provision)

We may disclose your information when required or permitted by law:

Legal Obligations:

• To comply with subpoenas, court orders, or legal processes
• To respond to lawful requests from government authorities
• To comply with applicable laws and regulations
• To respond to claims of illegal activity or rights violations

Safety and Protection:

• To protect the rights, property, and safety of Ember, our users, or the public
• To prevent or investigate fraud, abuse, or illegal activity
• To enforce our Terms of Use and other agreements
• To protect against legal liability
• To prevent harm or violence

Abuse Prevention:

• If we suspect a user may be a victim of abuse, neglect, or domestic violence
• To report suspected child abuse or elder abuse to appropriate authorities
• To prevent imminent harm to individuals

If Ember is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. The acquiring entity will be required to:

• Honor the commitments made in this Privacy Policy
• Provide notice if there are material changes to data practices

You will be notified via email and/or prominent notice on the Services if such a transfer occurs.

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

• Statistical information about user demographics and behavior
• Trends and insights about dating preferences and success rates
• Research findings and industry reports
• Business analytics and performance metrics

This data is used for research, marketing, industry analysis, and improving the Services.

We may share your information with third parties when you explicitly consent, such as:

• Sharing your success story or testimonial publicly (with your permission)
• Connecting with third-party services you authorize
• Participating in research studies or surveys
• Promotional partnerships or sponsored features

You can revoke consent for optional sharing at any time.

We retain your personal information only as long as necessary to:

• Provide and improve the Services
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain records for legitimate business purposes
• Fulfill the purposes described in this Privacy Policy

Retention Periods:

Active Accounts:

• While your account is active, we retain all profile data, conversations, matches, and usage information
• Voice recordings and conversational data are retained for AI training and service improvement
• Payment information is retained as required for billing and tax purposes

Inactive Accounts:

• If you do not log in for 12 consecutive months, we may consider your account inactive
• We will send you a notice before deleting an inactive account
• You may reactivate your account at any time before deletion

Deleted Accounts:

• When you delete your account, most personal information is deleted within 30 days
• Some information may be retained for legal, security, or operational purposes:
• Transaction records (7 years for tax/accounting purposes)
• Legal compliance data (as required by law)
• De-identified data for analytics and research
• Safety reports and investigations
• Backup systems (deleted within 90 days)

Biometric Data:

• Voice recordings: Retained for 3 years from last interaction or until you request deletion
• Facial recognition data: Retained while your account is active and for 90 days after deletion (unless you request earlier deletion)
• You may request deletion of biometric data at any time

Partner Portal Data:

• Matchmakers who have accessed your information may retain it according to their own retention policies
• We contractually require matchmakers to delete data when no longer needed for matchmaking purposes

When determining how long to retain data, we consider:

• The amount, nature, and sensitivity of the information
• The purposes for which we collected and processed the data
• Whether we can fulfill those purposes through other means
• Applicable legal, regulatory, or contractual requirements
• The risk of harm from unauthorized use or disclosure
• User expectations and reasonable retention periods for the type of data

You can request deletion of your data at any time by:

• Using the account deletion feature in your settings
• Contacting privacy@ember.date with a deletion request

What happens when you delete your account:

• Your profile is removed from public view
• Your matches and messages become inaccessible
• Your photos and profile information are deleted within 30 days
• Your voice recordings and biometric data are deleted (unless retained for legal compliance)
• Some data may be retained as described in Section 5.1

Note: Deletion is permanent and cannot be undone. Consider downloading your data before deletion.

We implement commercially reasonable technical, administrative, and organizational safeguards to protect your personal information:

Technical Safeguards:

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Firewalls and network security measures
• Secure coding practices and code reviews

Administrative Safeguards:

• Employee background checks and security training
• Strict access controls and need-to-know policies
• Confidentiality agreements with employees and contractors
• Incident response and data breach procedures
• Regular security policy reviews and updates
• Third-party security assessments

Organizational Safeguards:

• Dedicated security and privacy team
• Data protection impact assessments
• Privacy by design principles
• Regular compliance monitoring
• Vendor security requirements and audits

You play a critical role in protecting your information:

• Use strong, unique passwords and change them regularly
• Enable two-factor authentication if available
• Keep your login credentials confidential and never share them
• Log out after using the Services on shared devices
• Be cautious about what you share in messages and profiles
• Report suspicious activity immediately
• Keep your device and apps updated with the latest security patches

No system is 100% secure. Despite our security measures:

• Data transmission over the internet carries inherent risks
• Unauthorized access, hacking, or data breaches may occur
• You transmit information to us at your own risk
• We cannot guarantee absolute security of your data

In the event of a data breach:

• We will notify affected users as required by law
• We will take steps to mitigate harm and prevent future breaches
• We will cooperate with law enforcement and regulators
• We will provide information about the breach and available remedies

We are not responsible for the security practices of:

• Other users who may receive your information
• Partner Portal subscribers (matchmakers)
• Third-party services and websites
• Social media platforms you link to your account

Review the security and privacy policies of any third parties with whom you share information.

You have the right to:

• Access your personal information and receive a copy of the data we hold about you
• Request a portable copy of your data in a structured, commonly used format (CSV, JSON)
• Review your AI-generated profile and personality assessments

To exercise these rights:

• Access most of your data directly in your account settings
• Request a data download by contacting privacy@ember.date
• We will provide your data within 45 days of a verified request (may be extended by 45 days if necessary)

What you can access:

• Profile information and photos
• Personality quiz results and assessments
• Match history and preferences
• Messages and conversations (with matches)
• Account settings and preferences
• Transaction and payment history
• Voice recording transcripts (upon request)

You have the right to:

• Correct inaccurate or incomplete information in your profile
• Update outdated information to keep it current
• Request correction of AI-generated content that is inaccurate

How to make corrections:

• Update most information directly in your account settings
• Contact EmberAI to update conversational data or AI-generated content
• Contact privacy@ember.date for assistance with corrections

We will make reasonable efforts to correct inaccuracies within 30 days.

You have the right to:

• Delete your account and request deletion of your personal information
• Request deletion of specific data (such as voice recordings or photos)
• Withdraw consent for data processing where consent is the legal basis

To delete your data:

• Use the account deletion feature in settings
• Contact privacy@ember.date with a deletion request
• Be specific about what data you want deleted if not deleting your entire account

Limitations on deletion:

• Some data may be retained for legal, security, or operational reasons (see Section 5.1)
• We cannot delete data that has been shared with matches or matchmakers
• Deletion may prevent us from providing certain Services to you

You can opt out of marketing communications by:

• Clicking "unsubscribe" in promotional emails
• Adjusting email preferences in your account settings
• Contacting privacy@ember.date

Note: You cannot opt out of transactional or service-related communications (account verification, safety alerts, billing notices).

To opt out of having your profile shared with professional matchmakers:

• Adjust your Partner Portal privacy settings in your account
• Contact support@ember.date or privacy@ember.date
• Your profile will be removed from the Partner Portal within 7 business days

Note: Matchmakers who have already accessed your information may retain it according to their own policies.

You have the right to limit the use of sensitive personal information, including:

• Biometric data (voice recordings, facial recognition)
• Precise geolocation data
• Racial or ethnic origin, religious beliefs, sexual orientation
• Health or genetic information

To limit sensitive data use:

• Disable location services in your device settings
• Contact privacy@ember.date to opt out of voice recording analysis
• Request deletion of biometric data
• Limit what you share in conversations and profile

Note: Some limitations may affect the quality of our Services or matching recommendations.

To the extent required by law, you have the right to object to:

• Processing of your data for direct marketing purposes
• Processing based on legitimate interests
• Automated decision-making and profiling (in certain circumstances)

To object:

• Contact privacy@ember.date with your objection
• Specify which processing activities you object to
• We will evaluate your objection and respond within 30 days

To the extent required by law, you have the right to:

• Request an explanation of how AI-generated match recommendations are made
• Request human review of significant AI-driven decisions (match suggestions, profile generation, safety determinations)
• Challenge AI-generated assessments that you believe are inaccurate

To request human review:

• Contact support@ember.date with your request
• Specify which AI decision you want reviewed
• We will provide a human review within 14 business days

If you are a California resident, you have the right to:

• Know what third-party sources we obtained your data from
• Request deletion of data obtained from third parties
• Opt out of future collection from third-party sources

To exercise these rights:

• Contact privacy@ember.date
• We will provide information about third-party sources within 45 days

You have the right to:

• Access your voice recording transcripts at any time
• Request deletion of voice recordings and audio data
• Opt out of having voice data used for AI training or algorithm improvement

To exercise these rights:

• Contact privacy@ember.date
• Voice recordings will be deleted within 30 days of request
• Note: Deletion may affect the accuracy of your AI-generated profile

We will not discriminate against you for exercising your privacy rights. This means we will not:

• Deny you access to the Services
• Charge different prices or fees
• Provide a different level or quality of service
• Suggest that you will receive a different price or quality of service

Note: Some rights may require us to verify your identity, which may involve requesting additional information.

Cookies: Small text files stored on your device that help us recognize you and remember your preferences.

Web Beacons/Pixels: Tiny graphics that track user activity and measure campaign effectiveness.

Local Storage: Browser-based storage for data that persists across sessions.

Mobile Identifiers: Device-specific identifiers (IDFA, Android ID) used for analytics and advertising.

Session Storage: Temporary storage that expires when you close your browser.

Essential Cookies (Required):

• Authentication and account access
• Security and fraud prevention
• Load balancing and performance
• Maintaining your session

Functional Cookies (Optional):

• Remembering your preferences and settings
• Providing personalized features
• Enabling specific functionality

Analytics Cookies (Optional):

• Understanding how users interact with the Services
• Measuring traffic and usage patterns
• Identifying popular features and content
• A/B testing and optimization

Advertising Cookies (Optional):

• Delivering personalized advertisements
• Measuring ad campaign effectiveness
• Retargeting and remarketing
• Cross-device tracking

You can control cookies through:

• Browser settings: Most browsers allow you to refuse or delete cookies
• Opt-out tools: Industry opt-out tools like NAI and DAA
• Mobile settings: Limit ad tracking in iOS or opt out of personalized ads in Android
• Our cookie preferences: Adjust cookie settings in your account (where available)

Note: Disabling essential cookies may affect your ability to use the Services.

Some browsers have "Do Not Track" (DNT) features. Currently, there is no industry standard for responding to DNT signals. We do not respond to DNT browser signals, but you can control cookies and tracking as described above.

We use third-party analytics and advertising services that may use cookies and similar technologies:

• Google Analytics: Web analytics service (see Google's Privacy Policy)
• Facebook Pixel: Advertising and measurement tool (see Facebook's Data Policy)
• Other providers: May be added or removed from time to time

These third parties may collect information about your online activities over time and across different websites.

The Services are hosted in the United States. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the United States.

By using the Services, you consent to:

• Transfer of your data to the United States
• Processing of your data under U.S. law
• Application of this Privacy Policy

Important: Data protection laws in the United States may differ from those in your country and may not provide the same level of protection.

To protect your data during international transfers, we use:

Standard Contractual Clauses (SCCs): European Commission-approved contract terms that provide safeguards for personal data transferred outside the EU/EEA.

Adequacy Decisions: Where available, we rely on determinations by the European Commission that certain countries provide adequate protection.

Other Mechanisms: Binding corporate rules, consent, or other lawful transfer mechanisms as appropriate.

When we expand to the EU and UK in 2026, we will:

• Implement full GDPR compliance measures
• Designate an EU/UK data protection representative
• Provide EU/UK-specific privacy notices and rights
• Establish compliant data transfer mechanisms
• Update this Privacy Policy accordingly

The Services are intended for users age 18 and older. We do not knowingly collect personal information from anyone under 18 years of age.

We implement age verification measures during registration, including:

• Requiring users to confirm they are 18+
• Date of birth verification
• Identity verification (in some cases)

If we learn that we have collected personal information from someone under 18, we will:

• Delete the information immediately
• Terminate the account
• Take steps to prevent future access

Parents or guardians: If you believe we have collected information from a minor, contact us immediately at privacy@ember.date.

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

• What personal information we collect
• Sources of personal information
• Purposes for collecting personal information
• Categories of third parties we share with
• Specific pieces of personal information we hold about you

Right to Delete:

• Request deletion of personal information (subject to exceptions)

Right to Correct:

• Request correction of inaccurate personal information

Right to Opt-Out:

• Opt out of "sale" or "sharing" of personal information
• Note: Ember does not "sell" personal information as traditionally defined, but sharing with Partner Portal subscribers may qualify as "sharing" under CPRA

Right to Limit:

• Limit use and disclosure of sensitive personal information

Right to Non-Discrimination:

• We will not discriminate against you for exercising your rights

Sensitive Personal Information:

Under CPRA, we collect the following categories of sensitive information:

• Biometric information (voice recordings, facial recognition data)
• Precise geolocation data (if you enable location services)
• Racial or ethnic origin, religious beliefs (if you choose to provide)
• Sexual orientation and gender identity
• Account login credentials (password)

You have the right to limit the use of sensitive personal information to purposes necessary to provide the Services.

Categories of Personal Information We Collect:

Category

Examples

Collected?

Identifiers

Name, email, phone number, IP address

Yes

Personal characteristics

Age, gender, sexual orientation, ethnicity

Yes

Commercial information

Purchase history, subscription data

Yes

Biometric information

Voice recordings, facial recognition

Yes

Internet activity

Browsing history, usage data, clicks

Yes

Geolocation data

Precise or approximate location

Yes

Audio/visual information

Photos, voice recordings, videos

Yes

Professional information

Occupation, education, employer

Yes

Inferences

Personality traits, preferences, compatibility

Yes

How to Exercise Your Rights:

• Email: privacy@ember.date with subject "California Privacy Rights"
• Phone: (408) 638-9584
• Online: Use the data request form in your account settings

Verification: We will verify your identity before processing requests. You may be asked to provide:

• Email address and account information
• Recent login activity
• Answers to security questions
• Government-issue