Privacy Policy

This Privacy Policy explains what information EmberChat collects, how we use it, and the choices you have. EmberChat is designed to collect as little personal data as possible. We do not require an email address, a phone number, or a password to use the service.

EmberChat (“EmberChat,” “we,” “us,” or “our”) operates the EmberChat applications for web, iOS, Android, and desktop, and the related services (collectively, the “Service”). The Service is operated by Evil Unicorn Oy, a limited company (osakeyhtiö) registered in Finland.

Summary

• Your identity is a wallet public key — we never receive or store your private key.
• The only profile data we hold is what you choose: a display name, an avatar, and an optional bio.
• Messages and media you send are stored on EmberChat servers so they can be delivered and displayed.
• We do not use third-party advertising or cross-app tracking, and we do not sell your data.

Information we collect

Wallet public key (your identity)

EmberChat authentication is passwordless. You hold a Solana (ed25519) keypair on your device. To log in, your device signs a one-time challenge we issue, and we verify the signature against your public key. We store this public key as your account identifier. Your private key never leaves your device and is never transmitted to us.

Profile information

You may provide, and we store:

• a display name you choose;
• an avatar image (optional);
• a short bio (optional).

None of this is required to be your real name or to identify you offline.

Messages and media

Text messages, images, and videos you send through rooms are stored on EmberChat servers so they can be delivered to other participants and shown when they open a room. Uploaded media is processed server-side (for example, resizing images and generating video preview frames) and stored either on our servers or in object storage we control.

Realtime voice and video

Voice and video calls are carried over LiveKit, a realtime media platform. When you join a call, our server mints a token scoped to that room, and your audio/video streams flow through the LiveKit media server. Call media is used to connect you with other participants in the room. Where a call is recorded, that will be made evident within the Service.

Push notification tokens

If you enable notifications, we store a device push token so we can deliver out-of-app alerts. Depending on your platform, this token is issued by Apple Push Notification service (APNs), Firebase Cloud Messaging (FCM), or the Web Push service in your browser. You can disable notifications at any time in your device or browser settings.

Operational data

To run the Service reliably and securely, our servers process technical data such as connection metadata and server logs. We may use Redis to cache media and embeds for performance. Sessions are held in server memory and are dropped when the server restarts — at which point your client transparently re-authenticates.

What we deliberately do not collect

• No passwords — there are none.
• No email accounts or phone numbers.
• No third-party advertising identifiers and no cross-app or cross-site ad tracking.
• We do not sell, rent, or trade your personal data to anyone.

How we use information

• To authenticate you and operate your account using your wallet public key.
• To deliver and display your messages and media within rooms.
• To connect realtime voice and video calls.
• To send push notifications you have opted into.
• To maintain security, prevent abuse, and keep the Service reliable.
• To comply with legal obligations where applicable.

Service providers

We share data only with infrastructure providers that operate the Service on our behalf — for example, the realtime media platform (LiveKit), cloud hosting and object storage, and the push delivery services named above (APNs, FCM, Web Push). These providers process data on our instructions to deliver the Service and are not permitted to use it for their own advertising.

Data retention

We retain your account record and the content you have sent for as long as your account remains active, so that the Service can function. When you delete your account (see Account & Data Deletion), we remove your account record and associated personal data from our active systems, and purge it from routine backups within a reasonable period. TODO: state the maximum backup-purge window (e.g. 30 days). Content you posted into shared rooms may persist in those rooms where it is necessary to preserve the conversation for other participants, but it will no longer be associated with your deleted account.

Children's privacy

EmberChat is strictly for adults. You must be at least 18 years old to use the Service, because rooms are user-created and user-moderated and may contain mature or explicit content. We do not knowingly collect personal data from anyone under 18. If we learn that we have, we will delete it. If you believe a minor has provided us information, contact us at support@emberchat.live.

Your rights and choices

• You can edit your display name, avatar, and bio at any time in the app.
• You can disable push notifications in your device or browser settings.
• You can delete your account and associated data — see Account & Data Deletion.

Depending on where you live, you may have additional rights (such as access, correction, or erasure). To exercise them, contact us at the address below.

Security

Because identity is a keypair held on your device, there is no password database to breach. We protect data in transit with encrypted connections (WSS/HTTPS) and take reasonable measures to protect data at rest. No system is perfectly secure, but minimizing the data we hold is our first line of defense.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide notice within the Service.

Contact

Questions about privacy? Email support@emberchat.live.