Last updated: March 2026
We collect information you provide during registration (name, email, date of birth, gender), profile details (city, occupation, about), photos you upload, and usage data (interactions, preferences). For verified members, we collect government ID and selfie data via our KYC partner, Entrust (formerly Onfido).
Your data is used to operate the platform, facilitate matches, send notifications, enforce our Terms of Service, and improve the Ember experience. We do not sell your personal data to third parties. We may share anonymised, aggregate data for platform analytics.
Your data is stored on secure servers. Photos and media are stored in encrypted cloud storage with signed, time-limited access URLs. Passwords are hashed and never stored in plain text. We use TLS encryption for all data in transit.
You have the right to access, correct, or delete your personal data at any time. You may request a full export of your data. You may close your account via Settings. Upon account deletion, your data is removed within 30 days, except where retention is required by law.
Ember uses essential cookies required for authentication and security. We do not use advertising or tracking cookies. You may manage cookie preferences through your browser settings.
For privacy-related inquiries, data requests, or concerns, please contact our Data Protection team at privacy@ember.app. We aim to respond to all requests within 5 business days.
Ember collects and processes special categories of personal data under GDPR Article 9, including religious beliefs, community/ethnicity (for matching purposes), and biometric data (government ID and selfie for identity verification via Entrust; facial embeddings via AWS Rekognition for duplicate detection). We also collect psychological assessment data (Readiness and Personality Assessments). You provide explicit consent to this processing when you complete your profile and verification. You may request deletion of special category data at any time.
Ember uses Claude AI (developed by Anthropic) to power our Matchmaking Assistant, AI Support Chat, and Profile Coach features. When you use these features, your profile data and preferences are processed by Anthropic's servers in the United States. We have a Data Processing Agreement with Anthropic. You can disable AI-powered features in Settings → Privacy. For message-specific AI analysis (e.g. red-flag detection by our moderation team), we require your explicit AI Processing Consent before any message content is sent to Anthropic — see Section 13 for details. The landing page chat does not require an account.
We work with the following processors: Entrust (identity verification — biometric data); Stripe (payment processing — financial data); AWS (cloud storage S3, email SES, facial recognition Rekognition — photos and biometric data); Daily.co (video calls — audio and video streams); Anthropic (AI features — profile and message data). Each processor operates under a Data Processing Agreement with Ember.
Account data (profile, messages, matches, photos) is deleted within 30 days of your deletion request. Financial records (payments, subscriptions) are retained for 6 years for legal compliance, anonymised after account deletion. Identity verification biometric data (government ID, selfie) is deleted from Entrust and AWS within 48 hours of account deletion. Logs and audit records are retained for 1–3 years then purged.
Ember uses US-based processors (AWS, Anthropic, Stripe). Data transfers to the US are safeguarded by Standard Contractual Clauses (SCCs) and supplementary measures including encryption in transit and at rest. If you are in the EU or UK, you have the right to object to international transfers by contacting privacy@ember.app.
Ember uses automated profiling (Compatibility Scores, match recommendations, scam detection) to personalise your experience. Under GDPR Article 21, you have the right to object to profiling. You can disable AI-powered recommendations in Settings → Privacy. Scam detection cannot be disabled as it is required for platform safety. For any privacy concern including access, rectification, erasure, restriction, or objection, contact privacy@ember.app.
To protect our members, Ember operates two distinct forms of message analysis with different legal bases: **Automated pattern scanning** — Our platform automatically scans messages for signals of scam activity, coercive behaviour, and child-safety concerns (e.g. phone numbers shared early, payment links, threatening language). This scanning is performed entirely within Ember's own systems — no message content leaves our servers. The legal basis is Legitimate Interests (GDPR Article 6(1)(f)) and we are not required to obtain consent for this. You cannot opt out of pattern-based scanning as it is a core safety function. **AI-assisted analysis (Anthropic Claude)** — Our moderation team may request an AI-generated summary of a conversation to assist with serious safety investigations (e.g. reported scam or harassment). This sends message content to Anthropic's servers in the United States. Because this constitutes processing by a third-party AI processor, we require the explicit consent of both participants before any analysis can run. You can grant or withdraw this consent in Settings → Privacy → AI Processing Consent. If either participant has not consented, AI analysis will not be performed regardless of the investigation reason. Raw messages remain accessible to our moderation team for safety and legal-hold purposes.
Contact: privacy@emberamor.com