Emberly Privacy Policy
Effective date: 2026-05-09 Version: 1.0 Last updated: 2026-05-09
TL;DR
Emberly is a tool for wildfire-mitigation contractors to document inspection work and produce reports they share with homeowners and insurers. To do that, we collect the data the contractor captures on the job (photos, voice notes, addresses) plus the contractor's own account info. We use it to generate the report, store it for the contractor to access later, and process it through our AI provider (Anthropic). We don't sell user data to advertisers or data brokers. Contractors can delete their data at any time; we purge it from active systems within 30 days. Questions: privacy@emberly.tech.
1. Who we are
Emberly is operated by Emberly LLC, a Colorado limited liability company (CO SOS ID 20261560568). We provide a mobile application and supporting web services that allow wildfire-mitigation contractors to document on-site inspection work and generate reports aligned to industry standards including IBHS Wildfire Prepared Home and Colorado Department of Fire Prevention and Control defensible-space requirements.
This Privacy Policy describes how Emberly collects, uses, stores, and shares information when you use the Emberly mobile app or visit emberly.tech. By using Emberly, you agree to this Policy.
2. What data we collect
2.1 Account data (you, the contractor)
When you create an Emberly account, we collect:
- Your email address (used for magic-link authentication — we don't store passwords)
- Your business profile: company name, primary phone number, service area, optional company logo
- Your Apple ID (only the identifier; we never see your Apple password)
2.2 Job-site data (you capture, we store)
When you use the app to document an inspection, you create job records that contain:
- Property addresses (entered by you or selected from address autocomplete)
- Geolocation coordinates of the property
- Photos and short videos you capture
- Voice memos (audio files; we transcribe them on-device using Apple's speech recognition — the audio is sent to our servers but the transcription happens on your phone)
- Written notes
- Checklist responses (e.g., "Class A roofing material: confirmed / not confirmed / not applicable")
- Optional homeowner contact info if you choose to enter it (name, email, phone)
- Generated PDF reports
2.3 Technical data (collected automatically)
- Device type, OS version, app version (for compatibility and crash debugging)
- Crash logs (anonymized stack traces; no personal content)
- IP address and approximate location at sign-in (for security)
- Usage events (which screens you open, how often you generate reports — used to improve the product)
2.4 What we do NOT collect
- We do not access your contacts, calendar, or other apps' data.
- We do not collect data from your phone outside the Emberly app.
- We do not use third-party advertising trackers or social media pixels.
- We do not collect biometric data.
3. How we use your data
We use the data you provide to:
- Provide the service. Authenticate you, store your jobs, render your reports.
- Generate reports with AI. Your job-site data (text notes, transcribed voice memos, checklist responses) is sent to our AI provider (Anthropic, see §4) to draft the narrative sections of the inspection report. The contractor reviews and edits the AI-drafted content before delivering any report.
- Improve the product. Aggregated, anonymized usage data informs which features to build next. We do not use individual contractor data or job photos to train AI models.
- Communicate with you. Service notifications (e.g., "your report is ready"), security alerts, and occasional product updates. You can opt out of product updates at any time.
- Protect the service. Detect abuse, prevent fraud, comply with legal obligations.
4. Third-party subprocessors
To run Emberly we share data with the following processors. We choose each one carefully and only share the minimum data each needs.
| Processor | Purpose | Data shared | Where it lives |
|---|---|---|---|
| Supabase | Database, file storage, authentication | All account + job data | US (AWS us-east-1) |
| Anthropic | AI processing for report narrative generation | Job notes, transcribed voice, checklist responses (text only — never photos) | US |
| Mapbox | Address autocomplete, property maps | Search queries, property addresses | US |
| Apple | App distribution, push notifications | Device identifier, notification tokens | US |
| Vercel | Hosting for emberly.tech and the public report-share viewer | Generated PDF reports (only when contractor explicitly creates a share link) | US |
We update this list when we add or remove a processor. The current list is always the one above.
5. Sharing and disclosure
We share your data only in the following situations:
- With subprocessors above, as described.
- When you explicitly deliver a report. The Emberly delivery flow opens your phone's mail app or messages app with the report attached or linked. The actual sending happens through your own email or phone account — Emberly does not relay or copy that delivery. If you create a public share link, the report becomes accessible to anyone with the link until you revoke it.
- For legal compliance. If we receive a valid subpoena, court order, or other legal demand, we may disclose data as required by law. We will notify the affected contractor unless legally prohibited.
- In the event of a business transfer. If Emberly is acquired or merged, your data may transfer to the successor entity, subject to this Policy.
We do not sell your data. We do not share your data with advertisers. We do not allow third parties to use your data for their own marketing.
6. Homeowner data
When you, the contractor, enter homeowner information (name, contact info, property address) into a job, you represent that you have the homeowner's permission to do so for the purpose of documenting the inspection work and delivering the resulting report.
Homeowners are not Emberly users and do not have Emberly accounts. If a homeowner contacts us at privacy@emberly.tech asking what data Emberly holds about them, we will identify the contractor who entered that data and direct the homeowner to the contractor for resolution. Contractors are responsible for honoring homeowner data requests under applicable law.
7. Data security
- Encryption. All data is encrypted in transit (HTTPS/TLS) and at rest (Supabase storage and database encryption).
- Access controls. Database access is restricted via Supabase Row Level Security policies — contractors can only see their own jobs.
- Key management. API keys for AI processing and other backend services live in Supabase Vault, not in client code.
- Breach notification. If we discover a security incident affecting your data, we will notify affected contractors within 72 hours of confirmation.
No system is perfectly secure. If you discover a vulnerability, please report it to privacy@emberly.tech.
8. Your rights and data retention
You can:
- Access the data we hold about you, by contacting privacy@emberly.tech.
- Correct any inaccurate data, either in-app or by contacting us.
- Export your jobs and reports as a portable archive.
- Delete your account and all associated data, in-app or by emailing privacy@emberly.tech.
Retention. While your account is active, we retain your data so the app keeps working. After you delete your account or request deletion:
- Active-system data is purged within 30 days.
- Encrypted backups may retain a copy for up to 90 days before being overwritten in normal backup rotation.
- We may retain a minimal record (account email and deletion timestamp) longer if required for legal, tax, or fraud-prevention purposes.
If you are a California resident, you have additional rights under the CCPA/CPRA; if you are in the EU/UK you have rights under the GDPR. To exercise any of these rights, email privacy@emberly.tech.
9. Children
Emberly is for professional contractors. The service is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe a child has used Emberly, contact privacy@emberly.tech and we will delete the data.
10. International transfers
Emberly currently operates in the United States. All data is stored on US-based servers. If you use Emberly from outside the US, you understand and consent to your data being transferred to and processed in the US.
11. Changes to this Policy
We may update this Policy as the product evolves. When we make material changes, we will notify active contractors via in-app notice and email at least 14 days before changes take effect. The "Effective date" at the top reflects the current version.
12. Contact us
For any privacy question, request, or concern:
Emberly LLC Attn: Privacy 108 Valley Ct, Basalt, CO 81621 privacy@emberly.tech
We respond to all privacy requests within 30 days, usually faster.