Privacy Policy
Last updated: May 15, 2026
Ember is a disposable-camera-for-events app. This policy explains what data we collect, why, and what control you have over it. The service is operated by Naachtech (“we”), contact info@naachtech.com.
1. What we collect
From hosts (people who create events using the iOS app):
- Email address — used to sign you in. Collected when you sign in with an email magic link or with Sign In with Apple.
- Apple account identifier — when you sign in with Apple, we receive a stable opaque identifier (not your full Apple profile).
- Display name — optional, shown to your guests.
From guests (people who attend an event using the web link):
- Display name — what you type into the “your name” field; shown next to your photos.
- Photos you take — the JPEGs you capture in the in-browser camera.
- A device fingerprint — a random identifier stored in your browser, used to prevent the same device from joining the same event under multiple names. It is not used to track you across events or other websites.
From everyone:
- Basic request logs (IP address, user-agent, timestamps) — kept by our hosting providers for up to 30 days for abuse prevention, rate limiting, and debugging. Not linked to your account in our application database.
We do not use tracking cookies, advertising identifiers, or third-party analytics that profile you across sites.
2. Why we collect it
- To sign you in and keep you signed in (email, Apple ID).
- To show your photos to other people invited to the same event (photos, name).
- To enforce the per-event guest cap and shot-per-guest limit (device fingerprint).
- To prevent abuse and diagnose bugs (IP address, request logs).
We do not sell your personal data. We do not use your photos to train models or for any purpose other than showing them inside the event you uploaded them to.
3. Who processes your data
| Service | Purpose | Location |
|---|---|---|
| Supabase | Postgres database + photo storage | United States |
| Fly.io | API hosting | United States / EU |
| Vercel | Web hosting | Global edge |
| Resend | Sending sign-in emails | United States |
| Apple | “Sign in with Apple” identity verification | United States |
If you are in the EU/EEA/UK, your data may be transferred to and processed in the United States under standard contractual clauses.
4. How long we keep it
- Photos and event data — kept until the host deletes the event or deletes their account. We do not currently auto-delete old events; we may introduce a retention policy in the future and will update this page if we do.
- Magic-link codes — expire after 15 minutes and are deleted from our database once used. Stored only as a hash, not in plaintext.
- Request logs — up to 30 days, then automatically rotated out by our hosting providers.
5. Your rights
You can:
- Delete your account at any time. In the iOS app: Settings → Delete account. This permanently removes your account, every event you’ve hosted, and every photo guests took at those events.
- Request a copy of your data, or correction of inaccurate data, by emailing info@naachtech.com.
- Withdraw consent by deleting your account; we have no other legal basis for keeping your data.
- If you are in the EU/EEA/UK, lodge a complaint with your local data-protection authority.
Guests who don’t have a host account can ask the event host to remove their photos, or email us at the address above with the event link and we’ll remove the photos within 7 days.
6. Children
Ember is not directed at children under 13 (under 16 in the EU). We do not knowingly collect data from children. If you believe a child has used the service, please contact us and we’ll delete the relevant data.
7. Security
All connections use HTTPS. Sign-in tokens are stored in iOS Keychain (on your iPhone) and in session storage (in your browser); they are never accessible to other apps or sites. Magic-link codes are stored as hashes, not plaintext. Photo uploads use short-lived signed URLs scoped to a single shot.
See also our Terms of Service.
8. Changes to this policy
We’ll update the date at the top of this page and, for material changes, surface a notice in the app before the change takes effect.
9. Reporting and moderation
Hosts can remove any photo from their event roll and block any guest from continuing to participate. Anyone viewing a developed roll can tap the flag icon on a photo to report it; reports go to info@naachtech.com and we aim to review within 72 hours. We may store the report and the reporter’s guest identifier (or IP, if anonymous) for as long as the corresponding event exists.
10. Contact
Questions, deletion requests, or anything else: info@naachtech.com.