Privacy Policy
Last updated: 17 March 2026
Ember is operated by Activate Leaders Inc ("we", "us"). This policy explains what data we collect, why, and how we protect it.
1. What we collect
- Account information — your email address and name (provided during sign-up or onboarding). If you sign in with Google or Microsoft, we receive your name and email from the identity provider. We do not receive or store your password.
- Reflection entries — the text of your daily reflections, stored encrypted at rest in our database.
- Profile context — optional information you provide (role, organisation, coaching context, leadership aspiration) to personalise your experience.
- Profile picture — if you upload one, it is stored in a private storage bucket scoped to your account.
- Calendar data — if you opt in via Settings, we read your Google Calendar or Outlook calendar events (titles and times only, with attendee names stripped) to provide context-aware reflection prompts. Calendar data is fetched at reflection time and is not permanently stored.
- Usage metadata — reflection submission timestamps (used to calibrate reminder timing), device push subscription endpoints, and session tokens.
2. How we use your data
- To deliver your reflection experience and generate AI-powered pattern insights.
- To send you optional email reminders and synthesis notifications at times you choose.
- To share synthesis reports with your coach — only when you explicitly choose to share. Your individual reflection entries are never shared.
- To provide calendar-aware prompts (e.g. "You had a packed day — how did you manage your energy?"). Calendar data is read once per session, never stored, and attendee names are always stripped before processing.
3. AI processing
Ember uses Anthropic's Claude API to generate reflection prompts, session summaries, and pattern syntheses. Your reflection text and profile context are sent to Anthropic for processing. Anthropic does not use this data to train models. See Anthropic's privacy policy for details.
4. Data storage and security
Data is stored in Supabase (hosted on AWS in the EU). All data is encrypted at rest and in transit. Row-level security policies ensure you can only access your own data. Reflection entries are append-only — they cannot be modified or deleted via the application.
5. Third-party services
- Supabase — database and authentication
- Anthropic (Claude) — AI language processing
- Voyage AI — text embeddings for semantic search
- Vercel — application hosting
- Resend — transactional email delivery
- Sentry — error tracking (no personal data is sent)
- Google Calendar API / Microsoft Graph — calendar access (opt-in only)
6. Data sharing
We do not sell your data. We do not share your data with third parties for marketing. Your coach only sees synthesis reports you explicitly choose to share. Coach notes are visible to both you and your coach(es).
7. Your rights
You can update your profile information in Settings at any time. To request a full data export or account deletion, email hello@activateleaders.co.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification. The "last updated" date at the top reflects the most recent revision.
9. Contact
Questions about this policy? Email hello@activateleaders.co.