Legal
Privacy Policy
Last Updated: April 2026 · Embur Inc.
1. Introduction
Embur ("we", "our", or "us") is a social media platform operated by Embur Inc. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application and related services (collectively, the "Service").
By using Embur, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Service.
2. Information We Collect
Account Information
- Full name, username, email address, and password
- Profile photo, bio, website, and phone number
- Account type (personal or creator)
Content You Create
- Photos, videos, reels, and stories you post
- Text posts ("Emburs"), comments, and messages
- Reactions, likes, and engagement data
Device & Technical Data
- Device identifiers (iOS IDFA / Android GAID)
- IP address, operating system, app version
- Crash reports and diagnostic data
- Push notification tokens
Camera & Media Access
We request access to your camera, microphone, and photo library solely to enable you to create and share content. We do not access your camera or media without your explicit action. You may revoke these permissions at any time in your device Settings.
Location Data
We may collect approximate location to tag stories or display local content. Precise location is only collected with your explicit permission and can be disabled at any time.
Biometric Data
If you enable Face ID / Touch ID login, biometric data is processed entirely on your device by Apple's Secure Enclave. We never receive, store, or transmit your biometric data.
Payment Information
Payment transactions are processed securely by PayPal. Credits are purchased at embur.world. We do not store your full credit card numbers or financial account details on our servers.
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Authenticate your identity and secure your account
- Enable content creation, sharing, and discovery
- Process payments and creator monetization
- Send transactional emails (verification codes, password resets)
- Deliver push notifications you have opted into
- Detect and prevent fraud, abuse, and policy violations
- Comply with legal obligations
- Conduct internal analytics to improve user experience
We do not sell your personal information to third parties. We do not use your data for targeted advertising without your consent.
3A. AI Services & Third-Party Data Processing
Embur's AI Studio features use the following third-party AI services. When you use any AI feature, you will be shown a consent screen explaining what data is sent and to whom before any data is transmitted. You must actively consent before your content is processed by any AI service.
OpenAI — openai.com/privacy
- Data sent: Text prompts you type, captions, news content for analysis
- Purpose: Caption generation, Nova AI assistant, text-based features
- NOT sent: Your name, email, private messages, or payment data
ElevenLabs — elevenlabs.io/privacy
- Data sent: Text you provide for voice generation; voice samples only when you explicitly use the Voice Cloning feature
- Purpose: AI voice design, narration, voice cloning
- NOT sent: Your account information or private messages
Replicate — replicate.com/privacy
- Data sent: Text prompts for video and image generation
- Purpose: Text-to-video generation, AI image generation
- NOT sent: Your personal account data
Stability AI — stability.ai/privacy
- Data sent: Text prompts and images you choose to process
- Purpose: Image generation, style transfer, AI upscaling
- NOT sent: Your account information
RemoveBG — remove.bg/privacy
- Data sent: Images you explicitly choose to process
- Purpose: Automated background removal from photos
- NOT sent: Any other data
Cloudinary — cloudinary.com/privacy
- Data sent: Photos, videos, and media files you upload to Embur
- Purpose: Secure media storage, delivery, and transformation
Important AI Notices
- We obtain your explicit consent before your content is sent to any AI service
- You may decline AI consent and the app functions normally without AI Studio
- We do not send your name, email, private messages, or payment information to AI services
- AI providers do not use your content to train their models per our service agreements
- To withdraw AI consent: legal@embur.world
4. Children's Privacy (COPPA)
Embur is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13.
- We do not permit children under 13 to create accounts
- If we discover a user is under 13, we will immediately delete their account and all associated data
- We do not knowingly share information from users under 13 with third parties
- Parents may contact us at legal@embur.world for immediate removal
Users aged 13–17
- No targeted advertising based on sensitive categories
- Parental access requests will be honored upon verified identity
5. Content Safety & Moderation
Prohibited Content
We strictly prohibit and actively remove:
- Child Sexual Abuse Material (CSAM) — immediately removed and reported to NCMEC and law enforcement
- Content that exploits, endangers, or sexualizes minors in any way
- Non-consensual intimate imagery (NCII)
- Content promoting violence, terrorism, or hate speech
- Harassment, bullying, or threats targeting individuals
Reporting & Blocking
You can report objectionable content or block abusive users at any time by tapping the three-dot menu on any post, reel, or profile and selecting "Report" or "Block". All reports are immediately sent to safety@embur.world and reviewed by our moderation team. Blocked users are instantly removed from your feed.
Zero Tolerance for CSAM
Any account found sharing CSAM will be immediately and permanently banned. All evidence will be reported to NCMEC's CyberTipline and relevant law enforcement authorities.
6. How We Share Your Information
Service Providers
- Cloudinary (media storage) — cloudinary.com/privacy
- Railway (cloud infrastructure)
- Resend (email delivery) — resend.com/privacy
- PayPal (payment processing) — paypal.com/privacy
- Expo / Apple / Google (push notifications)
- OpenAI, ElevenLabs, Replicate, Stability AI, RemoveBG (AI features — see Section 3A)
Legal Requirements
We may disclose your information if required by law, subpoena, court order, or government request.
We Never
- Sell your personal data to data brokers or advertisers
- Share your private messages with third parties without consent
- Rent or trade your email address
7. Data Retention & Deletion
Retention
- Account data is retained while your account is active
- Deleted posts and stories are removed from public view within 24 hours and permanently deleted within 30 days
- Backup copies may persist for up to 90 days for disaster recovery
Account Deletion
You may delete your account at any time from Settings → Delete Account. Upon deletion:
- Your account is deactivated immediately
- Your profile, posts, reels, and stories are removed from public view immediately
- All data is permanently deleted within 30 days
- Some data may be retained to comply with legal obligations (e.g., payment records for 7 years)
8. Your Rights & Choices
- Right to Access — Request a copy of the personal data we hold about you
- Right to Correction — Update your profile in Settings → Edit Profile
- Right to Deletion — Delete your account from Settings → Delete Account
- Right to Portability — Request an export of your data in machine-readable format
- Right to Withdraw AI Consent — Contact legal@embur.world
GDPR (European Users)
If you are in the European Economic Area, you have additional rights under GDPR including the right to restrict processing and the right to object. Our legal basis for processing is: (a) contract performance, (b) legitimate interests, and (c) consent where applicable.
CCPA (California Users)
California residents have the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.
9. Security
- All data transmitted is encrypted using TLS 1.2+
- Passwords are hashed using bcrypt
- Authentication tokens (JWT) are stored in device secure storage (iOS Keychain)
- Two-Factor Authentication (2FA) is available
- Biometric authentication uses Apple's Secure Enclave
- We conduct periodic security reviews
In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.
10. Third-Party Links & Services
Third-party integrations used by Embur: