Privacy Policy

Effective: June 2026

Ember is a marketing product provided by Veste Health, a brand of ProActive Solutions for Life, LLC ("Ember", "we", "us"). Ember turns your business idea into a complete marketing kit and, where you ask it to, helps publish that marketing to social accounts you connect. This policy explains what we collect, why, and the choices you have. It applies to the Ember website and app at marketing-engine-xdr.pages.dev.

1. Information we collect

• Information you give us. Your account email; the business idea, descriptions, brand notes, and any documents, images, or website URLs you submit so Ember can build your marketing kit.
• Marketing you create. The plans, copy, landing pages, emails, social posts, calendars, and media Ember generates for you, plus any edits you make.
• Leads you collect. If you publish an Ember landing page, the email addresses and details that your visitors submit are stored on your behalf so you can follow up with them.
• Connected accounts. When you connect a social account (for example Facebook or Instagram), we receive an access token and basic account information (such as the Pages and professional Instagram accounts you can manage) needed to post on your behalf. We do not receive your password.
• Usage data. Basic technical logs (request times, error logs, approximate usage counts) used to run, secure, and meter the service.

2. How we use your information

• To generate your marketing materials and run the features you request.
• To publish content to the social accounts you have explicitly connected and approved — only when you authorize it.
• To send the transactional and welcome emails you set up, and to store the leads your pages capture.
• To operate, secure, debug, and meter the service (including monthly usage limits).

We do not sell your personal information, we do not use it for advertising targeting, and we do not use your content to train public AI models.

3. Platform data from Meta (Facebook & Instagram)

If you connect a Facebook Page or Instagram professional account, Ember uses Meta's APIs strictly to (a) list the Pages and Instagram accounts you manage so you can choose one, (b) confirm the connection, and (c) publish posts that you create and approve. We request only the permissions needed for these actions. We retain Meta data only as long as needed to provide the service, you may disconnect at any time, and tokens are revoked when you disconnect or delete your account. Our use of information received from Meta APIs follows Meta's Platform Terms and Developer Policies.

4. How we share information

We share information only with service providers that help us run Ember, and only as needed. We are not responsible for third-party services we do not control, and your use of connected platforms may also be subject to their terms:

• Anthropic — AI model provider that generates your marketing content from the inputs you provide.
• Supabase (hosted on AWS) — database and authentication; stores your account, projects, and leads, encrypted in transit and at rest, protected by row-level security so each account sees only its own data.
• Cloudflare — hosting and serverless functions.
• Resend — sends the transactional/welcome emails you configure.
• Stripe — processes any Ember subscription payments; we do not see or store your full card details.
• Meta, and other social platforms you connect — to publish the content you authorize.

We may also disclose information if required by law, or to protect the rights, safety, and security of Ember and its users.

5. Data retention

We keep your account and the materials you create while your account is active. You can export or delete your data at any time — see Data Deletion. When you disconnect a social account, the associated access token is revoked and deleted.

6. Your choices and rights

• Access, correct, export, or delete the information you have submitted.
• Disconnect any social account at any time, which revokes Ember's access.
• Request full deletion of your account and data (see Data Deletion).
• Depending on where you live (for example the EU/UK under GDPR, or California under CCPA), you may have additional rights to access, port, or restrict processing of your data. Contact us to exercise them.

7. Email and anti-spam

Marketing emails sent through Ember are permission-based. We do not scrape individuals, send unsolicited messages, or auto-message people who have not opted in, and we honor CAN-SPAM and GDPR requirements. Every email includes an unsubscribe option.

8. Security

API keys and access tokens are stored server-side and never exposed to the browser. Stored data is encrypted in transit and at rest and protected by row-level security so each account sees only its own data. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your information.

9. Children

Ember is a business tool not directed to children and is not intended for anyone under 18. We do not knowingly collect data from minors.

10. Changes to this policy

We may update this policy from time to time. We will revise the effective date above and, for material changes, provide additional notice where appropriate.

11. Contact us

Questions or privacy requests: support@vestehealth.com (Veste Health, a brand of ProActive Solutions for Life, LLC, operator of Ember).