Privacy Policy

Last updated: April 2026

Embra is built around a simple principle: your memories are yours. We collect the minimum data necessary to deliver the app experience, and we never sell your personal information.

Data Security

Your archive data is encrypted in transit and at rest by Apple's CloudKit infrastructure. CloudKit uses industry-standard encryption for all data it stores and transmits, governed by Apple's own privacy policy. Embra does not operate a server that stores or has access to your archive. When you trigger an AI generation feature, the specific memory text for that request is routed through Embra's secure backend, which forwards it to our AI providers and does not retain it — as described in the AI Features section below.

What we collect

Embra stores the moments, impressions, and relationship data you create entirely on your device using Apple's SwiftData framework. This data is optionally synced to your personal iCloud account via CloudKit — we never access your stored archive directly. When you choose to generate an Impression or Life Arc, the specific memory text for that request is transmitted for processing as described in the AI Features section below.

Voice recordings and transcriptions stay entirely on-device and are never sent anywhere.

AI Features & Third-Party Processing

Embra's Impressions and Life Arc features use third-party AI APIs to generate written insights from your memories. Before these features are first used, Embra presents a disclosure screen in the app that explains what data is sent and to whom, and requires you to acknowledge with a tap. Your acknowledgment is stored on your device. Each AI generation is a separate, deliberate action — there is no persistent AI mode running in the background. You may stop using AI features at any time simply by not triggering a generation; no data is sent passively.

• What is sent: The written text of your memories and relationship notes for the specific person you are generating an Impression or Life Arc about, along with your pronoun preference if you have set one (used to ensure the AI refers to you correctly). Audio recordings and photos are never sent to AI providers. Photos attached to memories remain stored on your device and in your personal iCloud account only, and are not processed by any third-party service.
• Who receives it: Requests are routed through Embra's secure backend (hosted on Cloudflare Workers infrastructure, which does not store your content) and then forwarded to Anthropic (Claude API) and OpenAI for generation. No other third parties receive your content data for AI processing.
• How it is used: Solely to generate the Impression or Life Arc text returned to you in the app. The result is stored on your device only.
• Third-party commitment: Anthropic and OpenAI are bound by enterprise-grade data protection agreements and provide equal or greater data protection to what Embra commits to directly. Neither company uses data submitted via API for model training — this is documented in Anthropic's usage policy and OpenAI's enterprise privacy policy. Their respective policies govern their full data handling practices and may be updated over time — we encourage you to review them directly.
• Your choice: All archiving features work without using AI. You may archive memories, add connections, and export your data without ever triggering an AI feature.

iCloud & CloudKit

If you have iCloud enabled, your data syncs privately through Apple's CloudKit infrastructure. This data is governed by Apple's Privacy Policy and is accessible only to you.

Analytics & Privacy

We believe in absolute transparency. We use third-party analytics platforms to understand how visitors interact with our website and how users navigate our mobile applications, allowing us to continuously refine the experience. We do not track you across the web, nor do we sell or share your data.

• Website Analytics (Microsoft Clarity & Amplitude): We use Microsoft Clarity and Amplitude on our landing website pages to capture session heatmaps, scroll depth, and interaction events. This helps us optimize our layout and marketing conversion funnels. This data is strictly anonymous and aggregated.
• App Telemetry (Amplitude): Our mobile applications use Amplitude to track high-level product diagnostic events, such as onboarding screen progression, paywall views, subscription outcomes, and stateful milestones (e.g., total count of records saved). All app telemetry is tied to a pseudonymous, random installation identifier.
• Sacred Privacy Boundary: Under no circumstances do we ever collect or transmit the text content, names, audio recordings, or photos of the people and memories in your archive. Your personal data is completely excluded from all telemetry pipelines. We do not use Microsoft Clarity inside our mobile applications.

Data deletion

You can delete all your data at any time from within the app (Settings → Delete All Data). This removes all records from your device and your iCloud account.

Uninstalling the app removes local data from your device, but your archive stored in iCloud will persist and sync back automatically if you reinstall with the same Apple ID. To permanently delete your iCloud copy, use the in-app Delete All Data action before uninstalling, or go to Settings → [Your Name] → iCloud → Manage Account Storage → Embra → Delete Data.

Contact

Questions about privacy? Email us at privacy@embraarchive.com.