Privacy
Privacy Policy.
Last updated : May 2026
1. Data controller
Embbers
Company registered in France
Email: privacy@embbers.com
2. Data we collect
At registration
- Email address
- Password (stored as an encrypted hash, never in clear text)
- Display name (optional)
- Sign-in method (email, Apple, Google)
During use
- Custom pictograms: photos uploaded by the user (faces, objects, places)
- Custom concepts: names and keywords entered by the user for their pictograms
- Messages: content of messages exchanged in conversations (text, pictograms)
- Preferences: pictogram choices, vocabulary, display settings
Technical data
- Device identifier (for session management)
- Authentication tokens (to keep you signed in)
Data we do NOT collect
- Geolocation
- Phone contacts
- Web browsing data
- Advertising identifiers
3. Why we collect this data
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email, password | Account authentication and security | Performance of the contract |
| Display name | Identification in conversations | Performance of the contract |
| Uploaded photos | Creation of custom pictograms | Consent |
| Messages | Communication between users | Performance of the contract |
| Preferences | Personalisation of the experience | Performance of the contract |
| Device identifier | Session management and security | Legitimate interest |
4. Protection of children
Interfaace is an app designed to be used by children to communicate. We take the protection of minors very seriously.
Adult verification
Registration and configuration of the app are carried out by an adult (parent, legal guardian or professional). A verification mechanism is in place to ensure that an adult initiated the registration.
COPPA compliance (United States)
For users residing in the United States, we comply with the Children’s Online Privacy Protection Act (COPPA). No personal data of a child under 13 is collected without first verifying that an adult carried out the registration.
GDPR Article 8 compliance (European Union)
For users residing in the European Union, consent to data processing is collected from the responsible adult, in accordance with the age thresholds set by each member state.
No advertising, no profiling
We display no advertising in the app. We sell no personal data. We carry out no behavioural profiling of users, and even less of children.
5. Where your data is stored
All data is hosted in France:
- Database: OVH servers located in France
- Photos and images: Scaleway Object Storage, Paris datacenter (fr-par), encryption at rest enabled (SSE-S3)
No personal data is transferred outside the European Union.
6. How long we keep your data
- Active account: data is kept as long as the account is active
- Deleted account: all personal data is erased immediately (profile, photos, preferences, images stored on our servers)
- Files on disk: photos are removed from our storage servers within 24 hours of the deletion request
7. Data sharing
We do not sell, rent or share your personal data with any third party for commercial purposes.
The only third parties with access to your data are our technical subprocessors, strictly necessary for the operation of the service:
| Subprocessor | Role | Location |
|---|---|---|
| OVH (OVHcloud) | Server and database hosting | France |
| Scaleway | Image storage (Object Storage) | France (Paris) |
| Apple / Google | SSO authentication (only if you choose this method) | EU (authentication data only) |
8. Your rights
In accordance with the GDPR, you have the following rights over your data:
- Right of access: know what data we hold about you
- Right to rectification: correct inaccurate data
- Right to erasure: request the deletion of your account and all your data. You can exercise this right directly from the app (Settings > Delete my account) or by contacting us by email.
- Right to portability: receive your data in a readable format
- Right to object: object to the processing of your data
- Right to withdraw consent: withdraw your consent at any time
To exercise these rights, contact us at: privacy@embbers.com
We respond within a maximum of 30 days.
9. Security
We implement the following technical measures to protect your data:
- Encryption of communications (HTTPS/TLS)
- Encryption of images at rest (SSE-S3)
- Passwords hashed with bcrypt (never stored in clear text)
- Authentication via time-limited JWT tokens
- Image access via time-limited pre-signed URLs (15 minutes)
- Automated data deletion upon account deletion
10. Content reporting
If you encounter inappropriate content in the app, you can report it via the built-in reporting mechanism. We review each report and take appropriate measures in accordance with our legal obligations.
11. Changes to this policy
We may update this privacy policy. In the event of a substantial change, you will be informed through an in-app notification. The date of the last update is shown at the top of this page.
12. Complaint
If you believe that the processing of your data does not comply with the regulations, you can file a complaint with the competent supervisory authority:
In France:
CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy, 75007 Paris
www.cnil.fr
13. Contact
For any question regarding the protection of your data:
- Email: privacy@embbers.com
- Publisher: Embbers — France