Privacy
Privacy Policy
Last updated : May 2026
1. Data controller
EMBBERS SOLUTIONS S.L.
A limited liability company under Spanish law (Sociedad de Responsabilidad Limitada)
Registered office: Polígono 1, Parcela 202, 07460 Pollença, Balearic Islands, Spain
NIF (Tax ID): B27568435 - Filed with the Registro Mercantil de Palma de Mallorca, Hoja PM-106861
Email: legal@embbers.com
Embbers processes personal data in compliance with the General Data Protection Regulation (GDPR, EU 2016/679) and the Spanish Organic Law 3/2018 of 5 December on the protection of personal data (LOPDGDD).
2. Data we collect
At registration
- Email address
- Password (stored as an encrypted hash, never in clear text)
- Display name (optional)
- Sign-in method (email, Apple, Google)
During use
- Custom pictograms: photos uploaded by the user (faces, objects, places)
- Custom concepts: names and keywords entered by the user for their pictograms
- Messages: content of messages exchanged in conversations (text, pictograms)
- Preferences: pictogram choices, vocabulary, display settings
- Subscription status: active plan, status (active, cancelled, in trial), Apple StoreKit receipt. No banking data.
Technical data
- Device identifier (for session management)
- Authentication tokens (to keep you signed in)
Data we do NOT collect
- Geolocation
- Phone contacts
- Web browsing data
- Advertising identifiers
- Banking data (payment is handled exclusively by Apple)
3. Why we collect this data
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email, password | Account authentication and security | Performance of the contract |
| Display name | Identification in conversations | Performance of the contract |
| Uploaded photos | Creation of custom pictograms | Consent |
| Uploaded photos | Automatic detection of inappropriate content | Legal obligation (protection of minors) |
| Messages | Communication between users | Performance of the contract |
| Preferences | Personalisation of the experience | Performance of the contract |
| Device identifier | Session management and security | Legitimate interest |
| Content of reported conversations (snapshot) | Preservation of evidence in case of a report | Legal obligation (DSA Art. 16, LCEN, REPORT Act) |
| Subscription status | Managing access to paid features | Performance of the contract |
4. Protection of children
Interfaace is an app designed to be used by children to communicate. We take the protection of minors very seriously.
Adult verification
Registration and configuration of the app are carried out by an adult (parent, legal guardian or professional). A verification mechanism is in place to ensure that an adult initiated the registration.
COPPA compliance (United States)
For users residing in the United States, we comply with the Children’s Online Privacy Protection Act (COPPA). No personal data of a child under 13 is collected without first verifying that an adult carried out the registration.
Parents’ rights (COPPA)
In accordance with the Children’s Online Privacy Protection Act, parents or legal guardians have the following rights:
- Review the personal data collected in connection with their child
- Request the deletion of that data
- Refuse any further collection of data concerning their child
To exercise these rights, contact us at: legal@embbers.com
GDPR Article 8 compliance (European Union)
For users residing in the European Union, consent to data processing is collected from the responsible adult, in accordance with the age thresholds set by each member state.
No advertising, no profiling
We display no advertising in the app. We sell no personal data. We carry out no behavioural profiling of users, and even less of children.
5. Where your data is stored
All data is hosted in France:
- Database: OVH servers located in France
- Photos and images: Scaleway Object Storage, Paris datacenter (fr-par), encryption at rest enabled (SSE-S3)
No personal data is transferred outside the European Union.
6. How long we keep your data
- Active account: data is kept as long as the account is active
- Deleted account: all personal data is erased immediately (profile, photos, preferences, images stored on our servers)
- Photos on our servers: removed within 24 hours of the deletion request
- Messages in shared conversations: the account is anonymised (the content of the messages remains visible, the name is replaced with “Deleted user”)
- Technical logs: kept for a maximum of 12 months, then automatically deleted
- Backups: backups containing data from deleted accounts are overwritten within a maximum of 30 days (backup rotation cycle)
- Conversation reports: if a conversation is reported, a snapshot of its content (recent messages) is kept for 1 year from the report, in accordance with legal evidence-preservation obligations. After this period, the snapshot is deleted automatically.
7. Data sharing
We do not sell, rent or share your personal data with any third party for commercial purposes.
The only third parties with access to your data are our technical subprocessors, strictly necessary for the operation of the service:
| Subprocessor | Role | Location |
|---|---|---|
| OVH (OVHcloud) | Server and database hosting | France |
| Scaleway | Image storage (Object Storage) and transactional email sending (TEM). Email content is not retained after delivery; routing metadata kept for 7 days. | France (Paris) |
| AWS (Amazon Rekognition) | Automatic image analysis to detect inappropriate content. Images are processed in memory and not stored by AWS. | EU (Spain) |
| Apple / Google | SSO authentication (if you choose this method); in-app purchase and subscription management via StoreKit (Apple) | EU (authentication and payment data only) |
8. Your rights
In accordance with the GDPR, you have the following rights over your data:
- Right of access: know what data we hold about you
- Right to rectification: correct inaccurate data
- Right to erasure: request the deletion of your account and all your data. You can exercise this right directly from the app (Settings > Delete my account) or by contacting us by email.
- Right to portability: receive your data in a readable format
- Right to object: object to the processing of your data
- Right to withdraw consent: withdraw your consent at any time
To exercise these rights, contact us at: legal@embbers.com
We respond within a maximum of 30 days.
9. Security
We implement the following technical measures to protect your data:
- Encryption of communications (HTTPS/TLS)
- Encryption of images at rest (SSE-S3)
- Passwords hashed with bcrypt (never stored in clear text)
- Authentication via time-limited JWT tokens
- Image access via time-limited pre-signed URLs (15 minutes)
- Automated data deletion upon account deletion
- Notification to affected users in the event of a data breach, as soon as possible and in accordance with applicable legal obligations (GDPR Art. 34, NY SHIELD Act)
10. Content reporting
If you encounter inappropriate content in the app, you can report it via the built-in reporting mechanism.
We commit to:
- Reviewing each report within 48 business hours
- Keeping a copy of the reported content for the legal evidence-retention period (1 year), regardless of any subsequent deletion of the content or account
- Informing the reporter of the outcome of their report
- Taking appropriate measures in accordance with our legal obligations
In the case of manifestly unlawful content, we may act without delay, including by removing the content and reporting the offence to the competent authorities. For users residing in the United States, we cooperate with the National Center for Missing & Exploited Children (NCMEC) via the CyberTipline in accordance with applicable federal law.
11. Changes to this policy
We may update this privacy policy. In the event of a substantial change, you will be informed through an in-app notification. The date of the last update is shown at the top of this page.
12. Complaint
If you believe that the processing of your data does not comply with the regulations, you can file a complaint with the competent supervisory authority:
Spain (the publisher’s authority):
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6, 28001 Madrid
www.aepd.es
If you reside in another European Union member state, you may also contact the data protection authority of your country of residence.
13. Contact
For any question regarding the protection of your data:
- Email: legal@embbers.com
- Publisher: EMBBERS SOLUTIONS S.L. - Pollença, Spain