Ember Forge
Log inStart free

Legal

Privacy Policy

Read how Ember Forge collects, uses, and protects personal information.

Version 1.5.0Effective 2026-04-29Updated 2026-04-29
Operator and Legal Entity
-------------------------
Ember Forge ("we," "our," or "us") is a digital platform operated by M & W Logistics LLC, a Virginia limited liability company ("Company").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform.

DBA Disclosure Notice
---------------------
Ember Forge is the product and service brand used by M & W Logistics LLC for this platform.
All references to "Ember Forge" in this document refer to the services operated by M & W Logistics LLC.

1. INTRODUCTION
---------------
Ember Forge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform.

2. INFORMATION WE COLLECT
-------------------------

2.1 Information You Provide Directly
------------------------------------
Account Information:
- Name and email address
- Password (encrypted)
- Company name and business information
- Billing information (processed by Stripe)
- Phone number (for SMS notifications)

Content Data:
- Social media posts and captions
- Uploaded images and videos
- Scheduling preferences
- AI prompt inputs

Platform Credentials:
- OAuth tokens for connected social media accounts
- Platform-specific user IDs
- Account permissions and scopes

2.2 Information Collected Automatically
---------------------------------------
Usage Data:
- Features used and frequency
- Post performance metrics
- Login times and IP addresses
- Device and browser information
- Session duration and page views

Analytics Data:
- Social media engagement metrics
- Audience demographics (aggregated)
- Post reach and impressions
- Optimal posting time patterns

2.3 Third-Party Data
--------------------
Social Platform Data:
- Public profile information
- Page/account insights
- Follower counts and growth
- Engagement metrics
- Platform-specific analytics
- Metadata provided by social platforms depending on permissions granted

2.4 Use of Facebook and Instagram Data
--------------------------------------
When you connect a Facebook Page or Instagram business account to Ember Forge, we access certain information from Meta's APIs based on the permissions you grant. This may include:

- Facebook Page IDs and Instagram business account IDs
- Media IDs and publishing status
- Post insights such as reach, impressions, saves, and engagement metrics
- Page insights and aggregate performance analytics
- Basic profile and account metadata for connected assets
- OAuth tokens required to authenticate and publish content you create
- Metadata needed to confirm the connection between a Page and its linked Instagram business account

We use this data solely to provide our platform's core features:

- Allowing you to create, schedule, and publish posts to your connected Facebook Page and Instagram business account
- Displaying analytics and performance metrics for the content you publish
- Maintaining secure authentication, token refresh, and publishing workflows
- Associating insights with posts you create and manage through our platform

We do not use Meta data to build profiles of individual people who interact with your content, and we do not sell or transfer Meta-derived data to third parties. We only share Meta data with trusted service providers who help us operate the platform (such as hosting and logging providers), and only under contracts that require them to protect this information and use it solely to support our service.

If you disconnect your Facebook Page or Instagram account, or if you delete your Ember Forge account, we stop collecting data from Meta on your behalf and delete or anonymize previously stored Meta-derived data in accordance with our retention policy.

You may request deletion of Meta data associated with your account at any time by visiting our Data Deletion Page at:
/legal/data-deletion

2.5 Use of TikTok Data
----------------------
When you connect a TikTok account to Ember Forge, we may access certain TikTok account information and content metadata based on the permissions you grant. This may include:

- TikTok account identifiers and basic profile metadata
- OAuth tokens and related authorization metadata
- Video identifiers, publishing status, and transfer state
- Video list data and analytics or performance metadata made available by TikTok
- Metadata needed to support publishing, reporting, and coaching features

We use this data solely to provide our platform's core features:

- Allowing you to connect your TikTok account to Ember Forge
- Allowing you to upload, draft, or publish TikTok content you explicitly create
- Displaying analytics, reporting, and coaching insights derived from TikTok performance data when available
- Maintaining secure authentication, token refresh, and publishing workflows

We do not sell or transfer TikTok-derived data to third parties. We share TikTok-derived data only with trusted service providers who help us operate the platform, and only under contracts that require them to protect this information and use it solely to support our service.

If you disconnect your TikTok account, or if you delete your Ember Forge account, we stop collecting TikTok data on your behalf and delete or anonymize previously stored TikTok-derived data in accordance with our retention policy.

3. HOW WE USE YOUR INFORMATION
------------------------------

3.1 Service Delivery
--------------------
- Schedule and publish your social media content
- Generate AI-powered captions and suggestions
- Provide analytics and performance insights
- Send notifications about post status
- Process payments and manage subscriptions

3.2 Service Improvement
-----------------------
- Analyze usage patterns to improve features
- Develop new functionalities
- Optimize AI model performance
- Enhance user experience
- Conduct A/B testing
- We do not use Facebook or Instagram data to build profiles of individual people who interact with your content.

3.3 Communication
-----------------
- Send service-related emails
- Notify about scheduled post status
- Alert about account issues
- Share product updates (with consent)
- Respond to support requests

3.4 Legal and Security
----------------------
- Comply with legal obligations
- Enforce our Terms of Service
- Protect against fraud and abuse
- Maintain platform security
- Resolve disputes

4. DATA SHARING AND DISCLOSURE
------------------------------

4.1 Service Providers
---------------------
We share data with trusted third parties who assist in operating our service:

Provider | Purpose | Location
----------|----------|----------
Amazon Web Services (AWS) | Cloud infrastructure (Aurora Serverless v2 PostgreSQL, S3, SES, CloudFront, Cognito) | United States
Stripe | Payment processing | United States
OpenAI | AI services for content generation (anonymized prompts only) | United States

4.2 Social Media Platforms
--------------------------
- We share content you create with platforms you've connected.
- OAuth tokens are used to authenticate on your behalf.
- We access only the permissions you explicitly grant.

Additional Meta Compliance Statement:
We do not sell or transfer Facebook or Instagram data to third parties. We only use Meta-derived data to deliver our platform functionality, such as scheduling, publishing, and analytics. We share Meta data only with subprocessors necessary to operate our service, and only under strict confidentiality and data protection agreements.

Additional TikTok Compliance Statement:
We do not sell or transfer TikTok-derived data to third parties. We only use TikTok-derived data to deliver platform functionality such as account connection, content publishing, analytics, and coaching or reporting features supported by TikTok permissions and APIs.

4.3 Legal Requirements
----------------------
We may disclose information when required by:
- Court orders or subpoenas
- Law enforcement requests
- National security requirements
- Protection of our legal rights

4.4 Business Transfers
----------------------
If we undergo a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

4.5 Aggregated Data
-------------------
We may share anonymized, aggregated data that cannot identify you personally for research or marketing purposes.

5. DATA RETENTION
-----------------

5.1 Active Accounts
-------------------
- Account data: retained while the account is active
- Posted content: 90 days after publication
- Analytics data: based on subscription tier (90 days for Starter, 1 year for Pro, 2 years for Business)
- AI interactions: 30 days
- Uploaded media: until deleted or account termination

5.2 After Account Termination
-----------------------------
- Basic account info: 90 days for reactivation
- Legal records: 7 years (or as required by law)
- Anonymized analytics: retained indefinitely
- All other data: deleted within 30 days

6. DATA SECURITY
----------------

6.1 Technical Measures
----------------------
- AES-256 encryption for data at rest
- TLS 1.3 for data in transit
- AWS security best practices
- Regular security audits
- Vulnerability scanning

6.2 Operational Security
------------------------
- Access controls and authentication
- Employee security training
- Incident response procedures
- Regular backups
- DDoS protection via AWS CloudFront

6.3 OAuth Token Security
------------------------
- Encrypted storage in AWS Secrets Manager
- Token refresh automation
- Immediate revocation upon disconnect
- No plain-text token storage

7. YOUR RIGHTS AND CHOICES
--------------------------

7.1 Access and Portability
--------------------------
- View all data we have about you
- Export your data
- Request a copy

7.2 Correction and Deletion
---------------------------
- Update incorrect information
- Delete your account and associated data
- Remove specific content or connections

7.3 Communication Preferences
-----------------------------
- Opt out of marketing emails
- Manage notification settings
- Control SMS alerts

7.4 Connected Accounts
----------------------
- Revoke platform permissions
- Disconnect social media accounts
- Manage app permissions

8. COOKIES AND TRACKING
------------------------

8.1 Essential Cookies
---------------------
We use essential cookies for session management, authentication, security, and user preferences. These cookies are required for the service to function correctly.

8.2 Optional Marketing Measurement
----------------------------------
With your consent, we may use a first-party attribution cookie and Meta Pixel to understand which campaigns lead to landing-page visits, signups, and paid conversions. This may include campaign parameters such as UTM values and Meta click identifiers. We use this data to measure marketing performance, not to sell your personal information.

8.3 Consent Banner
------------------
Non-essential marketing measurement cookies and tags are disabled by default until you grant consent through our cookie banner. If you decline, the service remains usable, but we will not enable optional marketing measurement.

9. CHILDREN'S PRIVACY
---------------------
Not intended for users under 18. Any collected data is deleted immediately.

10. INTERNATIONAL DATA TRANSFERS
--------------------------------
- Primary data storage in the U.S.
- Standard Contractual Clauses used for EU transfers
- Data may be processed where service providers operate

11. CALIFORNIA PRIVACY RIGHTS
-----------------------------
(Full CCPA compliance text retained)

12. EUROPEAN PRIVACY RIGHTS
---------------------------
(Full GDPR compliance text retained)

13. AI AND AUTOMATED PROCESSING
-------------------------------

13.1 AI Usage
-------------
- Prompts are anonymized before processing
- No personal data used to train AI models
- Users control all AI-generated content

13.2 No Automated Decision-Making
---------------------------------
We do not make legally significant decisions using AI.

14. CHANGES TO THIS POLICY
--------------------------
Users notified of material changes; previous versions available upon request.

15. CONTACT US
--------------
Data Protection Officer:
privacy@emberforgeapp.com

General Inquiries:
support@emberforgeapp.com

Mailing Address:
Provided upon request

EU Representative:
support@emberforgeapp.com

Copyright 2025 Ember Forge - M & W Logistics LLC
support@emberforgeapp.com