Privacy Policy

Last updated: February 2026

1. Information We Collect

Embeden is a product of WhitegloveAI LLC ("Company", "we", "us"). We collect the following categories of information:

  • Account information: your email address and display name, provided when you sign in via magic link.
  • Usage data: API query logs, dataset access records, and billing events, used to calculate charges and generate invoices.
  • Payment information: payment processing is handled entirely by Stripe. Embeden stores only a Stripe customer ID — no card numbers or bank details are stored on our servers.
  • Technical data: IP addresses, browser type, and request metadata collected automatically for security and performance monitoring.

2. How We Use Your Information

We use collected information to:

  • Authenticate your account and maintain your session
  • Calculate and invoice API usage fees
  • Process payouts to IP Holders
  • Send transactional emails (sign-in links, invoices, payout notifications)
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the platform through aggregated, anonymised analytics

3. Information Sharing

We do not sell your personal information. We share data only with:

  • Stripe: for payment processing and fraud prevention
  • Resend: for transactional email delivery
  • Cloud infrastructure providers: for hosting and database services, under data processing agreements
  • Law enforcement: when required by applicable law or valid legal process

4. Data Retention

We retain account data for as long as your account is active. Usage logs and billing records are retained for seven years to comply with financial record-keeping requirements. You may request deletion of your account and associated personal data at any time by contacting us at [email protected]. Note that billing records required for legal compliance cannot be deleted.

5. Cookies and Tracking

Embeden uses a single session cookie to maintain your authenticated state. We do not use third-party advertising cookies or cross-site tracking technologies. Analytics, if any, are aggregated and anonymised.

6. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted session tokens, rate limiting, and access controls. No system is perfectly secure; if you discover a vulnerability, please report it to [email protected].

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at [email protected].

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, contact us at [email protected].