Privacy Policy

Last updated: December 2024

Our Core Privacy Principles

  • Delete by Default -- Your content is automatically deleted according to set schedules. We don't keep what you don't need.
  • End-to-End Encryption -- Your private messages are encrypted so that only you and your intended recipients can read them. We cannot access their contents.
  • No Advertising -- We will never show you ads. Your data is never used to build advertising profiles.
  • No AI Training -- Your data is never used to train artificial intelligence models. Period.

Information We Collect

We collect only the information necessary to provide and improve our services:

Information you provide:

  • Email address (for account creation and communications)
  • Payment information (processed securely through Stripe -- we never store card details)
  • Profile information you choose to add
  • Content you create (posts, messages, stories, event details)

Information collected automatically:

  • Basic analytics (page views, feature usage -- no personal tracking)
  • Device information (OS, browser type -- for compatibility)
  • Crash reports (to fix bugs and improve stability)

How We Use Your Information

  • Provide, maintain, and improve our services
  • Send waitlist notifications and product updates you've opted into
  • Process payments and subscriptions
  • Detect and prevent fraud and abuse
  • Comply with legal obligations

Information We Do NOT Collect or Use

  • We do not read your encrypted messages -- we technically cannot
  • We do not track your location
  • We do not build advertising profiles
  • We do not sell your data to anyone, ever
  • We do not use your data to train AI models

Data Retention

Deletion is a core feature, not an afterthought. Here's how long we keep things:

  • Posts and Stories: 24 hours
  • Events: 7 days after the event ends
  • Messages: End-to-end encrypted; deleted when you delete them
  • Account data: Retained while your account is active; deleted upon account deletion

Data Security

  • End-to-end encryption for private messages using the Signal Protocol
  • TLS encryption for all data in transit
  • Encryption at rest for stored data
  • Regular security audits and assessments

Third-Party Services

We use a minimal number of third-party services, each chosen for their strong privacy practices:

  • Stripe -- Payment processing
  • Cloudflare -- Infrastructure and hosting
  • Beehiiv -- Email waitlist communications only

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your data
  • Opt out of non-essential communications

Children's Privacy

Ephemeral is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. When we make material changes, we will notify you via email or through an in-app notification. Your continued use of Ephemeral after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, contact us at privacy@ephemeralsocial.com.