Privacy Policy

Privacy details behind our safe and managed workflow model.

This policy explains what we collect, how we use it, and how privacy supports our deliberate-operations promise across EmberDeck operations.

Related policies: Terms & Conditions, Cookie Policy, EULA, and Security Notice.

EmberDeck - Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy ("Policy") describes how MyMetrix LLC, a Florida limited liability company located at 10030 Daybreak Gln, Parrish, FL 34219 ("Company," "MyMetrix," "we," "us," "our"), collects, uses, discloses, and otherwise processes information in connection with EmberDeck (the "Service").

By accessing or using the Service, you acknowledge this Policy. If you do not agree, do not use the Service.

EmberDeck is a software product created, operated, and wholly owned by MyMetrix LLC. References to "EmberDeck" in this Policy refer to the Service brand operated by MyMetrix LLC. The EmberDeck name, logo, and related branding are trademarks and/or service marks of MyMetrix LLC.

1. Definitions

For purposes of this Policy:

  • "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual or household.
  • "Customer Data" means data and cloud resources accessed through your credentials and permissions when using the Service.
  • "Processing" means any operation performed on information, including collection, storage, use, disclosure, transfer, or deletion.
  • "Service Providers" means vendors acting on our behalf to support operations (e.g., subscription management, logging, support tooling).

2. Scope

2.1 This Policy applies to Personal Information processed by Company in connection with the Service.

2.2 This Policy does not govern third-party sites, apps, APIs, or services that are not operated by Company, even if integrated with the Service.

3. Roles

3.1 For information we collect for account operations, diagnostics, support, subscriptions, and legal compliance, Company acts as a controller/business (or equivalent role under applicable law).

3.2 For Customer Data in your own Firebase/Google Cloud projects, you or your organization generally determine processing purposes and means.

3.3 The Service uses your signed-in Google account OAuth token and your project IAM permissions to request data directly from Google/Firebase APIs.

3.4 For certain features (for example, Events background monitoring), we may ask you to upload a read-only service account credential for your own project. Where used, this credential is limited to that feature’s operations and can be rotated or revoked by you.

4. Categories of Information We Process

4.1 Information You Provide Directly

  • Account registration and profile details from sign-in methods you use (e.g., email address, display name, provider identifiers, Firebase user ID/UID).
  • Security and recovery details related to account setup and protection (e.g., verified email status, MFA phone number/factor metadata, notification contact points).
  • Support communications and related attachments (e.g., messages, screenshots, diagnostics you submit).

4.2 Information Collected Automatically

  • Device and app metadata (e.g., platform, OS version, app version, crash/error telemetry).
  • Usage metadata (e.g., feature usage events, timestamps, non-secret technical context).
  • Authentication/security event metadata (e.g., sign-in success/failure, verification challenge outcomes, anti-abuse/risk signals, session changes).
  • Subscription and entitlement metadata (e.g., plan status, product identifiers, transaction state).
  • Notification and messaging metadata (e.g., channel preferences, consent/opt-out state, delivery status, timestamps, and messaging provider IDs).
  • Push token association metadata used to map app instances and devices to your app account for notifications/results synchronization.

4.3 Local On-Device Operational Storage

The Service may store information locally on your device, including:

  • session and sign-in context;
  • preferences and project-selection state;
  • cached notification preferences and channel state;
  • local audit/history records; and
  • local pre-change recovery snapshots used for undo/recovery workflows.

Local recovery snapshots are generally device-bound and may not be retrievable from another device.
This local storage is in addition to online/cloud processing and storage described in Section 4.4.

4.4 Online and Cloud-Based Processing/Storage

In addition to local device storage, information may be processed or stored online by Company systems and/or Service Providers where required to operate the Service, including:

  • account and authentication records;
  • support/helpdesk communications;
  • operational logs, monitoring, and error diagnostics;
  • subscription and entitlement state;
  • notification consent and channel metadata;
  • provider-hosted records created through Firebase/Google Cloud services you use with the Service.

Online processing and storage are limited to what is reasonably necessary for service operation, security, legal compliance, and support.

4.5 Information We Generally Do Not Intentionally Store in Company Backends

  • Google account passwords;
  • biometric templates;
  • passkey private keys (managed by your OS/platform credential manager and not accessible to Company as plaintext);
  • full payment card numbers;
  • full OAuth tokens in Company backend systems;
  • full SMS or email message body history except where required for delivery operations, abuse prevention, legal compliance, or support you request;
  • full Customer Data payloads from Firebase/Google Cloud projects, except where explicitly provided to us by you (e.g., support submissions).

5. Sources of Information

We collect information from:

  • you directly;
  • your device and app usage;
  • identity/sign-in providers;
  • app stores and subscription providers;
  • Service Providers used for operations and support.

6. Purposes of Processing

We process information to:

  • provide authentication and core functionality;
  • verify account ownership (including email verification and multi-factor checks where enabled);
  • operate, maintain, secure, and improve the Service;
  • diagnose defects and performance issues;
  • process subscriptions and enforce entitlements;
  • detect/prevent abuse, fraud, and security incidents;
  • send service communications, including account/security notices and user-configured notifications through in-app, SMS, and email channels (as applicable);
  • deliver transactional notification content such as event notifications, event failure notices, version/update notices, message reminders, and operational reminders;
  • use in-app, SMS, and email notification channels only for transactional Service communications and not for marketing or promotional campaigns;
  • process messaging consent, opt-in/opt-out events, and channel preference changes;
  • administer SMS consent lifecycle controls, including enrollment requests, confirmation replies (for example, YES or START where required), opt-out handling (STOP and equivalent commands), and support requests (HELP and equivalent commands);
  • enforce channel suppression and consent restrictions (for example, blocking SMS delivery when consent is pending, withdrawn, or invalid);
  • comply with legal obligations and enforce agreements;
  • communicate with you regarding support, operational notices, and legal updates;
  • provide transparent access guidance about OAuth scopes, API enablement, and IAM requirements so you can troubleshoot missing access without sharing project credentials.

We may also process aggregated or de-identified data for analytics and product improvement.

7. Legal Bases (Where Required)

Where applicable (including EU/UK), legal bases may include:

  • performance of a contract;
  • legitimate interests (e.g., security, diagnostics, service improvement);
  • consent (where required);
  • compliance with legal obligations.

8. Disclosure of Information

We may disclose Personal Information:

  • to Service Providers under contractual confidentiality and processing obligations;
  • to app stores/payment/subscription providers to validate purchases and entitlements;
  • to communications providers and telecommunications carriers to deliver transactional SMS/email or related account/security notices, enforce opt-out requests, and satisfy messaging compliance obligations;
  • to comply with legal process, regulatory obligations, or law enforcement requests;
  • to protect rights, property, safety, security, and legal interests;
  • in connection with a merger, acquisition, reorganization, financing, or asset transaction.

We do not sell Personal Information for third-party marketing.

Text messaging originator opt-in data and consent will not be shared, sold, rented, or purchased by third parties or affiliates for their own marketing or promotional purposes.
Mobile phone numbers and SMS consent data are used only to provide EmberDeck transactional Service communications and to comply with messaging laws, carrier rules, and suppression obligations.
For EmberDeck SMS notifications, message frequency varies based on account activity and configuration, and message/data rates may apply.

9. Third-Party Services

Your use of third-party providers is subject to those providers' terms and policies. Examples include:

We do not control third-party privacy practices.

10. Data Retention

We retain Personal Information for as long as reasonably necessary for the purposes described in this Policy, including operational, legal, accounting, security, and dispute-resolution needs.

Retention may vary by category:

  • local device data is retained according to device/app lifecycle and your actions;
  • support records are retained for support continuity and legal compliance;
  • operational logs are retained according to internal and provider retention settings;
  • subscription records are retained for financial and entitlement administration;
  • online/account records are retained in Company and Service Provider systems as required for account operation, security, and compliance;
  • account security records (including verification and MFA lifecycle metadata) are retained for security, fraud prevention, and audit;
  • messaging consent and opt-out records are retained as needed for legal compliance and suppression management.

11. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect Personal Information. No system is perfectly secure, and we cannot guarantee absolute security.

You are responsible for safeguarding your accounts, credentials, and device-level access controls.
Where available, use strong passwords, passkeys, MFA, and secure device access controls.

12. Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

  • request access to Personal Information;
  • request correction of inaccurate information;
  • request deletion, subject to legal exceptions;
  • object to or restrict certain processing;
  • request portability of certain information;
  • lodge a complaint with a supervisory authority.

To exercise rights, contact support@emberdeck.xyz. We may request identity verification before acting on requests.

You may also:

  • sign out of the Service;
  • remove the app from your device;
  • update or remove notification channel preferences in-app;
  • disable in-app notifications through app or device settings where available;
  • opt out of SMS notifications by using supported unsubscribe keywords (e.g., STOP) where applicable;
  • request SMS help information by using supported help keywords (e.g., HELP) where applicable;
  • re-enable SMS notifications only by completing applicable re-consent flows (for example, supported opt-in keywords such as START/YES, where required);
  • disable email notifications through in-app notification settings where available;
  • manage linked provider accounts (e.g., Google, Apple, GitHub, Microsoft) through those providers; and
  • manage permissions and privacy settings through your OS and third-party accounts.

13. U.S. State Privacy Disclosures

13.1 We do not sell Personal Information for third-party advertising.

13.2 Residents of California and other U.S. states may have additional statutory rights, subject to eligibility and legal exceptions.

14. International Data Transfers

We and our Service Providers may process information in the United States and other jurisdictions. By using the Service, you understand that information may be transferred to and processed in jurisdictions with data protection laws different from your own.

15. Children

The Service is not directed to children under 13 (or higher minimum age where required by local law). We do not knowingly collect Personal Information from children below the applicable minimum age.

If you believe such information has been collected, contact us and we will take appropriate action.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last Updated" date and, where required, by additional notice.

Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact

MyMetrix LLC
10030 Daybreak Gln
Parrish, FL 34219
United States

Email: support@emberdeck.xyz
Web: https://emberdeck.xyz/support

EmberDeck - Firebase & Firestore admin companion. (c) 2026 MyMetrix LLC. All rights reserved.