GHDM LLC ("Embive," "we," "us," or "our") operates the Embive mobile application and the website at embive.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using Embive, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Personal Information You Provide
When you create an account and use Embive, you may provide us with the following information:
- Account information: Your name, email address, and authentication credentials.
- Partner information: Your partner's name, interests, preferences, and personality details that you choose to provide to help us personalize gift recommendations.
- Occasion data: Important dates such as birthdays, anniversaries, and other occasions you add to Embive.
- Gift history: Records of gifts you have browsed, selected, or purchased through the app, including purchase amounts.
- Subscription information: Your subscription status (free, trial, or premium) and related transaction data.
Information Collected Automatically
When you access or use the Service, we may automatically collect certain information, including:
- Device information: Device type, operating system, unique device identifiers, and mobile network information.
- Usage data: Features you interact with, screens visited, time spent in the app, and general usage patterns.
- Affiliate click tracking data: When you tap on a gift recommendation or affiliate link, we record the gift identifier, your user ID, subscription status, the screen you were on, the occasion type, the affiliate network, the destination URL, and any associated tracking tags. This data is stored in our systems to track referrals and attribute commissions from our affiliate partners.
- Log data: IP address, browser type, access times, and referring URLs when you visit our website.
Locally Stored Data
Embive stores certain data locally on your device using AsyncStorage to improve app performance and enable offline functionality. This may include cached preferences, onboarding state, and other app settings. This data remains on your device and is not transmitted to our servers unless necessary for the Service to function.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and personalize the Service: To deliver tailored gift recommendations based on your partner's interests, personality, and upcoming occasions.
- Manage your account: To create, maintain, and secure your user account and subscription.
- Process transactions: To facilitate purchases made through affiliate links and to track your gift history.
- Send reminders and notifications: To notify you of upcoming occasions, gift ideas, and other relevant information.
- Improve the Service: To analyze usage patterns, diagnose technical issues, and develop new features.
- Affiliate attribution: To track clicks on affiliate links so that we can earn commissions from our affiliate partners when you make qualifying purchases.
- Communicate with you: To respond to inquiries, provide customer support, and send service-related communications.
- Comply with legal obligations: To meet applicable legal requirements, enforce our terms, and protect our rights.
3. How We Share Your Information
Embive does not sell your personal information. We do not have social features, and your data is not shared with other Embive users. We may share information in the following limited circumstances:
Service Providers
We use third-party service providers to help operate our Service, including:
- Supabase: Our backend infrastructure and authentication provider. Supabase processes and stores your account data, partner information, occasion data, gift history, and affiliate click data on our behalf.
- RevenueCat: Our subscription management platform, which processes subscription status and transaction data to manage your premium membership.
- Expo / React Native: The development framework used to build the Embive app, which may collect basic crash reports and diagnostics.
These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.
Affiliate Partners
When you click an affiliate link in Embive, certain data (such as a tracking tag and the referring URL) is transmitted to the relevant affiliate network or retailer. This is described in detail in Section 4 below.
Legal Requirements
We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to:
- Comply with a legal obligation, subpoena, or court order.
- Protect and defend the rights or property of GHDM LLC.
- Prevent or investigate possible wrongdoing in connection with the Service.
- Protect the personal safety of users of the Service or the public.
Business Transfers
If GHDM LLC is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice within the app before your information becomes subject to a different privacy policy.
4. Affiliate Links and Third-Party Services
Affiliate Disclosure: Embive earns commissions from qualifying purchases made through affiliate links in the app. This helps us keep the Service running and does not affect the price you pay for any product.
Embive participates in affiliate advertising programs designed to provide a means for us to earn fees by linking to retailer websites. Our current and potential affiliate partners include:
- Amazon Associates Program: Embive is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate, Embive earns from qualifying purchases.
- CJ Affiliate (Commission Junction): We may participate in affiliate programs through CJ Affiliate, which may include retailers such as Groupon, Uncommon Goods, Goldbelly, 1-800-Flowers, and other merchants.
What Happens When You Click an Affiliate Link
When you tap a gift recommendation in Embive, you are redirected to an external retailer's website through an affiliate tracking link. At that point:
- We record the click in our system (including the gift ID, occasion type, source screen, affiliate network, destination URL, and tracking tag).
- The affiliate network or retailer may place cookies on your browser or device to track your session and attribute any subsequent purchases to Embive.
- Once you leave Embive and arrive at the retailer's website, your activity on that website is governed by that retailer's own privacy policy, not ours.
We encourage you to review the privacy policies of any third-party websites you visit through Embive.
FTC Compliance
In accordance with the Federal Trade Commission's (FTC) guidelines on endorsements and testimonials, we disclose our affiliate relationships prominently within the app. Gift recommendations in Embive are influenced by affiliate partnerships, and this is clearly disclosed at the point of interaction.
5. Data Storage and Security
Your data is stored using the following methods:
- Cloud storage: Account data, partner information, occasions, gift history, and affiliate click data are stored in our Supabase-hosted database. Supabase uses industry-standard security measures, including encryption in transit (TLS) and at rest.
- Local storage: Certain preferences and cached data are stored locally on your device using AsyncStorage. This data is sandboxed within the Embive app and is not accessible to other apps on your device.
We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
- Secure authentication through Supabase Auth with encrypted credentials.
- Row-level security policies on our database to ensure users can only access their own data.
- Encrypted data transmission using HTTPS/TLS for all communications between the app and our servers.
- Regular review of our data collection, storage, and processing practices.
While we strive to protect your personal information, no method of electronic storage or transmission over the Internet is completely secure. We cannot guarantee absolute security, but we are committed to following industry best practices.
6. Your Privacy Rights
Depending on your location, you may have specific rights regarding your personal information. Below we describe rights available under various laws.
Rights for All Users
Regardless of where you live, you can:
- Access your data: Request a copy of the personal information we hold about you.
- Correct your data: Update or correct inaccurate personal information through the app settings or by contacting us.
- Delete your account: Request deletion of your account and associated data by contacting us at info@embive.com.
California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following additional rights:
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: Embive does not sell or share your personal information as defined under the CCPA/CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
- Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information, you may request that we limit its use to what is necessary to provide the Service.
To exercise these rights, contact us at info@embive.com. We will verify your identity before processing your request and respond within 45 days as required by law.
Notice at Collection: We collect the categories of personal information described in Section 1 for the business purposes described in Section 2. We do not sell your personal information. We retain your data as described in Section 8.
Virginia Residents (VCDPA)
If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) provides you with rights to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling. To exercise these rights, contact us at info@embive.com. You may appeal our decision regarding your request by contacting us at the same address.
Colorado Residents (CPA)
If you are a Colorado resident, the Colorado Privacy Act (CPA) provides you with rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising, the sale of personal data, or certain profiling. To exercise these rights, contact us at info@embive.com.
Connecticut Residents (CTDPA)
If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) grants you similar rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of the sale of personal data, targeted advertising, and profiling. Contact us at info@embive.com to exercise these rights.
Other US State Privacy Laws
Residents of other states with comprehensive privacy laws (including but not limited to Utah, Oregon, Texas, Montana, Iowa, Indiana, Tennessee, and other states that have enacted consumer privacy legislation) may have similar rights to access, correct, delete, and port their personal data. We are committed to honoring the privacy rights granted by applicable state laws. Please contact us at info@embive.com to exercise any rights available to you under your state's law.
European Economic Area, United Kingdom, and Switzerland (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent laws provide you with the following rights:
- Legal Basis for Processing: We process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide you with the Service (account management, gift recommendations, occasion tracking).
- Legitimate interest: Processing for analytics, service improvement, and affiliate attribution, where our interests do not override your fundamental rights.
- Consent: Where required, such as for marketing communications. You may withdraw consent at any time.
- Legal obligation: Processing necessary to comply with applicable laws.
- Right of Access: You may request a copy of your personal data.
- Right to Rectification: You may request correction of inaccurate data.
- Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
- Right to Restriction of Processing: You may request that we restrict the processing of your data under certain circumstances.
- Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format.
- Right to Object: You may object to the processing of your personal data based on legitimate interests.
- Automated Decision-Making: Our gift recommendation engine uses automated processing to suggest gifts, but these recommendations are informational only and do not produce legal or similarly significant effects.
To exercise these rights, contact us at info@embive.com. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
International Data Transfers
If you are located outside the United States, please be aware that your data is transferred to and processed in the United States where our servers are located. By using the Service, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards where required to ensure your data is protected in accordance with applicable law.
7. Children's Privacy
Embive is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. Our Service is intended for users who are at least 13 years of age.
If you are a parent or guardian and you believe your child under 13 has provided us with personal information, please contact us immediately at info@embive.com. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to promptly delete that information from our servers.
For users between the ages of 13 and 18, we recommend that a parent or guardian review and discuss this Privacy Policy with them before using the Service.
COPPA Compliance: In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13. We comply with all applicable requirements of COPPA.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specific retention periods include:
- Account data: Retained for the duration of your account. Upon account deletion, we will delete or anonymize your data within 30 days, except as required by law.
- Partner and occasion data: Retained for the duration of your account and deleted when your account is deleted.
- Gift history and purchase data: Retained for the duration of your account for your reference and to improve recommendations.
- Affiliate click data: Retained for up to 24 months after the click event for commission tracking and reconciliation with affiliate partners, then deleted or anonymized.
- Subscription data: Retained as long as necessary to manage your subscription and comply with financial record-keeping requirements.
- Locally stored data: Remains on your device until you uninstall the app or clear the app's data.
After your account is deleted, we may retain certain information in anonymized or aggregated form for analytical purposes, provided that such information cannot be used to identify you.
9. International Users
GHDM LLC is based in the state of Maryland, United States. The Service is primarily designed for users in the United States. If you access the Service from outside the United States, please be aware that:
- Your data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
- By using the Service, you consent to the transfer of your data to the United States.
- We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law.
- For users in the EEA, UK, and Switzerland, we rely on Standard Contractual Clauses and other appropriate legal mechanisms to ensure adequate protection for international data transfers.
If specific international regulations require additional disclosures or safeguards, we will comply with such requirements to the extent applicable.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:
- We will update the "Effective Date" at the top of this page.
- For material changes, we will provide notice through the app (such as an in-app notification) or via email before the changes take effect.
- Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the revised policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.