Introduction
At Emby.dev, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI model routing service. Please read this policy carefully.1. Information We Collect
1.1 Account Information
When you create an account, we collect:- Email address: For account management and communication
- Name: To personalize your experience
- Company information: If you’re using a business account
- Payment information: Processed securely through our payment provider
- Billing address: For invoicing and tax purposes
1.2 API Usage Data
When you use our Service, we automatically collect:- API requests: Model used, timestamp, response time
- Usage metrics: Token counts, request volumes
- Error logs: For debugging and service improvement
- IP addresses: For security and fraud prevention
- User agent: Browser and device information
1.3 Technical Data
- Cookies: For authentication and preferences
- Session data: To maintain your logged-in state
- Device information: Operating system, browser type
- Performance data: Page load times, API latency
2. How We Use Your Information
2.1 Service Provision
We use your data to:- Provide and maintain our Service
- Process your API requests
- Manage your account and subscriptions
- Send service-related communications
- Provide customer support
2.2 Service Improvement
- Analyze usage patterns to improve performance
- Debug and fix technical issues
- Develop new features and capabilities
- Monitor service health and uptime
2.3 Security and Fraud Prevention
- Detect and prevent fraudulent activity
- Protect against security threats
- Enforce our Terms of Service
- Comply with legal obligations
2.4 Communications
- Send account-related notifications
- Provide technical updates and maintenance notices
- Share product updates (with your consent)
- Respond to your inquiries
3. Data We Do NOT Collect or Store
4. Data Sharing and Disclosure
4.1 Third-Party Service Providers
We share data with:- Payment processors: Stripe for payment processing
- AI model providers: Only the specific requests you make (OpenAI, Anthropic, Google, etc.)
- Infrastructure providers: bit.nl for EU-hosted servers
- Analytics tools: For service monitoring (anonymized data only)
4.2 Legal Requirements
We may disclose your information if required to:- Comply with legal obligations
- Respond to valid legal requests
- Protect our rights and property
- Prevent fraud or security threats
- Protect user safety
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.5. Data Security
5.1 Security Measures
We implement industry-standard security measures:- Encryption: All data in transit uses TLS 1.3
- Access controls: Role-based access to systems
- Infrastructure: ISO27001 and NEN7510 certified hosting
- Monitoring: 24/7 security monitoring
- Backups: Regular encrypted backups
- Penetration testing: Regular security audits
5.2 EU Data Hosting
- All data is hosted in the European Union
- Infrastructure located in the Netherlands
- Compliant with GDPR requirements
- No data transfers outside the EU without explicit consent
6. Data Retention
6.1 Account Data
- Retained while your account is active
- Deleted within 90 days of account closure
- You may request immediate deletion
6.2 API Logs
- Stored for 30 days for debugging purposes
- Automatically deleted after retention period
- Contains only metadata (no prompts or responses)
6.3 Billing Records
- Retained for 7 years for tax and legal compliance
- Contains only transaction information
- Stored securely and separately
7. Your Rights (GDPR)
Under GDPR, you have the right to:7.1 Access
- Request a copy of your personal data
- Receive data in a structured, machine-readable format
- Response within 30 days
7.2 Rectification
- Correct inaccurate personal data
- Complete incomplete data
- Update your information anytime
7.3 Erasure (“Right to be Forgotten”)
- Request deletion of your personal data
- Exceptions apply for legal obligations
- Processed within 30 days
7.4 Restriction
- Limit how we use your data
- Object to certain processing activities
- Withdraw consent at any time
7.5 Portability
- Receive your data in a portable format
- Transfer data to another service
- Provided in JSON or CSV format
7.6 Object
- Object to data processing for direct marketing
- Object to automated decision-making
- Opt-out of non-essential communications
8. Cookies and Tracking
8.1 Essential Cookies
Required for the Service to function:- Authentication: Keep you logged in
- Security: CSRF protection
- Preferences: Remember your settings
8.2 Analytics Cookies
Help us improve the Service (optional):- Usage analytics: Page views, feature usage
- Performance monitoring: Load times, errors
- A/B testing: Feature experiments
8.3 Cookie Control
- You can disable cookies in your browser
- Essential cookies are required for the Service
- Analytics cookies can be opted out
9. International Data Transfers
9.1 EU Hosting
- Primary data storage in the Netherlands
- Backup systems within the EU
- No routine transfers outside the EU
9.2 Third-Party Providers
When you use models from providers outside the EU:- OpenAI (US): Your requests are sent to OpenAI’s API
- Anthropic (US): Your requests are sent to Anthropic’s API
- Google (Global): May process in various regions
10. Children’s Privacy
- Our Service is not intended for users under 18
- We do not knowingly collect data from children
- If we discover such data, we will delete it immediately
- Parents may contact us to request deletion
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:11.1 Right to Know
- Categories of personal information collected
- Sources of personal information
- Business purposes for collection
- Third parties with whom we share data
11.2 Right to Delete
- Request deletion of personal information
- Exceptions for legal obligations
- Confirmation of deletion provided
11.3 Right to Opt-Out
- Opt-out of sale of personal information
- We do NOT sell personal information
11.4 Non-Discrimination
- We will not discriminate for exercising your rights
- Same service quality regardless of privacy choices
12. Data Protection Officer
For privacy-related inquiries, contact our Data Protection Officer: Email: privacy@emby.aiSubject: Data Protection Inquiry
Response time: Within 48 hours
13. Changes to This Policy
13.1 Notification
- We will notify you of material changes via email
- Changes posted on this page with updated date
- Continued use constitutes acceptance
13.2 Review
- We recommend reviewing this policy periodically
- Significant changes will be highlighted
- Previous versions available upon request
14. Contact Us
For questions about this Privacy Policy: Email: hello@emby.aiPrivacy Email: privacy@emby.ai
Website: https://emby.dev
Address: Netherlands (EU)
15. Compliance Certifications
Our infrastructure is certified with:- ISO 27001: Information security management
- NEN 7510: Healthcare information security (Netherlands)
- GDPR: Full compliance with EU data protection
- SOC 2 Type II: (In progress)
Your Privacy Matters: We are committed to protecting your privacy and being transparent about our data practices. If you have any questions or concerns, please don’t hesitate to contact us.