What we know, what we don't, what we do with it.

The short version

AmberRoom collects only what's needed to run the product. Account data goes to Supabase (hosted in the EU). Payment data goes to Stripe — we never see card numbers. Audio sessions never leave your device. We don't sell, rent, or share data with advertisers. You can export or delete everything from the account page.

What we collect

• Account. Email address, used as your login. No password — we use magic-link authentication (Supabase Auth).
• Subscription. Plan tier (free / Pro / Pro annual), Stripe customer ID, and renewal date. Card details stay with Stripe; we never see them.
• Session history. Each session you start: intent (sleep / calm / focus / etc.), length, timestamp, and your post-session rating if you give one. Stored per-account in Supabase.
• Device profile (free tier or signed-out). If you use AmberRoom without an account, the same session history is kept in your browser's localStorage. It never reaches our servers.
• Optional biometric snapshot. If you connect a wearable (Oura / Apple Health / Google Fit / Whoop), we store the most recent HRV baseline and resting heart rate. We do not stream or retain raw biometric data — only the snapshot used to tune tonight's recipe.

What we don't collect

• Your audio. Audio is generated entirely in your browser. We never record what you hear, never record what your microphone hears, never analyze tone of voice. There is no microphone access.
• Behavioral tracking. No third-party analytics, no Facebook pixel, no Google Analytics, no session replay tools. We use a privacy-respecting first-party counter to know how many sessions ran today; that's the extent of analytics.
• Location data. We don't request or store IP-derived location.
• Contact lists, photos, anything device-side beyond what's described above.

Who can access your data

• You.
• AmberRoom staff, when responding to a support ticket you opened.
• Sub-processors required to run the product: Supabase (database, auth — EU-hosted), Stripe (payments — US/EU). These are bound by their own privacy and processing agreements.
• Law enforcement, if compelled by a subpoena from a jurisdiction we operate in. We will publish the count of any such requests in an annual transparency report.

Cookies

AmberRoom uses two cookies: a session cookie for keeping you signed in, and a preferences cookie remembering your last intent and length. No third-party cookies. No advertising cookies. The cookie banner is informational, not a tracking-consent mechanism, because there's nothing to consent to.

Your rights (GDPR / CCPA)

• Export. The account page has a "Download my data" button. Returns a JSON of every record we hold about you, including session history, subscription status, and biometric snapshots.
• Delete. Same page, "Delete my account." Within 7 days everything is purged from our database; Stripe records are anonymized; backups are overwritten in 30 days.
• Correct. Email privacy@amberroom.app with what needs to change.
• Object. If you don't want us to keep session history (even aggregated), email the same address and we'll set your account to ephemeral mode.

Children

AmberRoom is not directed to children under 13. We don't knowingly collect data from them. If you believe a child has signed up, email privacy@amberroom.app and we'll delete the account immediately.

Changes

Material changes to this policy are emailed to all signed-up users at least 14 days before they take effect. Last updated at the top of this page.

Contact

Privacy questions: privacy@amberroom.app. EU representative and DPO contact details available on request.

AmberRoom is operated by the entity listed on the Terms page.