ember

Privacy Policy

How we look after your data.

UtilitySEO Ltd (trading as ember) takes your privacy seriously. This policy explains what we collect, why, and the rights you have over it. We comply with the UK GDPR and the Data Protection Act 2018.

Effective: 19 April 2026Last updated: 19 April 2026
On this page
01

Who we are

ember is a product of UtilitySEO Ltd, a company registered in England and Wales (Company No. 17055142). Our registered office is 4 Frances Street, Cheadle, SK8 2AE.

For the purposes of UK GDPR, UtilitySEO Ltd is the data controller for your personal data.

Our ICO registration is C1885551. You can reach our data protection contact at support@utilityseo.com.

02

What data we collect

Account data

  • Your name and email address
  • A bcrypt-hashed password (we never see the plain text)
  • Your timezone and account preferences
  • Profile image, if you upload one

Project & content data

  • Posts you draft, schedule, or publish, captions, titles, hashtags, media URLs
  • Comments, tasks, mood-board pins, useful links you create
  • Analytics aggregated from your connected social accounts

Connected social channels

  • OAuth tokens for the social platforms you connect (encrypted at rest)
  • The handle, ID and basic metadata of each connected account

Usage data

  • Anonymised analytics from Google Analytics 4 (page views, clicks, device/browser info)
  • IP address (anonymised) and approximate location for security and fraud prevention
  • Server logs (request timestamps, status codes, error messages)

Payment data

  • If you upgrade to a paid plan, billing is processed by Stripe. We never see or store your full card details.
03

How we use your data

We use your data only to provide and improve ember:

  • To deliver the service, letting you log in, schedule posts, view analytics, collaborate with your team
  • To communicate with you, important account notifications, scheduled-post status emails, security alerts
  • To improve the product, anonymised usage patterns help us understand which features are valuable
  • To prevent abuse, detecting and stopping bots, spam, and unauthorised access
  • To comply with the law, when we're required to retain data for legal or regulatory reasons

We do not sell your data. We do not use your content to train AI models. We do not share your data with advertisers.

05

Who we share data with

We use a small number of trusted third-party service providers to run ember. Each is bound by GDPR-compliant data processing agreements:

  • Vercel Inc., application hosting (US, with EU data residency where available)
  • Railway Corp, database hosting (US/EU regions)
  • Google LLC, anonymised analytics via GA4
  • Stripe Inc., payment processing (PCI-DSS compliant)
  • Social platform APIs, Meta, TikTok, LinkedIn, YouTube, Pinterest etc., when you connect a channel

We may share your data with regulators, law enforcement, or third parties where we're required to by law, or to defend our legal rights.

06

International transfers

Some of our service providers (Vercel, Stripe, Google) are based in the United States. Where data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision to ensure equivalent protection.

07

How long we keep your data

  • Active accounts, we keep your data for as long as you use ember
  • Cancelled accounts, your data is retained for 30 days after cancellation in case you reactivate, then deleted
  • Billing records, kept for 7 years to meet UK accounting requirements
  • Server logs, rotated after 30 days
  • Backups, encrypted backups are rotated weekly and retained for 90 days
08

How we protect your data

  • All traffic to ember is encrypted with TLS 1.3
  • Passwords are hashed with bcrypt (cost factor 12), we never store plain-text passwords
  • OAuth tokens for social platforms are encrypted at rest
  • Database backups are encrypted and access-controlled
  • Production secrets are stored in Vercel's encrypted environment
  • We follow the principle of least privilege for all internal access

No system is 100% secure. If a breach affecting your personal data occurs, we'll notify you and the ICO within 72 hours where required by law.

09

Your rights

Under UK GDPR you have the right to:

  • Access, request a copy of all the data we hold on you
  • Rectify, correct inaccurate or incomplete data
  • Erase, request that we delete your data ("right to be forgotten")
  • Restrict, limit how we process your data
  • Port, receive your data in a machine-readable format (CSV / JSON)
  • Object, object to processing based on legitimate interest
  • Withdraw consent, for processing we do based on consent, at any time

To exercise any of these, email [support@utilityseo.com](mailto:support@utilityseo.com). We'll respond within 30 days.

You also have the right to complain to the Information Commissioner's Office (ICO) at [ico.org.uk](https://ico.org.uk).

10

Cookies and tracking

ember uses a small number of cookies and tracking technologies:

  • Strictly necessary, session cookies that keep you logged in
  • Analytics, Google Analytics 4 with IP anonymisation enabled. We respect your browser's Do Not Track setting.

We do not use third-party advertising cookies. You can control cookies through your browser settings.

11

Children

ember is not intended for use by children under 16. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we'll delete it.

12

Changes to this policy

We may update this policy occasionally. Material changes will be announced by email and on this page at least 30 days before they take effect. The "Last updated" date at the top of this page tells you when it was last changed.

13

Contact us

For any privacy questions, contact:

UtilitySEO Ltd 4 Frances Street Cheadle, SK8 2AE United Kingdom

Email: [support@utilityseo.com](mailto:support@utilityseo.com)