Legal

Privacy Policy

Amber holds a lot about your business, because that is what makes her useful. This page says exactly what she keeps, who else sees it, how long it stays, and what deleting really deletes. Where the answer is awkward, it is written here anyway.

Version 2026-07-15. In effect from 15 July 2026.

1. Who is responsible

Amber is a service operated by Qualia LP, a limited partnership formed in Ontario, Canada, and Qualia LP is responsible for the personal information described here. Canadian federal privacy law, the Personal Information Protection and Electronic Documents Act, applies to us. If you live in California, or in another place with its own privacy law, see section 11.

Privacy questions and requests go to hello@heyamber.cloud, and a person reads them. You can also write to us at 2967 Dundas Street West, Suite 207d, Toronto, Ontario M6P 1Z2, Canada.

This policy covers this website and the Amber application. It does not cover the other companies you connect Amber to, who each have their own policies.

2. This website collects nothing

The site you are reading sets no cookies, runs no analytics, and loads no trackers. There is no banner to dismiss because there is nothing to consent to. That is a deliberate choice and we intend to keep it.

Everything below is about the Amber application, which starts when you sign in.

3. What we collect

Your account

Your email address, and your name and profile picture if you give them. That is all we hold about you as a person. We do not collect your phone number, your address, or your date of birth. Your password and any social sign-in are handled by our sign-in provider, and we never see your password.

If you leave your profile picture on the default setting, your browser asks Gravatar for one using a scrambled form of your email address. That tells Gravatar, a service of Automattic, that someone at your address loaded a page. You can upload a picture or use your initials instead, and then nothing is sent.

What you and Amber create

Your spaces, chats, tasks and their full working history, documents, skills, published site content, and files you upload. Amber reads all of it, because she cannot do the job otherwise.

When you upload an image, we send it to an AI model that writes a short description of what is in it, and we store that description so Amber can find and use the image later. If an image contains something you would rather not have described and stored, do not upload it.

What Amber remembers about you

Amber keeps a memory. She records short quotes and summaries drawn from your chats, tasks, and comments, notes where each came from, and distils them into standing facts about you and your business. This is how she stops asking you the same question every week.

You can switch this off. Personalisation is a per-person, per-space setting, and turning it off stops her learning from you. You can also erase what she has already learned about you, and that erasure is a real deletion, not a flag.

Your messages

If you use Amber's email channels, we store the full message: sender, recipients, subject, body text, a cleaned version of any HTML, and attachments. This includes email other people send to your Amber address, so it includes information about correspondents who never signed up with us. We store a cleaned version of inbound HTML rather than the raw original. The same applies to Telegram if you connect it.

Billing, and how we defend against fraud

Your subscription, invoices, credit balance, and usage. Card numbers go straight to Stripe and never reach our systems. From Stripe we do keep the last four digits of the card, its brand, its country, and the results of the security checks, such as whether the address and security code matched and what the fraud score was.

Separately, we record certain facts to prove a payment was genuine if it is ever disputed. When you sign up, sign in, or check out, we store your IP address, your browser's user agent, and a device fingerprint. Section 4 explains that fingerprint, because you should know what it is.

Technical logs

For signed-in requests we log the route, the status, how long it took, your IP address, your user agent, and the page that referred you. We do not log request bodies, cookies, or authorisation headers. We keep a record of your sign-ins and sign-outs with the same details, plus your time zone and language.

4. The device fingerprint, plainly

This is the part most policies hide, so here it is in the open.

When you sign up, sign in, or check out, your browser builds a fingerprint of your device. It combines your user agent, platform, languages, screen size and colour depth, and time zone with a canvas signal, which means we draw a shape to an invisible canvas and read back the result, because different devices render it slightly differently. All of that is hashed into one value, which is stored in your browser's local storage and sent to us with those events.

We use it to prove a real device made a real purchase when a payment is disputed, and to spot one person quietly running many accounts. We do not use it for advertising and we do not sell it. But it is stored on your device and it identifies that device across visits, so we are not going to call it anything other than what it is.

Clearing your browser's local storage removes it, and a new one is made next time. Your browser's cookie and site data controls cover it too. Aside from this, Amber uses local storage only for ordinary things: your sign-in session, drafts, and preferences.

5. Why we use it

To run Amber and let her do the work you ask for. To sign you in and keep your account safe. To take payment and defend against fraud and chargebacks. To keep the service working, debug it, and understand failures. To reply when you contact us. To meet legal obligations.

Under Canadian law we rely on your consent, which you give by using Amber, and which for anything beyond running the service you can withdraw at any time. Some of it we are required to keep regardless, and section 8 says which.

We do not sell your personal information, and we never have. We do not use your content to train AI models, and we do not let it be used to train the models we call.

6. Who else sees it

Amber is built on other companies' infrastructure, and your data reaches them so she can work. These are involved for every account:

WhoWhat forWhat reaches them
Supabase
United States
Database, sign-in, and live updates Your account details and everything you and Amber create.
Anthropic
United States
The AI models behind Amber The chats, tasks, documents, and context Amber reasons over.
Fly.io
United States (Ashburn, Virginia)
Running the application servers All data passing through Amber while she works.
Cloudflare
Global network
File storage, website hosting, published sites Files you upload, media Amber generates, and published site content.
Stripe
United States
Subscriptions and payments Your email address and payment details. Card numbers go to Stripe directly and never reach us.
Resend
United States
Sending and receiving email Addresses, subjects, message bodies, and attachments.
Apify
European Union
Collecting public web and social data you ask Amber to study The handles, links, and search terms you give her.
Automattic (Gravatar)
United States
Your default profile picture A scrambled form of your email address, sent from your browser.

These are only involved if you switch the feature on or connect the account:

  • Replicate. Generating images and video. Replicate runs models from OpenAI and Google on our behalf, so your prompts and source images can reach them through it.
  • E2B. A sandbox where Amber can run code she writes.
  • Exa. Web search. Your search wording is sent as written.
  • Browserbase. Letting Amber browse a site for you. Sessions can be recorded.
  • ElevenLabs. Turning scripts into speech.
  • Telegram. Talking to Amber over Telegram.
  • Meta. Your Facebook and Instagram pages and ads, and conversion reporting.
  • Shopify. Your store, products, and orders.
  • Firecrawl. Reading a page you point Amber at.
  • Zernio and PostForMe. Publishing to your social accounts.
  • AutoDS and RapidAPI. Product data for online stores.
  • Sentry. Error reports, with personal details switched off.

We also share when the law requires it, when we must protect someone's safety or our rights, and, if we are ever bought or merged, with the buyer. In that last case we would tell you before your information became subject to a different policy.

7. Where your data lives

Amber runs in the United States. Our servers are in Ashburn, Virginia, and our database is in the eastern United States. Files sit on Cloudflare's global network, which does not pin storage to one country, so we cannot promise a specific region for uploaded files.

This means your information is stored and processed outside Canada, and while it is in another country it can be reached by that country's courts and authorities under that country's law. If that is not acceptable for your business, Amber is not the right tool for you.

8. How long we keep it

  • Your account and content. Until you delete it or close your account. Section 9 has the detail.
  • Messages in your channels. Kept for as long as the space exists. There is no automatic clean-up, because it is your conversation history and deleting it is your call, not a maintenance job. Delete the space and it goes.
  • Technical logs and sign-in history. 180 days.
  • Website visitor analytics. 180 days.
  • Task working history. 90 days for the fine-grained events. Traces expire on their own schedule.
  • Space activity. 365 days.
  • Read notifications. 90 days.
  • Billing and tax records. As long as tax and accounting law requires, which is longer than your account.

One exception matters. If a payment is disputed and we need the evidence, we place the related records under a legal hold, and while that hold is on they are exempt from the clean-ups above and are kept for as long as the dispute needs. That includes the IP addresses, user agents, and device fingerprints tied to the payment.

9. What deleting actually deletes

You can close your account from your settings. Most policies stop there. Here is what really happens.

Gone for good. Every space you own, and with it every task, chat, document, file, and integration in it. Your subscriptions, notifications, digest settings, memberships, and credit account. Your sign-in identity and password.

Kept, with your name taken off. Your billing ledger, invoices, and usage records stay, unlinked from you, because accounting history has to survive. Your technical logs and sign-in history stay for their normal 180 days, unlinked. The fraud evidence from section 3, including IP addresses, user agents, device fingerprints, and card last four digits, also stays unlinked, and if it is under a legal hold it stays until the hold lifts.

Kept as an empty shell. Your user record is not removed. It is emptied out: your email is replaced with a meaningless one, and your name and picture are erased. The empty row remains so that references elsewhere do not break.

Not yours to delete. Spaces you joined but do not own belong to their owner, and their content stays.

So closing your account is a thorough erasure of your content and a partial one of your records. We would rather tell you that than let you assume otherwise. If you want the remaining records erased too, write to us and we will do what the law lets us do.

10. Your rights

Wherever you live, you can:

  • ask what we hold about you and get a copy;
  • correct anything wrong;
  • ask us to delete it, subject to section 9;
  • withdraw your consent, by closing your account;
  • switch off Amber's memory of you, and erase what she has learned;
  • take your content with you.

Write to hello@heyamber.cloud. We answer within 30 days, and we will not charge you or make the service worse because you asked.

If we handle it badly, you can complain to the Office of the Privacy Commissioner of Canada. We would rather you told us first.

11. If you are in California

California's privacy law binds businesses over certain thresholds, and we are below them, so it does not currently apply to us. We are setting the rights out anyway, because you should have them regardless of our size, and we would rather offer them now than when a revenue line forces us to.

You can ask to know what we collect and why, get a copy, correct it, delete it, and limit how sensitive information is used. Sections 3 and 9 answer the first and the fourth in advance.

We do not sell personal information and we do not share it for cross-context behavioural advertising, so there is no opt out to offer and no "Do Not Sell" link to click. We will not discriminate against you for exercising any of this. Requests go to the same address, and if the thresholds ever catch us, this section becomes binding rather than voluntary.

Other states with similar laws, and Quebec, are treated the same way: ask us and we will honour it.

12. Data from your website visitors

If you use Amber's analytics pixel on your own site, the visitor data it gathers is yours, not ours. You decide what is collected, we hold it on your instructions, and we do not use it for anything of our own.

The pixel records pages viewed, referrer, campaign tags, click identifiers, device type, country, and the user agent. It does not store visitors' IP addresses: an IP is scrambled with a secret before it is written down and the original is discarded. That scrambled value is still information about a person, so we treat it as such rather than calling it anonymous.

Two things you need to know as the one responsible for those visitors. The pixel's consent requirement is off unless you turn it on, so if your visitors are owed a consent prompt, switching it on is your job. And if you connect Meta, conversion data is forwarded to Meta from our servers, which happens whether or not a visitor's browser blocks trackers. Your own privacy notice needs to say so.

13. Security

Every space's data is separated at the database itself, so one customer's query cannot reach another's rows. Traffic is encrypted, data is encrypted at rest by our providers, private files are served only through short-lived links, and error reports have personal details switched off. Access to production is limited to those who need it.

No system is perfectly secure, and anyone who tells you otherwise is selling something. If a breach affects you, we will tell you and the regulator as the law requires.

14. Children

Amber is for business use by adults. We do not knowingly collect information from anyone under 18. If we find we have, we delete it. If you think a child has signed up, tell us.

15. Changes

We will update this page as Amber changes. Material changes get a new version number and we will tell you before they take effect. The version at the top is the current one, and the version you agreed to is recorded against your account.

16. Contact

hello@heyamber.cloud for anything on this page: a question, an access request, a deletion request, or a complaint. By post: 2967 Dundas Street West, Suite 207d, Toronto, Ontario M6P 1Z2, Canada.

See also the Terms of Service.