EmberMotion Privacy Policy
Last updated: 2026-04-29 · Ember Systems Pty Ltd · Australia only · 18+
The short version
EmberMotion is a general fitness and movement app, built for Australian athletes by a small Australian company. This policy explains what we do with your information when you use the EmberMotion app or visit ember-systems.com.
Three things you should know:
- Your video stays on your phone. EmberMotion uses your phone's camera to measure how you move. The video and the body landmarks we detect from it never leave your device. We never see them, never store them, never send them anywhere.
- We don't sell your data, show you ads, or share with insurers, employers, sponsors, or sports organisations. No advertising IDs, no ad networks, no affiliate partners. Our business model is subscriptions — yours is the only money in our pockets.
- You're in control. You can see what's stored about you, export it as a download, change it, or delete your whole account from inside the app. We keep what we have to keep for as long as we have to keep it, and not a day longer.
If you want the detail, the rest of this policy walks through it section by section. If you only have time for the short version, that's most of it.
1. About this policy
This policy is published by Ember Systems Pty Ltd (ACN 695 871 142), a company registered in Buderim, Queensland, Australia. We're the controller of any personal information you give us, in the sense the Australian Privacy Principles use that word.
Throughout this policy, "we," "us," and "Ember Systems" mean the company. "You" means the person using our Services.
"Services" means:
- ember-systems.com (our website), and
- EmberMotion (our app for iOS and Android).
We've written one privacy policy that covers both. Where something only applies to the website or only to the app, we'll say so.
This policy was last updated on the date shown at the top. We keep an archive of older versions and we'll tell you when we change it materially.
2. Who can use the Services
For now, EmberMotion is available only to people in Australia. The website serves general information to anyone, but signing up for the waitlist or creating an account in the app requires you to be in Australia.
You also need to be 18 or older. You'll confirm you're at least 18 by ticking a box when you create your account. We don't knowingly collect information about anyone under 18.
EmberMotion is a general-fitness product built for healthy adults. When you set up the app, we ask you to complete a quick eligibility check — a short set of yes/no questions confirming the app is the right fit for you right now. You answer these on your device; we don't keep your answers. We record only that you completed the check and when. There's more on this in Section 4.
We'll open the app to other countries in the future. When we do, we'll update this policy with the additional rights and protections that apply to people outside Australia, and we'll tell you about the changes before they take effect.
3. The information we collect
Here's what we collect, broken down by where it comes from.
Information you give us when you sign up
- Email address — we use it to identify your account, send you your results, and (with your permission) send marketing updates.
- Display name — we ask "what should we call you?" so you can choose any name. Most people use their first name or a nickname. We don't ask for or verify your legal name.
- Password — your password is hashed by our authentication system before it touches our database. We never see the password itself.
- Sign-in provider — if you sign in with Apple or Google, we receive an identifier from that provider and (if you let them share it) your email address. We ask for the minimum information needed to set up your account.
Information you give us during your assessment
When you set up a movement assessment in the app, we have a short, voice-driven conversation with you about your training. This covers things like:
- Training profile — age, sex, height, weight, primary sport, and handedness.
- Your training preferences — your goals, the activities you do, the equipment and time you have, how confident you feel moving, and any areas you'd prefer to work around. We use this to tailor your movement summary and training program to you.
We collect this through a voice-driven intake. We process and keep a text record of the conversation so your program reflects what you told us. We don't keep the audio. We're a fitness product, not a health or medical service: we don't ask for, and don't set out to collect, a clinical history, a diagnosis, or a record of injuries, conditions, or symptoms.
Information about areas you'd rather avoid
During an exercise, you can tell the app you'd rather not load a particular area — for example, a shoulder or a knee. You choose a body region only. We use this on your device, in the moment, to adjust what the app suggests, so your program steers around that area. We don't ask you to rate how something feels, describe it, or explain why — and we don't keep that input as a record of your health. What we retain is a simple, region-level note that an area was set to be worked around, so future sessions keep steering around it.
Information we generate from your assessment
Based on what you tell us and the movement assessment, the app produces:
- Your Resilience Score (a general measure of movement quality)
- Your movement map (the areas to focus your training on)
- Movement patterns and left/right differences we measure
- A personalised movement summary and training program
These are performance and training metrics. We keep them so you can track your training across sessions and access your results across devices.
Information about your device and how you use the app
- Device information — your phone model, operating system version, app version, IP address, and crash logs.
- Usage data — which screens you visit, which exercises you complete, how often you use the app, and similar patterns.
- Coarse location — we infer your general region from your IP address. We don't collect your precise location and we don't ask for GPS.
We don't collect advertising identifiers (IDFA on iOS, GAID on Android). We've made this choice deliberately.
Information about your subscription
If you subscribe to a paid plan, the payment itself goes through Apple's App Store or Google Play. We don't see your card number, your billing address, or any payment details. Apple and Google do.
What we do see, through our subscription provider RevenueCat, is which plan you're on, when it started, when it renews, and whether it's active. That's it.
4. The information we don't collect
It's worth being explicit about what doesn't leave your phone, doesn't get stored, or doesn't ever get associated with you. These aren't just promises we intend to keep — they're how the system is built.
- Your video. When you record an assessment, the camera feed is processed entirely on your device. The video itself is never uploaded, never copied, never sent anywhere outside your phone.
- The body landmarks our pose detection generates. When the app detects the position of your joints, those coordinates exist only in memory on your device for the length of the assessment. They aren't saved to disk and they aren't sent to us. We never see them.
- Your eligibility-check answers. The quick yes/no check at sign-up is evaluated on your device and the answers are discarded. We keep only the fact that you completed the check and when — never your individual answers.
- A health, injury, or symptom history. We don't run a symptom questionnaire, and we don't collect or store details of injuries, pain, conditions, or symptoms as health records. When you ask the app to work around an area, we keep only a region-level note, as described in Section 3.
- Your real name. We ask for a display name so we know what to call you. Some people use their real first name, some use a nickname, some use a pseudonym. We don't ask for, verify, or store your legal name.
- Your card details. Apple and Google handle payment. We don't see your card number, CVV, billing address, or anything else attached to your payment method.
- Health data from Apple Health or Google Fit. We don't read from or write to either platform.
- Your contacts, photo library, microphone outside an assessment, or anything else. The app asks for camera permission to do its job. It doesn't ask for anything else and it doesn't read anything else.
5. How we use your information
We use the information we collect to:
Run the Services
Setting up and running your account, taking you through assessments, generating your Resilience Score and program, showing your results across your devices, processing your subscription, and sending you transactional emails (account confirmations, password resets, receipts).
Improve EmberMotion
We analyse the de-identified information we collect — derived metrics, intake responses, usage patterns — to refine our movement-analysis models and to make the app more accurate over time. We don't sell, license, or share this with anyone outside Ember Systems for this purpose. We don't train external AI models on it.
Talk to you
With your permission, we send marketing updates about new features, new content, and what's happening at Ember Systems. You can unsubscribe at any time using the link at the bottom of every email. Push notifications work the same way — you can turn them off in your phone's settings or in the app.
Publish aggregate insights
We may publish or talk about general movement and performance patterns we see across our user base — for example, "Australian CrossFit athletes show this much left/right difference on a given movement on average." These insights are statistical and population-level. They never identify any individual.
Keep things working safely
We use device data and usage logs to investigate problems, detect abuse, and keep the app secure.
Comply with the law
If we have to disclose information to comply with an Australian legal obligation — for example, a court order or a regulator's request — we'll do that and document it.
By creating an account and using the app, you agree to the first two of these (running the Services and improving EmberMotion). The rest are either voluntary on your part (marketing, push notifications) or required by law.
6. Sensitive information
EmberMotion is a general fitness and movement product. It isn't a health or medical service, and it's designed not to collect health information. We don't run a symptom screen, and we don't collect a record of injuries, pain, conditions, or symptoms.
The intake conversation is about your training — your goals, your sport, the equipment and time you have, and any areas you'd prefer to work around. If you happen to mention something about your health in your own words, we don't treat it as a clinical record or build any health assessment from it; we use the conversation only to shape your training program. Where you ask the app to work around an area, we keep only a region-level note (see Sections 3 and 4), not a health record.
Because a free-form conversation can sometimes touch on health, we handle the text record of your intake with the same care the Australian Privacy Principles ask for sensitive information. We use it only for:
- Producing your assessment, movement summary, and training program
- Improving our movement-analysis models (in de-identified form)
We don't share it with insurers, employers, healthcare providers outside Ember Systems, sponsors, sports organisations, or any other third party. You can remove it at any time by deleting your account, which permanently removes the information you've shared (see Section 12).
Important: EmberMotion is not a medical device. It doesn't diagnose, screen for, or monitor any health condition or injury, and its results aren't a medical opinion — they're a measure of how you move, for training. If you have pain, an injury, or any health concern, please see a qualified healthcare professional.
7. Who else processes your data
We rely on a small number of trusted third-party providers to run the Services. These providers process your information on our behalf, under contracts that require them to keep it secure and use it only for what we've engaged them to do.
The current list is:
- Supabase — our database and authentication provider. Stores your account, your assessment results, and your derived metrics. Supabase hosts our project in their Sydney region (ap-southeast-2). Most of your data lives in Australia.
- Vercel — hosts ember-systems.com. Vercel is a US-based company with edge servers in many countries, including Australia.
- AI model providers — provide the language and speech models that power the voice intake and generate your written movement summary and training program. We choose providers based on factors like performance, cost, and reliability, and we may change them over time. We only use providers whose terms prohibit using your data to train their models, and they receive only the text needed to generate that output. The providers we currently use are listed on our sub-processors page (below).
- RevenueCat — manages our paywall and subscription state.
- Apple App Store / Google Play — process subscription payments.
- Google Workspace — handles our email, including replies to messages you send to privacy@ember-systems.com.
- Analytics and error-tracking providers — we use a small number of operational providers for app analytics and error monitoring. The current list is published at ember-systems.com/sub-processors.
We may add or change providers over time. The current list lives at ember-systems.com/sub-processors and we update it whenever a provider changes. If a change is material, we'll let you know by email.
We don't use ad networks, marketing affiliates, or analytics platforms that profile users across apps and websites.
8. Where your data is stored
Most of your information lives in our Supabase project in Sydney. Specifically:
- Your account and profile fields
- Your assessment results and derived metrics
- Your voice intake transcripts
- Your subscription state
This means the bulk of your personal information stays in Australia.
Some processing happens outside Australia, which means your information is disclosed to recipients overseas:
- The AI models we use for voice intake and report generation run on the infrastructure of our AI model providers, primarily in the United States.
- Vercel's edge network may serve our website from servers outside Australia.
- RevenueCat's infrastructure is in the United States.
- Email replies you send to us are processed by Google Workspace.
Where information leaves Australia, we take reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles. We rely on contractual commitments and the providers' own published privacy and security practices.
9. Automated processing and AI
EmberMotion uses automated processing to generate your assessment and program. Specifically:
- Pose detection on your phone identifies the position of your body in real time.
- Our movement-analysis models measure how you move, including left/right differences between sides, as training metrics.
- A language model turns the results into a written movement summary and a personalised training program.
These outputs are training tools, not medical opinions. They're a measure of movement and performance — not a diagnosis, a screen, or a health assessment. They support your training; they don't replace a qualified professional.
If you'd like a human to look at your results — for example, if something doesn't seem right, or you'd like another perspective — email privacy@ember-systems.com and someone from our team will review the assessment with you.
We don't use your personal information to train external AI models. The movement-analysis models inside EmberMotion are refined using only de-identified data, and our AI model providers are engaged under terms that prohibit using our data to train their models.
10. How long we keep your information
We keep your information for as long as we need it to run the Services and meet our legal obligations. Specifically:
When you delete your account, we begin a 30-day soft-delete window during which you can sign back in and recover the account. After 30 days, we permanently delete your information from our primary database. Backup copies are purged on natural rotation, which finishes within 90 days of your deletion request.
11. How we keep your information secure
We've put a number of measures in place to protect your information:
- All connections between your device, our website, and our backend are encrypted in transit using TLS.
- Information stored in our database is encrypted at rest.
- Access to our backend systems is restricted to people who need it, and is protected by multi-factor authentication.
- Database access is governed by row-level security, so each user's data is only accessible to that user (and to our small team for support and operations).
- Administrative actions are logged and auditable.
No system is perfectly secure. If something goes wrong and your information is compromised, we'll let you know. Specifically, where a breach is "eligible" under the Notifiable Data Breaches scheme — meaning it's likely to result in serious harm — we'll notify both you and the Office of the Australian Information Commissioner without undue delay.
Internally, our target is to investigate, contain, and notify within 72 hours of becoming aware of a notifiable breach.
12. Your rights and choices
Australian privacy law gives you a number of rights about your information. We've built tools into the app and website to make these as easy to exercise as possible.
See what we have about you
Most of your information is visible inside the app — your profile, your assessment history, your programs. If you want a complete picture, you can request a copy by emailing privacy@ember-systems.com or by using the Export My Data feature in your in-app preferences. We'll send you a CSV or JSON file with everything we hold.
Correct anything that's wrong
You can edit your profile fields directly in the app. For anything else, email us and we'll fix it.
Delete your account
From your in-app preferences, choose Delete My Account. We'll soft-delete your account immediately and permanently delete it 30 days later. If you change your mind during the 30 days, just sign back in.
Withdraw consent
Marketing emails, optional analytics, and any other consent-based processing can be turned off from your in-app preferences screen, or by clicking the unsubscribe link at the bottom of any marketing email.
Complain
If you think we've handled your information badly and we haven't fixed it after you've raised it with us, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au.
We aim to acknowledge any privacy request within 7 days and substantively respond within 30. We may need to verify your identity before disclosing or deleting information — usually this is straightforward (we'll ask you to confirm something only the account holder would know).
13. Marketing and notifications
We send two kinds of communication:
Transactional messages
Account confirmations, password resets, subscription receipts, deletion confirmations, and similar. We send these because you've signed up for the Services and they're necessary to provide them. You can't opt out of these as long as your account is active.
Marketing messages
Updates about new features, content, and what we're building. We only send these with your permission, which you give when you sign up for the waitlist or check the marketing box in your preferences. Every marketing email has a one-click unsubscribe link in the footer. Unsubscribing takes effect immediately.
Push notifications
If you enable push notifications, we may send you reminders about training sessions, new programs, or news from Ember Systems. You can turn these off at any time in your phone's settings or in the app preferences.
We don't send marketing SMS messages.
14. Cookies on our website
ember-systems.com uses a small number of cookies, all of them strictly necessary to make the website work:
- Authentication cookies that keep you signed in if you have an account
- Security cookies that help us prevent fraud and abuse
- Anti-CSRF cookies that protect form submissions
We don't use advertising cookies, social media tracking cookies, or third-party analytics cookies. For website analytics, we use Vercel Analytics, which is cookieless and doesn't set any tracking identifiers.
The app doesn't use cookies — apps don't work that way. App-side analytics is first-party only and configurable from your in-app preferences.
15. Children
EmberMotion is for adults. If you're under 18, please don't use the Services or sign up for the waitlist.
If we learn we've inadvertently collected information from someone under 18, we'll delete it. If you believe we have information from a child, email privacy@ember-systems.com and we'll investigate.
16. Changes to this policy
We update this policy from time to time. When we make a change that materially affects how we collect or use your information, we'll do all of these:
- Email everyone with an account
- Show a notice in the app the next time you open it
- Update the "Last updated" date at the top of this policy
- Keep an archive of the previous version, available on request
For minor changes — fixing a typo, adding a new sub-processor of the kind we've already disclosed, clarifying language — we'll just update the date and the text.
17. How to contact us
For anything to do with this policy or your information, write to:
- Email: privacy@ember-systems.com
- Privacy Officer: Calvin Atkinson
- Mailing address: Ember Systems Pty Ltd, Buderim, Queensland, Australia
We aim to acknowledge privacy emails within 7 days. For substantive responses, allow up to 30 days, although most things we resolve sooner.
If you've contacted us and you're not satisfied with how we've handled your concern, you can take it to:
Office of the Australian Information CommissionerGPO Box 5288, Sydney NSW 2001
1300 363 992
oaic.gov.au