Ember
Privacy Policy
Effective date: June 12, 2026
Ember is an email warmup and deliverability service operated by 1Labs AI Studio (One Infinity Labs, Inc.). Because Ember connects directly to mailboxes you own, the most important sentence in this policy is this one: we never read the content of your real mail. Ember reads only its own warmup threads — messages it sent, identified by a header it added — and the folder each one landed in. This policy spells out exactly what that means.
What we collect
Account data
- Email address and password hash for your Ember account. Email verification is required at signup.
- Billing status: your plan and subscription state. Payment details are held by Polar, our merchant of record, under its own policy — we never see card numbers.
Mailbox credentials
- The IMAP/SMTP credentials you provide (typically an app password, plus host, port, and TLS settings) are encrypted with AES-256-GCM before they are written to our database. The encryption key lives outside the database.
- Credentials are never logged, never returned by any API, and never displayed back to you after entry.
- Disconnecting a mailbox destroys its credentials immediately. There is no soft delete and no recovery — to reconnect, you enter them again.
Warmup data — the only mailbox data we touch
- Warmup-thread metadata: sender and recipient (both inside your fleet), subject line, timestamps, and warmup events (sent, opened, replied, marked important, rescued from spam) for messages carrying Ember's
X-Ember-Idheader. - Folder placement of warmup messages: whether each warmup email landed in the inbox, spam, or promotions. This placement is the entire measurement behind your charts and health scores.
- Nothing else. We do not read, store, index, or analyze your real correspondence — not subjects, not bodies, not senders, not attachments. If a message does not carry our header, Ember does not touch it beyond the folder scan needed to find its own messages.
What we never collect
- The content of your real (non-warmup) email, in any form
- Your contacts or address book
- Recipient lists of any kind — Ember has no feature that accepts them
- Analytics cookies or trackers on this marketing site (see the Cookie Policy)
How we use the data
To run the warmup engine (scheduling, pairing mailboxes in your fleet, sending and answering warmup mail), to compute placement reports and health scores, to send you transactional email (verification, password reset, billing notices) via Resend, and to enforce plan limits and the Acceptable Use Policy. We do not sell data, we do not share it with advertisers, and we do not use your data to train models.
Retention and deletion
- Mailbox credentials: destroyed the moment you disconnect the mailbox, and when your account is deleted.
- Warmup events and placement data: kept while the mailbox is connected so your charts have history; deleted within 30 days of disconnecting the mailbox or deleting your account.
- Account data: kept while your account is active; deleted within 30 days of account deletion, except records we must keep for tax or legal reasons (held by Polar).
Your rights
If you are in the EEA, UK, or a jurisdiction with similar rights, you can request access, correction, export, or deletion of your data by emailing privacy@1labs.ai. Deleting your account from the settings page accomplishes the same thing without the email.
Where data lives
Data is processed by a short list of subprocessors — database, hosting, transactional email, and billing. The current list, with regions, is maintained at DPA & Subprocessors. Note that warmup email itself transits your mail providers (Google, Microsoft, or your IMAP host) — it moves between your own mailboxes and is subject to those providers' terms and policies.
Changes
If we change this policy, we update the effective date above and notify you by email about material reductions in protection. We will not quietly broaden what we collect.
Contact
privacy@1labs.ai · Contact page. Ember is a product of One Infinity Labs, Inc.