emberdesk

Legal

Privacy Policy

This policy was last updated on 23/03/2026. Emberdesk is a developer tool that connects to your Google Cloud Firestore. This page explains what we collect, how we use it, and where the boundaries are.

What we collect

We collect only what's required to run the product.

This includes:

  • Your Google account information (email, name, profile photo)
  • Basic account metadata (creation date, preferences)
  • An encrypted OAuth refresh token to access Google APIs on your behalf
  • Limited usage data (e.g. queries executed, result sizes, performance metrics)

We do not store your Firestore data on our servers.

Firestore access

Emberdesk connects to your Firestore using Google OAuth.

We request the following scopes:

  • cloud-platform.read-only (read access across Google Cloud services)
  • datastore (required to query Firestore data)

All access is performed:

  • On-demand, based on your actions
  • Using your credentials
  • Within the permissions you explicitly granted

We act as a proxy, not a data store.

Your Firestore data:

  • Is never persisted on our servers
  • Is not copied, indexed, or replicated by us

For performance, collection structure (schemas) may be cached locally in your browser. This data never leaves your device unless you explicitly trigger a query.

How we use data

We use your data strictly to operate and improve the product.

This includes:

  • Executing queries against your Firestore
  • Returning results to your session
  • Measuring performance (latency, payload size)
  • Understanding usage patterns to improve UX and pricing

We log high-level usage events such as:

  • Which collections were queried
  • Number of results returned
  • Approximate payload sizes

We do not log document contents.

Analytics

We use analytics tools to understand how Emberdesk is used.

This may include:

  • Google Analytics (e.g. page views, interactions)
  • Product analytics tools (e.g. feature usage, query frequency)

These tools may receive:

  • Basic device and browser information
  • Interaction events within the app

We do not use session replay or record your screen.

Payments (future)

If and when paid plans are introduced, payments will be handled by third-party providers such as Stripe or Paddle.

We do not store or process your credit card information.

Cookies

We use essential cookies to:

  • Maintain your session
  • Keep the app functioning correctly

Analytics tools may also use cookies to measure usage.

You can disable cookies in your browser, but some features may stop working.

Data retention

Your account data is stored as long as your account exists.

If you choose "Sign Out & Forget", we will:

  • Delete your account data
  • Remove any stored OAuth tokens

This process is immediate and self-service.

Some minimal records may be retained if required for legal or operational reasons.

Security

  • OAuth tokens are stored encrypted at rest
  • All data is transmitted over HTTPS
  • Access to systems is restricted

That said, no system is perfectly secure. You are responsible for securing your Google account and credentials.

What we explicitly do NOT do

  • We do not store your Firestore data
  • We do not train models on your data
  • We do not sell your data
  • We do not inspect your database beyond the queries you initiate
  • We do not share your data with advertisers

If Emberdesk disappeared tomorrow, your data would still be exactly where it was: in your Google Cloud project.

Your control

You are always in control:

  • You can revoke access at any time via your Google Account
  • You can disconnect your project from within Emberdesk
  • You can delete your account and data instantly

Contact

Questions? Reach out at [email protected]