Alembic

Privacy Policy

Last updated: March 24, 2026

Introduction

Alembic ("we", "our", or "us") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

Account Requirements

Alembic can be used without an account. You can write, format, and export micro-essays as a guest without providing account details. Guest drafts can be saved and loaded as local .alembic files containing editor state configuration at the time of saving, to which our server is completely agnostic.

We also collect anonymous feature telemetry for product analytics (see "Anonymous Feature Telemetry" below). This telemetry does not include user identity, content, device fingerprinting, or cross-site tracking.

An account is only required if you want to:

  • Store drafts across devices via cloud
  • Create and store custom themes

If you choose to create an account, the data collection practices outlined below apply.

Data Controller

Lauri Paronen
Email: support@alembic.space

Information We Collect

Account Information

  • Email address (required for authentication)
  • User ID (generated by Supabase Auth)
  • Authentication credentials (hashed and encrypted by Supabase)

Content Data

  • Micro-essay drafts you save in your account
  • Draft titles and content
  • Custom themes you save (typography, colors, overlays)

Anonymous Feature Telemetry

When you use Alembic, we may record certain product interaction events.

Telemetry includes only:

  • Event name
  • Timestamp

Telemetry does not include:

  • Name, email, user ID, IP-based profiling, or precise location
  • Device fingerprinting data
  • Draft or editor content
  • Cross-site activity

Current event categories include: page views, exports, copy actions, opening Shader Lab from copy flow, feedback submissions, theme changes, slide additions, and share interactions.

Authentication Methods

We support email and password authentication via Supabase Auth.

How We Use Your Data

We use your information to:

  • Provide and maintain the service
  • Authenticate your account
  • Store and retrieve your drafts and themes
  • Understand aggregate product usage through anonymous event telemetry

We do not:

  • Sell your personal data
  • Use your data for advertising or marketing
  • Share your data with third parties except service providers (Supabase)
  • Track your behavior across other websites
  • Use third-party analytics tools (no Google Analytics, Mixpanel, etc.)

Telemetry is first-party, event-based, and used only for internal product improvement and reliability.

Technical logs: Our hosting providers (Cloudflare, Supabase) collect basic infrastructure logs (requests, errors) necessary for service operation and security.

Data Storage and Infrastructure

Hosting Provider

Your data is stored using Supabase, a backend-as-a-service platform built on PostgreSQL and hosted on Amazon Web Services (AWS).

Key details:

  • Provider: Supabase Inc. acts as our data processor
  • Security: All data is encrypted in transit (TLS/SSL) and at rest (AES-256 encryption)
  • Infrastructure: Hosted on AWS with enterprise-grade security

Database Tables

We store the following data in Supabase:

  • drafts: Your draft content, titles, timestamps, and associated theme IDs
  • user_settings: Your subscription status
  • telemetry: Anonymous event records containing only event name and timestamp

Data Retention

  • Active accounts: Data is retained while your account is active
  • Deleted data: When you delete drafts or themes, they are immediately removed from the production database
  • Backups: Encrypted backups may retain deleted data for up to 30 days before permanent deletion

Third-Party Services

Supabase (Data Storage & Authentication)

  • Purpose: Database, authentication, and backend infrastructure
  • Data shared: Email, user ID, draft content, theme data, anonymous telemetry events (event name + timestamp)
  • Privacy policy: https://supabase.com/privacy

Your Rights

Access

You can access all your data through the editor interface by viewing your drafts and saved themes.

Export

  • Content export: You can export your micro-essays as PNG or SVG images at any time
  • Database export: Currently not available. Contact us if you need your raw database data.

Deletion

  • Drafts: Delete individual drafts from the editor
  • Themes: Delete custom themes from your theme library
  • Account deletion: Currently in development. To delete your account, contact support@alembic.space

GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA):

Legal basis for processing:

  • Contractual necessity: To provide the service you've signed up for
  • Legitimate interest: To improve and secure our service

Your GDPR rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent

International data transfers:

  • Data is processed on AWS servers (region determined by Supabase configuration)
  • Supabase and AWS provide adequate safeguards through standard contractual clauses

To exercise your GDPR rights, contact: support@alembic.space

CCPA Compliance (California Users)

If you are a California resident:

Information we collect:

  • Email address (identifier)
  • Draft and theme content (personal information)

Your CCPA rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

We do not:

  • Sell your personal information
  • Share your information for cross-context behavioral advertising
  • Collect sensitive personal information beyond email

To exercise your CCPA rights, contact: support@alembic.space

Data Security

We rely on Supabase's security infrastructure to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing via Supabase Auth
  • Database access controls managed by Supabase
  • AWS enterprise-grade security standards

No method of Internet transmission is 100% secure. While Supabase implements industry-standard protections, absolute security cannot be guaranteed. Read more about Supabase's security policies here.

Data Breaches

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours
  • Report to relevant authorities as required by law
  • Take immediate steps to secure the system and prevent further breaches

Children's Privacy

Alembic is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email if you have an account.

Contact Us

For privacy-related questions or to exercise your rights:

Email: support@alembic.space
Data Controller: Lauri Paronen

For GDPR or CCPA requests, please include "Privacy Request" in your email subject line.

© 2026 Lauri Paronen. All rights reserved.