Privacy Policy
EMBELMA — operated by Ultra Solar Energy & Steel Engineering Private Limited · Last updated: 10 July 2026
This Privacy Policy explains how Ultra Solar Energy & Steel Engineering Private Limited ("we", "us", "EMBELMA", "the Service") collects, uses, stores, and protects information when a business owner ("you", "the Client") uses the EMBELMA platform, and when that Client's customers interact with the Client's connected social media accounts through our Service.
EMBELMA is a software service that helps small and medium businesses manage their social media content, generate marketing images, and draft replies to customer messages received on platforms such as Instagram and Facebook. We act as a data processor on behalf of the Client for any end-customer data that flows through the connected accounts.
1. Information We Collect
1.1 Information from Clients (business owners)
- Account information: name, email address, hashed password, business name, and business profile details you enter.
- Business content: brand information you provide — logo, brand colors, business hours, FAQs, promotions, menu/product details, contact information — used to generate on-brand content and replies.
- CRM data you enter: leads, customers, sales, and visit records you choose to store in the Service.
- Uploaded media: photos and images you upload for content and advertisement generation.
1.2 Information from connected social accounts (via Meta Platforms)
When you connect your Instagram or Facebook account, we access — strictly on your behalf and with your authorization — the following through Meta's official APIs:
- Account identifiers: your business account ID and handle, to publish content and route messages correctly.
- Customer messages (DMs): the content of messages your customers send to your connected account, so the Service can draft a reply for your review. We only process messages received by accounts you have explicitly connected.
- Published content metadata: post IDs, permalinks, and engagement metrics (likes, comments, reach) for content published through the Service.
1.3 Automatically collected
- Basic technical/usage logs (timestamps, request status, error logs) needed to operate and secure the Service.
2. How We Use Information
- To provide the Service: generate content and images, draft replies to customer messages, schedule and publish posts you approve.
- To ground AI output in your real business information so it is accurate and on-brand.
- To operate, secure, debug, and improve the Service.
- We do not sell your data or your customers' data to any third party.
- We do not use the content of customer messages for advertising or for training third-party AI models beyond the processing required to draft a reply you review.
3. AI Processing
EMBELMA uses third-party AI providers (including Google Gemini and image-generation providers) to generate content, images, and draft replies. Relevant data (such as your brand information and the text of a customer message) is sent to these providers solely to produce the requested output. Drafted replies are shown to you for review and approval; the Service does not send replies to your customers without a human approval step.
4. Data Sharing
We share information only with:
- Infrastructure and AI sub-processors necessary to run the Service (hosting, database, object storage, AI model providers, social-publishing integration). These providers process data on our behalf under their own security and privacy commitments.
- Meta Platforms — to publish content and access messages on the accounts you connect, under Meta's Platform Terms.
- Legal authorities — only where required by applicable law.
5. Data Retention
We retain your account and business data for as long as your account is active. Customer message data is retained only as long as needed to provide the reply-drafting feature and your records, and is deleted on request (see Section 8). When you close your account, we delete or anonymize your data within a reasonable period, except where retention is required by law.
6. Data Security
- Passwords are stored using strong one-way hashing (bcrypt).
- Each business's data is logically isolated by a tenant identifier so one Client cannot access another Client's data.
- API keys and credentials are stored as server-side environment secrets, never exposed to browsers.
- Remote media fetching is restricted to guard against server-side request abuse.
- Access to production systems is limited and logged.
7. Your Rights
You may access, correct, export, or delete your data. To exercise any of these rights, contact us at swapnilkhanal8@gmail.com. We will respond within a reasonable timeframe.
8. Data Deletion
How to request deletion of your data:
To request deletion of your account data, or the customer-message data associated with your connected accounts, email swapnilkhanal8@gmail.com with the subject line Data Deletion Request and the email address associated with your EMBELMA account. We will verify the request and delete the associated data within 30 days, and confirm by email.
You may also disconnect any social account at any time from within the EMBELMA dashboard, which immediately stops further data access for that account.
9. Children's Privacy
The Service is intended for business use by adults. It is not directed to children, and we do not knowingly collect data from children.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, notifying you.
11. Contact
Ultra Solar Energy & Steel Engineering Private Limited
Chandragiri-14, Kathmandu, Nepal
Email: swapnilkhanal8@gmail.com