Introduction
Welcome to Ambisius. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our platform.
By using Ambisius, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.
Who We Are
Ambisius is a conversational app-building platform designed for small business owners.
Data ControllerFor the purposes of data protection laws, Ambisius acts as:
- Data Controller for your account information and platform usage data
- Data Processor for the business data you store in your custom applications
Contact Information
- Email: privacy@ambisius.com
- Website: www.ambisius.com/privacy-policy
What Information We Collect
Information You Provide Directly
Account Information
- Phone number (for WhatsApp authentication)
- Email address
- Name or business name
- Profile information
- Payment information (processed through third-party payment processors)
Business Data
- All data you input into your custom applications (inventory, sales, customer records, etc.)
- Product catalogs, prices, descriptions
- Customer information you choose to store
- Employee information (if using team collaboration features)
- Files, images, and documents you upload
Communication Data
- Messages you send through WhatsApp or in-app chat
- Conversations with our AI consultancy feature
- Support requests and correspondence
- Feedback and survey responses
App Configuration Data
- Your app structure and features
- Custom fields and settings
- Permission configurations
- Template selections
Information We Collect Automatically
Usage Data
- Features you use and how often
- Time spent on the platform
- Pages or screens viewed
- Actions taken within your applications
- Error logs and diagnostic data
Device Information
- Device type and model
- Operating system and version
- Browser type and version
- IP address
- Device identifiers (advertising ID, etc.)
- Mobile network information
Location Data
- Approximate location based on IP address
- Precise location (only if you grant permission for location-based features)
Cookies and Tracking Technologies
- Cookies, web beacons, and similar technologies
- Session identifiers
- Analytics tokens
- (See Section 11 for details)
Information from Third Parties
Third-Party Integrations
- WhatsApp profile information (name, phone number)
- Data from payment processors (transaction confirmations, not full payment details)
- Cloud storage providers (if you connect external storage)
Public Sources
- Publicly available business information (for verification purposes)
How We Use Your Information
To Provide and Improve the Service
- Create and manage your account
- Build and customize your applications using AI consultancy
- Process and store your business data
- Enable team collaboration features
- Provide data analytics and insights
- Generate reports and dashboards
- Respond to your queries through chat interfaces
- Deliver notifications and updates
- Process payments and billing
To Communicate with You
- Send service-related announcements
- Provide customer support
- Send feature updates and new releases
- Request feedback and conduct surveys
- Send marketing communications (with your consent)
To Ensure Security and Prevent Fraud
- Verify your identity
- Detect and prevent fraud, spam, and abuse
- Monitor for security threats
- Investigate violations of our Terms of Service
- Protect our legal rights
For Analytics and Research
- Understand how users interact with Ambisius
- Analyze usage patterns and trends
- Improve our AI algorithms and recommendations
- Develop new features and services
- Create anonymized, aggregated statistics
For Legal and Compliance Purposes
- Comply with legal obligations
- Respond to lawful requests from authorities
- Enforce our Terms of Service
- Protect our rights and property
- Resolve disputes
Legal Basis for Processing (GDPR Compliance)
If you are in the European Economic Area (EEA), our legal basis for processing your personal data includes:
- Contract Performance: Processing necessary to provide the Service you've requested
- Legitimate Interest: To improve our Service, ensure security, and conduct business operations
- Consent: For marketing communications and optional features (you can withdraw consent anytime)
- Legal Obligation: To comply with applicable laws and regulations
How We Share Your Information
We do not sell your personal data. We share information only in the following circumstances:
With Your Consent
- When you explicitly authorize us to share information
- When you invite team members to access your applications
- When you enable customer-facing features
Service Providers and Partners
We work with third-party service providers who process data on our behalf:
Infrastructure Providers
- Cloud hosting services (AWS, Google Cloud, Azure, etc.)
- Database services
- Content delivery networks (CDNs)
Communication Services
- WhatsApp Business API
- Email service providers
- SMS providers
Payment Processors
- Payment gateways (we do not store full credit card details)
- Billing and subscription management services
Analytics and Monitoring
- Analytics platforms (Google Analytics, Mixpanel, etc.)
- Error tracking services (Sentry, etc.)
- Performance monitoring tools
Support and Operations
- Customer support platforms
- Helpdesk software
- CRM systems
All service providers are contractually required to protect your data and use it only for specified purposes.
Team Members You Invite
- When you add team members, they can access data according to the permissions you set
- You control what data each team member can see and modify
Legal Requirements
We may disclose your information if required to:
- Comply with laws, regulations, or legal processes
- Respond to government or law enforcement requests
- Enforce our Terms of Service
- Protect the rights, property, or safety of Ambisius, our users, or the public
- Detect and prevent fraud or security issues
Business Transfers
If Ambisius is involved in a merger, acquisition, sale of assets, or bankruptcy:
- Your information may be transferred to the successor entity
- We will notify you before your information becomes subject to a different privacy policy
Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify you:
- Industry statistics and trends
- Usage patterns across the platform
- Research and white papers
Data Security
Security Measures
We implement industry-standard security measures to protect your data:
Technical Safeguards
- Encryption in transit (TLS/SSL)
- Encryption at rest for sensitive data
- Secure authentication mechanisms
- Regular security audits and penetration testing
- Intrusion detection systems
- Firewalls and network security
Organizational Safeguards
- Access controls and least-privilege principles
- Employee training on data protection
- Background checks for personnel with data access
- Confidentiality agreements
- Incident response procedures
Infrastructure Security
- Secure data centers with physical access controls
- Regular backups with encryption
- Disaster recovery plans
- Multi-factor authentication for administrative access
Your Responsibilities
- Keep your login credentials confidential
- Use strong passwords
- Log out when using shared devices
- Enable two-factor authentication if available
- Report suspicious activity immediately
Data Breach Notification
- If we discover a data breach that affects your personal data, we will notify you as required by law
- Notifications will include the nature of the breach, potential consequences, and remedial measures
- We will report breaches to relevant authorities within required timeframes
Limitations
- No system is 100% secure—we cannot guarantee absolute security
- You use the Service at your own risk
- You are responsible for securing your own devices and networks
Data Retention
How Long We Keep Your Data
Account Data
- Retained while your account is active
- Retained for 90 days after account deletion (for recovery purposes)
- Some data may be retained longer for legal or compliance reasons
Business Data
- Retained while your account is active
- Available for export before account deletion
- Deleted within 90 days of account termination (unless you request earlier deletion)
- Backup copies deleted according to backup retention schedules (typically within 6 months)
Communication Data
- Chat conversations retained for 2 years for quality assurance and AI training
- Support tickets retained for 5 years for legal compliance
Usage and Analytics Data
- Aggregated analytics retained indefinitely
- Individual usage logs retained for 1-2 years
Financial Records
- Payment and billing data retained for 7 years (legal requirement)
Data Retention After Termination
- You can export your data before terminating your account
- After account deletion, we retain minimal information for fraud prevention and legal compliance
- Some anonymized data may be retained for analytics
Your Privacy Rights
Depending on your location, you may have the following rights:
Access and Portability
- Right to Access: Request a copy of the personal data we hold about you
- Right to Portability: Receive your data in a structured, machine-readable format
Contact privacy@ambisius.com or use the data export feature in your account settings
Correction and Deletion
- Right to Rectification: Correct inaccurate or incomplete personal data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
Update information in your account settings or contact us
Restriction and Objection
- Right to Restrict Processing: Request limitation of how we use your data
- Right to Object: Object to processing based on legitimate interests
Contact privacy@ambisius.com with your request
Withdraw Consent
- Where processing is based on consent, you can withdraw consent at any time
- This does not affect the lawfulness of processing before withdrawal
- You can manage consent preferences in your account settings
Marketing Communications
- Right to Opt-Out: Unsubscribe from marketing emails
Click "unsubscribe" in emails or adjust settings in your account
Complaint to Authorities
- You have the right to lodge a complaint with a data protection authority
- In Indonesia: Ministry of Communication and Informatics
- In the EU: Your local supervisory authority
Response Time
- We will respond to rights requests within 30 days (or as required by local law)
- We may request verification of your identity before fulfilling requests
- Some requests may be limited or denied if exceptions apply under law
International Data Transfers
Cross-Border Transfers
- Your data may be transferred to and processed in countries outside your residence
- We use cloud infrastructure providers with global data centers
- Data may be stored in: United States, Singapore, European Union, or other regions
Safeguards for International Transfers
When transferring data internationally, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs): EU-approved contracts for international transfers
- Adequacy Decisions: Transfers to countries with adequate data protection (as recognized by relevant authorities)
- Service Provider Agreements: Contractual obligations requiring data protection
- Encryption: Data encrypted in transit and at rest
Indonesian Data Localization
- We comply with Indonesian data protection regulations
- Critical personal data of Indonesian users may be stored in Indonesia
- Cross-border transfers comply with Ministry of Communication and Informatics requirements
Your Business Data and Customer Privacy
You Are the Data Controller
- For customer data you collect through your applications, you are the data controller
- Ambisius is merely the data processor
- You are responsible for complying with data protection laws for your customers
Your Responsibilities
You must:
- Obtain necessary consents from your customers
- Provide privacy notices to your customers
- Honor your customers' privacy rights (access, deletion, etc.)
- Ensure lawful processing of customer data
- Implement appropriate security measures
- Report data breaches to your customers and authorities as required
Data Processing Agreement (DPA)
- For customers subject to GDPR or similar laws, we offer a Data Processing Agreement
- The DPA outlines our responsibilities as a data processor
- Request a DPA by contacting privacy@ambisius.com
Sub-Processors
- We may use sub-processors (cloud providers, etc.) to process your business data
- A list of sub-processors is available upon request
- We will notify you of changes to sub-processors
Cookies and Tracking Technologies
What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve the Service.
Types of Cookies We Use
Essential Cookies
- Required for the Service to function
- Authentication and session management
- Security features
- Cannot be disabled
Analytics Cookies
- Track usage patterns and performance
- Help us understand how users interact with Ambisius
- Google Analytics, Mixpanel, etc.
- Can be controlled through cookie settings
Functional Cookies
- Remember your preferences and settings
- Improve user experience
- Can be controlled through cookie settings
Marketing Cookies
- Track effectiveness of marketing campaigns
- Personalize content and ads
- Third-party advertising platforms
- Can be disabled through cookie settings
Third-Party Cookies
We may allow third parties to place cookies on our website:
- Google Analytics
- Facebook Pixel
- LinkedIn Insights
- Other marketing and analytics platforms
Managing Cookies
Browser Settings
- Most browsers allow you to control cookies through settings
- You can block, delete, or receive warnings about cookies
- Blocking essential cookies may affect Service functionality
Cookie Preferences
- Manage cookie preferences in your account settings
- Opt out of analytics cookies while keeping essential cookies
Do Not Track
- We currently do not respond to Do Not Track (DNT) signals
- You can use browser plugins to manage tracking
Mobile App Tracking
- Mobile apps may use similar technologies (device identifiers, SDKs)
- Manage preferences through device settings (e.g., "Limit Ad Tracking" on iOS)
Children's Privacy
- Ambisius is not intended for children under 18 (or the age of majority in your jurisdiction)
- We do not knowingly collect personal data from children
- If we discover we've collected data from a child, we will delete it promptly
- If you believe we have data from a child, contact us at privacy@ambisius.com
AI and Machine Learning
How AI Uses Your Data
- Our AI consultancy feature analyzes your inputs to generate app recommendations
- We use conversation data to improve AI accuracy and relevance
- Machine learning models may be trained on anonymized usage patterns
Data Used for AI Training
- Chat conversations (anonymized)
- Feature configurations (aggregated)
- Usage patterns (anonymized)
- Error reports and corrections
Opting Out of AI Training
- You can request that your conversations not be used for AI training
- Contact privacy@ambisius.com with your request
- This may limit some personalization features
AI-Generated Insights
- AI may analyze your business data to provide insights and recommendations
- This analysis happens within your private application environment
- Your business data is not shared with other users or used for other purposes
Third-Party Links and Integrations
Third-Party Websites
- Ambisius may contain links to third-party websites
- We are not responsible for the privacy practices of third-party sites
- We encourage you to read their privacy policies
Third-Party Integrations
- You may choose to integrate with WhatsApp, payment processors, etc.
- These services have their own privacy policies
- Connecting integrations may share data with those services
- You can disconnect integrations at any time
- We use WhatsApp Business API to provide conversational interfaces
- Your interactions are subject to WhatsApp privacy policies
- We receive message content to process your requests
- You can delete message history by contacting us
Changes to This Privacy Policy
Updates
We may update this Privacy Policy from time to time
Material changes will be notified via:
- Email to your registered address
- In-app notification
- Prominent notice on our website
Effective Date
- Changes become effective 30 days after notification (or immediately if required by law)
- Your continued use after changes constitutes acceptance
- If you disagree with changes, you may terminate your account
Previous Versions
Previous versions of this Privacy Policy are archived and available upon request
Regional-Specific Information
For Users in the European Economic Area (EEA)
- Data Controller: Ambisius [Legal Entity Name and Address]
- EU Representative: [If applicable]
- Legal Basis: See Section 4
- Data Subject Rights: See Section 8
- Data Protection Authority: Your local supervisory authority
- Cross-Border Transfers: See Section 9
For Users in Indonesia
Compliance
We comply with:
- Electronic Information and Transactions Law (UU ITE)
- Government Regulation No. 71 of 2019
- Ministry of Communication and Informatics regulations
- Data Localization: Indonesian citizens' data may be stored domestically
- Oversight: Ministry of Communication and Informatics
- Rights: Indonesian users have rights to access, correct, and delete personal data
For Users in California (CCPA)
California residents have additional rights:
- Right to Know: What personal information we collect, use, and share
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
Contact privacy@ambisius.com
For Users in Other Regions
- We respect privacy laws in all jurisdictions where we operate
- Contact us for region-specific information
Quick Summary (Not Legally Binding)
This summary is for convenience only. The full Privacy Policy above is the binding document.
What We Collect
- Account info (phone, email, name)
- Business data you store in your apps
- Usage data and device information
- Chat conversations with our AI
How We Use It
- Provide and improve the Service
- Build your custom apps with AI
- Process payments
- Send updates and support
- Ensure security
How We Protect It
- Encryption (in transit and at rest)
- Secure infrastructure
- Access controls
- Regular security audits
Your Rights
- Access and export your data
- Correct or delete your data
- Opt out of marketing
- Lodge complaints with authorities
Sharing
- We don't sell your data
- We share with service providers (cloud hosting, payment processors)
- We share when legally required
- You control team member access
Contact Us
- Email: privacy@ambisius.com
- We're here to help with any questions!
By using Ambisius, you acknowledge that you have read and understood this Privacy Policy.
Let's Start
Ready to fix what's slowing down your business?
Stop wasting time on manual tracking. Build your personalized business app in minutes—no cost to begin.
No credit card required
Free forever (Starter)