Privacy Policy
1. Introduction
This Privacy Policy explains how Ambix (“we”, “us”, “our”) collects, uses, stores, and protects information about you when you use the Ambix service (“the Service”). It also explains your rights under applicable data protection law, including the General Data Protection Regulation (GDPR).
By using the Service, you acknowledge that you have read and understood this policy.
If you have questions, contact us at privacy@ambix.ai.
2. Who we are
Ambix is the data controller for personal data processed in connection with the Service. For the purposes of GDPR, we are established in Sweden.
Contact: privacy@ambix.ai
3. What data we collect
We collect only the data necessary to provide and improve the Service.
3.1 Identity and authentication data
When you sign in via a third-party identity provider (such as Google), we receive basic profile information — typically your name and email address — as part of the authentication process. We do not receive or store your password. The identity provider’s own privacy policy governs that part of the process.
3.2 Workspace content
All content you create or interact with in the Service is stored in our database. This includes initiatives, work items, strategic content, objectives, insights, audit trail entries, and any other data you enter into your workspace.
3.3 Usage and activity data
We store records of activity within the Service — such as who created or modified what, and when — as part of the audit trail functionality. This data is tied to your user identity.
3.4 Technical data
We may collect basic technical information such as IP address, browser type, and session data as part of operating and securing the Service.
4. How we use your data
We use your data for the following purposes:
| Purpose | Legal basis (GDPR) |
|---|---|
| Delivering and operating the Service | Performance of contract (Art. 6(1)(b)) |
| Maintaining security and preventing abuse | Legitimate interests (Art. 6(1)(f)) |
| Improving and developing the Service | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your data for advertising, and we do not sell your data to third parties.
5. AI clients and third-party processing
The Service is designed to be used with AI clients that connect via the Model Context Protocol (MCP). When you interact with the Service through an AI client, data you submit may be processed by that AI client and its underlying models. This processing is governed by the AI client provider’s own privacy policy — not this one.
Ambix does not control what data you choose to submit via an AI client, and we are not responsible for how that data is handled by the AI client provider. You are responsible for reviewing and accepting the privacy terms of the AI client you use.
6. Data storage and location
Your data is stored on servers located within the European Union. We currently use Amazon Web Services (AWS) EU infrastructure. Should we change our hosting provider, we will ensure data continues to be stored within the EU or in a country providing an adequate level of protection under GDPR.
7. Sub-processors
To deliver the Service, we use a limited number of third-party service providers (“sub-processors”), including infrastructure providers, authentication services, and operational tooling. All sub-processors are required to handle data in a manner consistent with this policy and applicable law.
A current list of sub-processors is available upon request. We will notify Workspace Owners of any material changes to our sub-processor list that affect how their data is handled.
8. Data retention
We retain your data for as long as your workspace is active. If a workspace is closed or you request deletion, we will delete associated personal data within 30 days, except where we are required to retain it for legal or compliance reasons.
Audit trail data may be retained for longer periods where required by applicable law.
9. Your rights
Under GDPR, you have the following rights regarding your personal data:
- Access — you can request a copy of the personal data we hold about you
- Rectification — you can ask us to correct inaccurate data
- Erasure — you can request deletion of your personal data, subject to legal retention requirements
- Restriction — you can ask us to limit how we process your data in certain circumstances
- Portability — you can request your data in a structured, machine-readable format
- Objection — you can object to processing based on legitimate interests
To exercise any of these rights, contact us at privacy@ambix.ai. We will respond within 30 days.
If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.
10. Workspace Owners and their members
If you are a Workspace Owner, you are responsible for ensuring that members you invite to your workspace are aware of and accept this Privacy Policy. You are also responsible for ensuring that the content you and your members add to the workspace complies with applicable data protection law.
The Service is designed for use cases that include personal data about third parties — such as meeting transcripts, customer insights, or team communications. Ambix acts as a data processor for such content, and our Terms of Service (Section 6) incorporate data processing terms in accordance with Article 28 GDPR. These terms apply automatically to all Workspace Owners and do not require a separate agreement.
11. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include access controls, encryption in transit, and regular security reviews.
No system is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities in accordance with our obligations under GDPR.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will publish the updated policy at ambix.ai/privacy with a new effective date. For material changes — particularly those affecting how we process personal data — we will notify Workspace Owners via email or in-product notification.
13. Contact
For questions about this policy or your personal data, contact us at privacy@ambix.ai or through our website at ambix.ai.
For matters relating to GDPR or data subject rights, you may also contact us by post at our registered address in Sweden (address to be confirmed).
Ambix · Version 1.0 · 2026-06-08