Privacy Policy
Last updated: [INSERT DATE]
Ambar Systems Inc. ("we", "us", or "our") operates the AmbarDigitalHub platform,
accessible at [YOUR-DOMAIN]. This Privacy Policy explains how we collect, use,
disclose, and safeguard your information when you access our platform, purchase products or courses,
enroll in learning programs, or interact with AI-powered features.
1. Information We Collect
1.1 Personal Information You Provide
When you register, purchase, or enroll, we may collect:
- Full name, email address, and phone number
- Billing and shipping address
- Organization or company name
- Job title and professional credentials
- Payment details (processed securely via Stripe or PayPal — we do not store card numbers)
- Course enrollment and completion records
- Certification examination results
1.2 Information Collected Automatically
When you access the platform, we automatically collect:
- IP address and browser/device type
- Pages visited, time spent, and navigation paths
- Referral source and search queries
- Cookies and similar tracking technologies (see Section 5)
1.3 Information from Third-Party Integrations
If you authenticate via external identity providers (e.g., OpenID Connect, SAML, or social logins), we receive your profile information as permitted by those services.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account and tenant profile
- Process purchases, enrollments, and payments
- Deliver courses, certifications, and digital products
- Provide customer support and CRM services
- Operate AI Agent features (AIAgentStudio) that personalize your experience
- Send transactional emails (receipts, enrollment confirmations, certificate delivery)
- Send marketing communications (only with your opt-in consent via our Newsletter feature)
- Analyze platform usage to improve features and performance
- Comply with legal, tax, and regulatory obligations
3. How We Share Your Information
We do not sell your personal data. We may share information with:
- Payment Processors — Stripe, PayPal, or other providers process your transactions under their own privacy policies.
- Tenant Administrators — If your account is part of an organization tenant, the tenant admin may access enrollment records and progress data for reporting purposes.
- Service Providers — Hosting providers, email delivery services, and analytics tools that process data on our behalf under data processing agreements.
- LTI Tool Providers — When you launch external learning tools via LTI 1.3, limited profile data is shared per the LTI specification.
- Legal Compliance — We may disclose data where required by law, court order, or to protect our legal rights.
4. Multi-Tenant Data Isolation
AmbarDigitalHub is a multi-tenant platform. Each tenant's data is logically isolated via tenant-specific
database schemas and connection strings. Users in one tenant cannot access data belonging
to another tenant. Tenant administrators control their own user roles, permissions, and data retention
policies within their tenant.
5. Cookies & Tracking Technologies
We use cookies and similar technologies for:
| Cookie Category |
Purpose |
Duration |
| Essential |
Authentication, session management, CSRF protection |
Session |
| Functional |
Language preferences, theme settings, tenant context |
1 year |
| Analytics |
Usage statistics to improve the platform (e.g., Google Analytics) |
2 years |
| Marketing |
Used only if you subscribe to our newsletter or marketing campaigns |
1 year |
You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent platform functionality.
6. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy. Typical retention periods:
- Account data — retained while your account is active; deleted upon request after a 30-day grace period.
- Transaction records — retained for 7 years for tax and legal compliance.
- Course completion & certification records — retained for the lifetime of the certification program or as required by accreditation bodies.
- Analytics data — aggregated and anonymized after 24 months.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Data portability (receive a copy in machine-readable format)
- Withdraw consent for marketing at any time
- Lodge a complaint with a supervisory authority
To exercise these rights, contact us at [privacy@your-domain.com].
8. Security Measures
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- Encryption at rest for databases and backups
- Role-based access controls (RBAC) and tenant isolation
- Regular security audits and vulnerability assessments
- PCI DSS compliance through certified payment processors
While we take reasonable precautions, no system is 100% secure. If you become aware of a security issue, please contact us immediately.
9. Children's Privacy
Our platform is not directed to individuals under the age of 16. We do not knowingly collect personal
data from children. If you believe we have inadvertently collected such data, please contact us and we
will promptly delete it.
10. International Data Transfers
Our platform infrastructure may be hosted in the United States, Canada, or the European Union. If you
access the platform from another jurisdiction, your data may be transferred internationally. We ensure
appropriate safeguards (such as Standard Contractual Clauses) are in place for cross-border transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date
and, for material changes, notify you via email or a platform notification. Your continued use of the
platform after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us: