Privacy Policy

Last updated: May 17, 2026

1. Introduction

Ambrose Compliance LLC, a Wyoming limited liability company ("Company," "we," "us," or "our"), respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, API, plugins, and website (collectively, the "Service").

2. Information We Collect

Information You Provide

  • Account Information: Name, email address, company name, and role when you create an account or request a demo
  • Authentication Data: We use third-party OAuth providers (Google, Microsoft, Okta) for authentication. We receive your name and email from these providers but do not store your passwords
  • User Content: Formulations, ingredient lists, compliance documents, and other data you upload to or create within the Service
  • Communications: Information you provide when contacting us, requesting a demo, or submitting support requests

Information Collected Automatically

  • Session Activity: Page views, feature usage, mouse clicks, scroll behavior, form interactions, commands issued, uploads, downloads, timestamps, and session duration. Keystrokes entered into the Service are captured for fraud detection, security monitoring, compliance auditing, and audit-trail generation, excluding sensitive fields such as passwords, OAuth tokens, payment details, and API keys. Free-text input in non-sensitive fields may be captured.
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and referring URLs
  • Analytics: We use PostHog (self-hosted) for product analytics to understand how users interact with the Service

Information from Third Parties

  • OAuth Providers: Basic profile information (name, email) from Google, Microsoft, or Okta when you authenticate
  • API Clients: Information provided by third-party applications that integrate with our API on your behalf

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process your compliance workflows and generate documents
  • Respond to your requests, questions, and demo inquiries
  • Send administrative communications about the Service (e.g., security alerts, updates)
  • Monitor and analyze usage patterns to improve functionality
  • Detect, prevent, and address technical issues or security threats
  • Maintain platform security and prevent fraud
  • Conduct compliance reviews, internal audits, and quality control
  • Resolve disputes, respond to legal requests, and protect our legal rights
  • Provide customer support and respond to user inquiries
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Service Providers: With third-party vendors who assist in operating the Service (e.g., cloud hosting, email delivery), subject to confidentiality obligations
  • Within Your Organization: With other users in your company account as configured by your organization's administrator
  • Legal Requirements: When required by law, regulation, legal process, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With Your Consent: In any other circumstances where you have given explicit consent

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Authentication via industry-standard OAuth 2.0 with PKCE
  • JWT tokens signed with RS256 for session management
  • Role-based access controls within the platform
  • Regular security reviews and monitoring

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We may also retain certain information as required by law, to resolve disputes, or to enforce our agreements. When you close your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law.

Session activity records and audit logs are retained for up to 24 months after the last account activity, unless a longer period is required for legal, security, compliance, dispute-resolution, or investigation purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Data Portability: Request an export of your data in a structured, machine-readable format
  • Objection: Object to processing of your personal information in certain circumstances
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.

8. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. These are strictly necessary for the Service to function and cannot be disabled.

We use PostHog (self-hosted on our infrastructure) for product analytics. This data is not shared with third parties and is used solely to improve the Service.

We do not use third-party advertising cookies or cross-site tracking.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for any such transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Ambrose Compliance
Email: [email protected]