Compliance

Ambect Solutions LLC is committed to operating in compliance with applicable data protection laws and industry standards. This page summarizes our current compliance posture.

GDPR

Ambect Solutions LLC complies with the General Data Protection Regulation (EU) 2016/679. We act as a data processor for API customers and as a data controller for account and billing data. Our obligations are documented in our Data Processing Agreement, which is available to all customers.

• We do not store the content of normalized entity names beyond the request lifecycle
• Request metadata is retained for 12 months for billing and analytics
• Data subject requests are handled within 30 days — contact privacy@ambect.com
• International transfers from the EEA are covered by Standard Contractual Clauses

CCPA

California residents have the right to know what personal data we collect, request deletion, and opt out of sale of personal data. We do not sell personal data. Submit requests to privacy@ambect.com.

Data residency

Infrastructure is currently hosted in the EU (Hetzner, Nuremberg, Germany). All data is processed and stored within the EU. We do not replicate data to non-EU regions.

Subprocessors

We use a limited number of third-party subprocessors to operate the service. A complete list is maintained on our Subprocessors page. We notify customers of material subprocessor changes with at least 10 days notice.

Security practices

See our Security page for a full overview of controls including encryption, access logging, dependency scanning, and responsible disclosure.

Questions

For compliance inquiries, contact privacy@ambect.com.