Legal

Privacy Policy

Last updated: April 9, 2026 · Effective: April 9, 2026

Ambect Solutions LLC (“we”, “us”, “our”) operates api.ambect.com and ambect.com. This Privacy Policy explains how we collect, use, and protect your information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable data protection laws.

1. Data we collect

Account data: Name, email address, and billing information when you register.

API usage data: Request metadata including timestamp, endpoint, country code, response time, and API key identifier. We do not store the content of input or output data beyond the request lifecycle.

Communication data: Emails and support messages you send us.

2. How we use your data

  • To provide and operate the Ambect API service
  • To enforce usage limits and process billing via Stripe
  • To detect abuse and maintain security
  • To respond to support requests
  • To send service-related communications (not marketing without consent)

3. Legal basis for processing (GDPR)

We process your personal data under: Contract performance (operating the service you subscribed to), Legitimate interests (security monitoring, fraud prevention), and Consent (marketing communications, where applicable).

4. Data sharing

We do not sell your personal data. We share data only with subprocessors necessary to operate the service. See our Subprocessors page for a complete list.

5. Data retention

Account data is retained for the duration of your subscription plus 90 days after termination. API request metadata is retained for 12 months for billing and analytics purposes. You may request deletion at any time.

6. Your rights

You have the right to access, correct, delete, or export your personal data; to restrict or object to processing; and to withdraw consent. Submit requests to privacy@ambect.com. We respond within 30 days.

7. Cookies

We use strictly necessary cookies for session management only. No advertising or tracking cookies.

8. International transfers

Where personal data is transferred outside the EEA, such transfers are covered by Standard Contractual Clauses (SCCs) where required by GDPR.

9. Contact

privacy@ambect.com