Privacy Policy
The data controller for the Ambi application is:
MV Software
4 Prenlas, 19220 Servières-le-Château, France
Email: privacy@ambiai.app
This policy explains how we ("we", "us", "our") collect, use, and protect your personal data when you use the Ambi mobile application and related services.
1. Data we collect
Account data
When you sign in with email, Google, or Apple, we collect your email address, display name, and profile photo. If you use Apple's "Hide My Email", we only receive your relay address.
Content you create
Goals, tasks, habits, routines, conversations with the AI coach, and any other content you enter into the app.
AI memory
Ambi builds a personalised memory of your preferences, context, and progress using semantic embeddings. This allows the AI coach to provide relevant, continuous guidance across sessions.
Analytics and diagnostics
We collect anonymous usage data (features used, session length) and crash reports (device model, OS version, stack traces) to improve the app.
2. Legal basis for processing
Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
- Contract:processing your account data, content, and AI interactions is necessary to provide the Ambi service you signed up for (GDPR Art. 6.1b).
- Legitimate interest:analytics and crash reporting help us maintain and improve the service (GDPR Art. 6.1f). You can opt out of analytics at any time.
- Consent:where required, such as for marketing communications, we will ask for your explicit consent (GDPR Art. 6.1a).
3. How we use your data
- Core functionality:storing your goals, tasks, and habits; providing AI coaching responses.
- Personalisation:using semantic memory to tailor AI responses to your context and history.
- Improvements:analysing usage patterns and fixing crashes.
- Communication:sending service-related notifications (never marketing without consent).
We do not sell your data to third parties.
3. Third-party services
Your data is processed by the following providers, solely to deliver the Ambi service:
| Provider | Data | Purpose |
|---|---|---|
| Google Firebase | Auth credentials | Authentication |
| Anthropic (Claude) | Messages, context | AI coaching responses |
| Groq | Messages, context | AI coaching responses (open-source models) |
| Google (Gemini) | Messages, context | AI coaching responses |
| OpenAI | Text content | Text embeddings for semantic memory |
| Neon (PostgreSQL) | All user data | Primary database |
| Qdrant Cloud | Text embeddings | Semantic memory |
| PostHog | Usage events, device info | Product analytics |
| Sentry | Crash reports | Error monitoring |
| Google Cloud | All data in transit | Backend hosting |
Each provider processes data under their own privacy policy and applicable data processing agreements.
5. International data transfers
Some of our third-party providers are based outside the European Economic Area (EEA), primarily in the United States. When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the provider's participation in recognised data transfer frameworks.
6. AI disclosure
Ambi uses artificial intelligence to generate coaching responses. Your messages are sent to third-party AI providers (listed above) for processing. AI responses are not professional, medical, or therapeutic advice. Ambi is a productivity and accountability tool, not a substitute for professional services.
Semantic memory is used to personalise your experience over time. You can delete your memory data at any time through the app or by contacting us.
7. Data security
- All data is encrypted in transit (TLS/HTTPS).
- Database access is protected by role-based credentials.
- User data is isolated at the application level:each user can only access their own data.
- Authentication is handled by Firebase with industry-standard token management.
8. Data retention and deletion
We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time by:
- Using the delete account option in the app settings, or
- Emailing privacy@ambiai.app.
Upon deletion, all your personal data, conversations, goals, tasks, habits, and semantic memory are permanently removed within 30 days. Anonymised, aggregated analytics data may be retained.
9. Your rights
Under the GDPR and other applicable laws, you have the right to:
- Access your personal data.
- Correct inaccurate data.
- Delete your data.
- Export your data in a portable format.
- Restrict or object to certain processing.
- Withdraw consent for optional data processing.
- Opt out of analytics tracking.
- Lodge a complaint with a supervisory authority.
To exercise any of these rights, contact privacy@ambiai.app. We will respond within 30 days.
10. Children's privacy
Ambi is not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. We will notify you of material changes through the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.