Ambic Digital
SystemsCatalogue StudioCapabilitiesProcessWork
Start a project

AMBIC legal centre

Data Processing Addendum

Baseline processor obligations when Ambic handles personal data for a customer business.

Effective and last updated: 18 July 2026

Roles and instructions

Where a customer determines the purpose and means of processing personal data in an Ambic deployment, the customer is the Data Fiduciary/controller and Ambic is its processor/service provider. Ambic will process that data only on documented instructions in the order, this addendum and necessary support communications, unless law requires otherwise.

Customer obligations

  • Provide lawful instructions, notices and consents and identify the permitted users and purposes.
  • Avoid submitting data that is unnecessary for the service.
  • Determine retention, access and disclosure requirements and respond to individuals unless Ambic is expressly asked to assist.
  • Assess whether the service is suitable for regulated or sensitive workflows before use.

Ambic obligations

  • Limit access to authorised persons under confidentiality duties.
  • Apply safeguards proportionate to the deployment and current product status.
  • Assist reasonably with verified access, correction, deletion, grievance and incident requests.
  • Notify the customer of a confirmed relevant breach without undue delay after obtaining enough reliable information.
  • Delete or return customer personal data at the end of service, subject to agreed backup cycles and legal retention.

Subprocessors

Ambic may use hosting, storage, communications, monitoring, payment and AI providers needed for the service. Ambic remains responsible for selecting providers on suitable terms and will make a current subprocessor description available for a paid production deployment. A customer must raise a documented material objection before the provider is activated; the parties will seek a reasonable alternative, which may change cost or functionality.

Security and audits

Ambic will provide available security and compliance information reasonably needed for the customer’s assessment. Audits must protect other customers, security details and confidential information and should first use existing documents and remote evidence. Bespoke or onsite audits may require a separate fee. A product marked controlled pilot must not be treated as satisfying production controls that its schedule says are incomplete.

International processing and deletion

Processing locations follow the selected providers and deployment. The customer must identify localisation restrictions before configuration. On termination, Ambic will follow the documented export/deletion instruction and may retain isolated copies required for law, security, payment or disputes until the applicable period ends.

Read this document with the Terms of Service, Privacy Policy and any signed order or product schedule.

Return to the Legal Centre

Ambic Digital

We design practical operating systems for growing businesses—connecting people, tools and decisions with less friction.

AI-assisted systems. Human-designed, reviewed and validated.

Company

  • About
  • Services
  • Systems
  • Work
  • Process
  • Workflow & Systems Audit

Legal

  • Legal Centre
  • Privacy Policy
  • Terms of Service
  • Acceptable Use
  • AI & Synthetic Media
  • Refunds & Cancellations
  • Disclaimer

© 2026 Ambic Digital. All rights reserved.

Built in Maharashtra · Working across India

ambicdigital@gmail.com