Ambic Digital
SystemsCatalogue StudioCapabilitiesProcessWork
Start a project

AMBIC legal centre

Data Retention & Security Standard

Default safeguards and deletion principles across Ambic services.

Effective and last updated: 18 July 2026

Data minimisation

Ambic requests only information reasonably needed to provide, secure and support the selected service. Customers must avoid uploading unrelated personal data, passwords, card details, private keys or sensitive identity documents. Production data is not used to train Ambic or third-party models unless the affected customer and individuals give separate, informed permission.

Default retention principles

  • Website enquiries: normally up to 24 months after the last meaningful interaction, unless an engagement or legal record requires longer retention.
  • SmartQR print files: designed for short operational retention and deletion after completion; the exact enforced window must be stated in the deployment order.
  • Catalogue inputs and outputs: retained only for the project, review, delivery and agreed recovery window; the current browser demo sends no image to Ambic.
  • Payment Auditor records: retained according to the customer’s documented accounting, investigation and legal requirements; deletion must preserve required financial evidence and audit integrity.
  • Security and consent records: retained long enough to establish access, permission, incidents and compliance, then deleted or anonymised when no longer necessary.
  • Backups: follow the applicable deployment schedule and may expire later than live records; deletion completes when the relevant backup cycle expires unless immediate isolation is legally required.

Security baseline

  • Least-privilege access, tenant separation and authenticated administrative actions.
  • Encryption in transit and encrypted managed storage before public SaaS launch.
  • Secret storage outside source code, rotation and revocation procedures.
  • Upload validation, size limits, private object access and abuse controls.
  • Logged security-relevant actions, backup testing and incident response appropriate to the deployment.
  • Provider and dependency review before production use.

Deletion, export and legal holds

Requests can be sent to ambicdigital@gmail.com. Ambic will verify authority before exporting or deleting business data. Some records may be retained where required for tax, payment, security, dispute, fraud-prevention or other legal purposes. Where deletion is not immediately possible, access will be restricted and the reason explained where lawful.

Current product status

The three product repositories remain controlled-pilot software and are not represented as completing every control in this standard today. Their product schedules identify current limitations. Public SaaS onboarding remains blocked until storage, identity, observability, billing, recovery and security gates are verified.

Read this document with the Terms of Service, Privacy Policy and any signed order or product schedule.

Return to the Legal Centre

Ambic Digital

We design practical operating systems for growing businesses—connecting people, tools and decisions with less friction.

AI-assisted systems. Human-designed, reviewed and validated.

Company

  • About
  • Services
  • Systems
  • Work
  • Process
  • Workflow & Systems Audit

Legal

  • Legal Centre
  • Privacy Policy
  • Terms of Service
  • Acceptable Use
  • AI & Synthetic Media
  • Refunds & Cancellations
  • Disclaimer

© 2026 Ambic Digital. All rights reserved.

Built in Maharashtra · Working across India

ambicdigital@gmail.com