Privacy Policy
At Ambiki, we take privacy seriously. Ambiki collects and maintains user data in accordance with our core values. We have written this privacy policy to:
- Be clear and in plain language
- Be comprehensive
- Be transparent
- Be accessible
- Enable users to exercise their rights easily and freely
This privacy policy is for SF Ambi, LLC, DBA Ambitious Idea Labs and The Ambiki Web Application Service ("Ambiki"), and was last updated January 19, 2022.
This Privacy Policy does not cover Protected Health Information (PHI) processed on behalf of Ambiki Clients for the purpose of providing the service. Ambiki’s handling of Protected Health Information is governed by the Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Rule (COPPA), Family Educational Rights and Privacy Act (FERPA) and other laws, addressed in our Terms of Service and Business Associate Agreement.
What information does Ambiki collect about me?
Ambiki collects data when you provide it to us when creating a profile and logging in to Ambiki. Ambiki also collects data while you are using the Ambiki Services. This data is collected to provide Ambiki Services to you.
No data is sold to 3rd parties and is collected solely for the purpose of delivering Ambiki Services.
This data is dependent on the interactions you have with Ambiki Services and may include:
-
Personal Information
- Identity Data: includes first name, last name, username or similar identifier, title, date of birth, and gender
- Contact Data: includes names, email address, and phone numbers
- Profile Data: includes your username and password
- Professional Information: includes your license number, Tax ID, calendar, and schedule, if appropriate
- Electronic and visual information: includes your profile picture, photograph, logo, audio, or video, if appropriate
- Communications Data: includes copies of email and SMS messages and your preferences in receiving information from Ambiki
- Transactional Data: includes history of payments to Ambiki
-
Technical Data
- Internet protocol (IP) address
- Login data
- Browser type and version
- Time zone setting and location
- Operating system and platform on the devices you use to access the Ambiki website and service
Cookies
Ambiki uses first party cookies (Ambiki cookies) for login purposes and to distinguish you from other users of our website and to provide and improve Ambiki.
A cookie is a small file stored on your browser or the hard drive of your computer, if you agree. Most browsers allow you to clear, enable and manage cookies, including blocking Ambiki from using cookies - Clear, enable, and manage cookies in Chrome.
Ambiki does not not use any 3rd party cookies or tracking of any kind.
Log Files and Usage Data
Ambiki collects and logs data related to your use of the Ambiki Web Application and service to operate, maintain, analyze, develop, update, and improve Ambiki.
Log file and Usage Data include:
- Uniform Resource Locators (URL)
- Pages you view and their response times (including date and time)
- Download errors
How will Ambiki use my data?
Ambiki uses collected data for various purposes including:
- To provide access to and to maintain Ambiki
- To process orders and fulfill requests
- To provide you with products and services and to personalize your experience
- To allow you to participate in interactive features of Ambiki, if you choose to participate
- To provide customer service, support, and training
- To monitor usage of Ambiki to detect, prevent, or address technical issues
- To provide you with notices about changes to Ambiki, your account, subscription, and billing
- To provide you with news and general information about Ambiki
- Data analysis to improve Ambiki, user experience, and user interface
- To deliver marketing and sales automation (including but not limited to emails, promotion information, new feature information, product updates)
Ambiki collects only the minimum necessary data
In accordance with HIPAA Privacy Rule and industry best practices, Ambiki only collects the minimum Protected Health Information (PHI) necessary to deliver Ambiki.
Will my data be sold to any 3rd party?
No. Ambiki does not sell your data to any 3rd parties. Ambiki does use some external services like Amazon Web Services and Hubspot. Any instance where an external service is used and PHI is involved, Ambiki will enter into a Business Associate Agreement with that service, ensuring your data is protected.
Security
Ambiki takes our responsibility to secure your data very seriously. Ambiki uses a variety of technical, physical, and procedural measures that comply with applicable legal standards to protect and limit access to your data.
Data Retention
Ambiki does not keep data captive or force vendor lock in, you can export your data at any time (while your paid account is active) by contacting Ambiki.
Data retention periods will depend on the type of data provided to or collected by The Ambiki Web Application and Service.
Profile Data
Ambiki Profiles that have not been accessed or logged in to for a period of one (1) year may be deleted or suspended.
You can delete your profile at anytime, however an active and public Ambiki Profile may be necessary to access some features, components, or benefits of The Ambiki Web Application and Service.
Protected Health Information
Data you provide or Ambiki collects, including, but not limited to, client protected health information, Tenalog notes, and treatment details will be retained in accordance with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) 45 CFR 164.530(c).
Access to Protected Health Information data requires an active subscription to Ambiki and a signed and current, Business Associate Agreement (BAA). If you do not have an active subscription, you will need to reinstate your account to retrieve your data.
Organization and Account Data
Data you provide The Ambiki Web Application and Service, for the purpose of creating an account or organization, will be retained for a period of 90 days from paid account termination or cancellation.
After 90 days, your data can be archived for a fee (please contact Ambiki for more details).
Patient Data
This privacy policy does not apply to the personal, Protected Health Information Ambiki collect in order to deliver services. Patient data and Protected Health Information (PHI) are covered in our Business Associate Agreement (BAA) with Covered Entities and is bound by HIPAA law.
Your legal rights to examine
CCPA ("California Consumer Privacy Act") and HIPAA laws provide you with the right to examine, understand, and request to remove or delete the data on you that Ambiki retains.
You have the right to:
- Request access to and receive a copy of the personal data Ambiki retains
- Request correction to any of your personal data Ambiki retains
- Request erasure of any of your personal data Ambiki retains
- Object to the processing of any of your personal data by Ambiki
- Request restriction of the processing of any of your personal data by Ambiki
- Withdraw consent at any time, where Ambiki is relying on your consent to process your personal data
How can I exercise these rights?
You can exercise any of the above rights by contacting Ambiki.
How changes to this policy will be communicated
Ambiki may need to change this policy to address:
- Changes to Ambiki
- New technologies
- Industry practices
- Updated regulatory requirements
- Or for other purposes
If changes to this Privacy Policy are made, Ambiki will notify you by using one or more of these methods:
- Contacting you via the last email address provided to Ambiki
- Posting Notice via Ambiki
- Login prompt
Your use of Ambiki provides consent to receive updates to the Ambiki Privacy Policy using the above methods. Ambiki reserves the right to utilize any or all of the above means of providing you notice to changes to the Ambiki Privacy Policy.
You are responsible for all actions taken under your account. As such, you should protect login data, username, and passwords to prevent unauthorized access to your account.