Privacy Policy

At Ambiki, we take privacy seriously. Ambiki collects and maintains user data in accordance with our core values. We have written this privacy policy to:

This privacy policy is for SF Ambi, LLC, DBA Ambitious Idea Labs and The Ambiki Web Application Service ("Ambiki"), and was last updated January 19, 2022.

This Privacy Policy does not cover Protected Health Information (PHI) processed on behalf of Ambiki Clients for the purpose of providing the service. Ambiki’s handling of Protected Health Information is governed by the Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Rule (COPPA), Family Educational Rights and Privacy Act (FERPA) and other laws, addressed in our Terms of Service and Business Associate Agreement.

What information does Ambiki collect about me?

Ambiki collects data when you provide it to us when creating a profile and logging in to Ambiki. Ambiki also collects data while you are using the Ambiki Services. This data is collected to provide Ambiki Services to you.

No data is sold to 3rd parties and is collected solely for the purpose of delivering Ambiki Services.

This data is dependent on the interactions you have with Ambiki Services and may include:


Ambiki uses first party cookies (Ambiki cookies) for login purposes and to distinguish you from other users of our website and to provide and improve Ambiki.

A cookie is a small file stored on your browser or the hard drive of your computer, if you agree. Most browsers allow you to clear, enable and manage cookies, including blocking Ambiki from using cookies - Clear, enable, and manage cookies in Chrome.

Ambiki does not not use any 3rd party cookies or tracking of any kind.

Log Files and Usage Data

Ambiki collects and logs data related to your use of the Ambiki Web Application and service to operate, maintain, analyze, develop, update, and improve Ambiki.

Log file and Usage Data include:

How will Ambiki use my data?

Ambiki uses collected data for various purposes including:

Ambiki collects only the minimum necessary data

In accordance with HIPAA Privacy Rule and industry best practices, Ambiki only collects the minimum Protected Health Information (PHI) necessary to deliver Ambiki.

Will my data be sold to any 3rd party?

No. Ambiki does not sell your data to any 3rd parties. Ambiki does use some external services like Amazon Web Services and Hubspot. Any instance where an external service is used and PHI is involved, Ambiki will enter into a Business Associate Agreement with that service, ensuring your data is protected.


Ambiki takes our responsibility to secure your data very seriously. Ambiki uses a variety of technical, physical, and procedural measures that comply with applicable legal standards to protect and limit access to your data.

Data Retention

Ambiki does not keep data captive or force vendor lock in, you can export your data at any time (while your paid account is active) by contacting Ambiki.

Data retention periods will depend on the type of data provided to or collected by The Ambiki Web Application and Service.

Profile Data

Ambiki Profiles that have not been accessed or logged in to for a period of one (1) year may be deleted or suspended.

You can delete your profile at anytime, however an active and public Ambiki Profile may be necessary to access some features, components, or benefits of The Ambiki Web Application and Service.

Protected Health Information

Data you provide or Ambiki collects, including, but not limited to, client protected health information, Tenalog notes, and treatment details will be retained in accordance with The Health Insurance Portability and Accountability Act of 1996 (HIPAA) 45 CFR 164.530(c).

Access to Protected Health Information data requires an active subscription to Ambiki and a signed and current, Business Associate Agreement (BAA). If you do not have an active subscription, you will need to reinstate your account to retrieve your data.

Organization and Account Data

Data you provide The Ambiki Web Application and Service, for the purpose of creating an account or organization, will be retained for a period of 90 days from paid account termination or cancellation.

After 90 days, your data can be archived for a fee (please contact Ambiki for more details).

Patient Data

This privacy policy does not apply to the personal, Protected Health Information Ambiki collect in order to deliver services. Patient data and Protected Health Information (PHI) are covered in our Business Associate Agreement (BAA) with Covered Entities and is bound by HIPAA law.

Your legal rights to examine

CCPA ("California Consumer Privacy Act") and HIPAA laws provide you with the right to examine, understand, and request to remove or delete the data on you that Ambiki retains.

You have the right to:

How can I exercise these rights?

You can exercise any of the above rights by contacting Ambiki.

How changes to this policy will be communicated

Ambiki may need to change this policy to address:

If changes to this Privacy Policy are made, Ambiki will notify you by using one or more of these methods:

Your use of Ambiki provides consent to receive updates to the Ambiki Privacy Policy using the above methods. Ambiki reserves the right to utilize any or all of the above means of providing you notice to changes to the Ambiki Privacy Policy.

You are responsible for all actions taken under your account. As such, you should protect login data, username, and passwords to prevent unauthorized access to your account.