LEGAL

Privacy Policy.

How AMBA collects, uses, protects, and shares your data when you use our safety and emergency response platform.

Last updated: July 2026

1. Introduction

This Privacy Policy describes how AmBa Technology Solutions Limited ("AMBA", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our services, including the AMBA mobile application, website, and connected safety infrastructure.

We respect your privacy and are committed to protecting your personal data. This policy explains how we use, store and share the information we collect about you, how you can exercise your rights in respect of that information, and the procedures that we have in place to safeguard your privacy.

By using AMBA, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Data We Collect

Personal data means any information about an individual from which that person can be identified. We collect different types of personal data depending on how you interact with AMBA:

CategoryData Items
Identity & Contact Name, email address, phone number, profile photo, emergency contact details
Location Data Real-time GPS coordinates, location history during active SOS alerts and shared trips, geofenced area data for organizations
Device & Technical IP address, device type, operating system, app version, unique device identifiers, browser type
Usage Data App interaction patterns, feature usage, SOS alert history, Safe Circle activity, incident reports submitted
Audio & Media Background audio recordings captured during active SOS alerts (stored temporarily, up to 30 seconds)
Organizational Organization access codes, role assignments, department information (for connected institutional users)

Anonymous Data

We also collect anonymized and aggregated data that cannot be used to identify you personally. This includes statistical information about app usage, incident type trends, and regional safety analytics. This data is used to improve our services and is not linked to any identifiable individual.

3. How We Collect Your Data

We use different methods to collect data from and about you:

  • Directly from you: When you create an account, set up your Safe Circle, submit an incident report, or contact our support team.
  • Automatically: When you use the app, we automatically collect technical data (IP address, device info) and location data (with your permission). Location tracking is only active when you explicitly enable it or during an active SOS alert.
  • From your device: With your consent, we may access your contacts to help you build your Safe Circle, and your microphone to capture background audio during SOS alerts.
  • From connected organizations: If you link your account to an organization (estate, university, workplace), we receive your organization access code and role information from that organization's administrator.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide core safety services: Routing SOS alerts to your Safe Circle and connected organization responders, sharing your live location during emergencies, and documenting incidents.
  • To manage your account: Creating and maintaining your user profile, authenticating your identity, and enabling app features.
  • To improve our services: Analyzing usage patterns, identifying technical issues, and developing new safety features.
  • To communicate with you: Sending service notifications, security alerts, app updates, and responding to your inquiries.
  • For organizational dashboards: Providing authorized responders with real-time alert data, incident history, and safety analytics scoped to their organization only.
  • For legal compliance: Fulfilling our legal obligations, responding to lawful requests from authorities, and protecting our rights.

We will never use your personal data for purposes unrelated to safety and emergency response without your explicit consent.

6. Who We Share Data With

We do not sell your personal data to third parties. We only share your data in the following limited circumstances:

  • Your Safe Circle: During an SOS alert, your live location and alert details are shared with the contacts you have designated as your Safe Circle.
  • Connected organizations: If you link to an organization, authorized responders within that organization can see your alert data and location during active emergencies. They cannot see your data when no alert is active.
  • Service providers: We use trusted third-party providers for hosting (AWS), analytics, and customer support. These providers are contractually bound to protect your data and only process it on our instructions.
  • Legal authorities: We may disclose data when required by law, such as in response to a court order, subpoena, or to protect public safety.
  • Business transfers: If AMBA is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, subject to the same privacy protections.

7. Data Security

We take the security of your personal data seriously, especially given the sensitive nature of safety and emergency response information. We implement the following security measures:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Role-based access: Access to personal data is strictly limited to authorized personnel who need it to perform their job functions. Organization responders can only access data scoped to their organization.
  • Security monitoring: We maintain continuous monitoring for unauthorized access attempts, data breaches, and anomalous activity.
  • Regular audits: We conduct regular security assessments and penetration testing of our infrastructure.
  • Staff training: All AMBA employees and contractors with data access undergo privacy and security training.
  • Incident response: We have established procedures to detect, respond to, and notify users of any data breaches as required by law.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our protections.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Account data: Retained for the duration of your active account. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law.
  • SOS alert data: Alert logs and location history are retained for 12 months to support incident investigation and organizational compliance requirements.
  • Audio recordings: Background audio captured during SOS alerts is retained for 7 days, then automatically deleted.
  • Incident reports: Retained for 24 months to support safety analytics and organizational reporting.
  • Technical logs: Anonymized technical data may be retained indefinitely for service improvement and security analysis.

When we no longer have a legitimate business need to process your personal data, we will either delete it or anonymize it. If deletion is not immediately possible (for example, because data is stored in backup archives), we will securely isolate it from further processing until deletion is feasible.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right to access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): You can request that we delete your personal data, subject to legal retention requirements.
  • Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
  • Right to data portability: You can request a copy of your data in a structured, machine-readable format.
  • Right to object: You can object to our processing of your data based on legitimate interests, including direct marketing.
  • Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time.
  • Right to complain: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise any of these rights, please contact us using the details in the Contact Us section below. We will respond to all requests within one month of receipt, and we may need to verify your identity before processing your request.

10. Cookies & Tracking

Our website and app use cookies and similar tracking technologies to enhance your experience and analyze usage:

  • Essential cookies: Necessary for the app and website to function properly (e.g., authentication, session management).
  • Analytics cookies: Help us understand how users interact with our services so we can improve them. This data is anonymized where possible.
  • Preference cookies: Remember your settings and preferences (e.g., language, display options).

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our services.

11. Children's Privacy

AMBA is not intended for use by children under the age of 13 without parental consent. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately.

For users aged 13–17, we recommend that a parent or guardian reviews this privacy policy and helps the minor understand how their data will be used.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service improvements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy.
  • Notify you via email or through the app if the changes are significant.
  • Post a prominent notice on our website.

We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of AMBA after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please contact us:

Data Protection Officer

AmBa Technology Solutions Limited

privacy@amba.africa

You also have the right to make a complaint to the Nigeria Data Protection Commission (NDPC) or your local data protection authority if you believe we have not adequately addressed your concerns.