Privacy Policy.
How AMBA collects, uses, protects, and shares your data when you use our safety and emergency response platform.
Last updated: July 2026
1. Introduction
This Privacy Policy describes how AmBa Technology Solutions Limited ("AMBA", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our services, including the AMBA mobile application, website, and connected safety infrastructure.
We respect your privacy and are committed to protecting your personal data. This policy explains how we use, store and share the information we collect about you, how you can exercise your rights in respect of that information, and the procedures that we have in place to safeguard your privacy.
By using AMBA, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.
2. Data We Collect
Personal data means any information about an individual from which that person can be identified. We collect different types of personal data depending on how you interact with AMBA:
| Category | Data Items |
|---|---|
| Identity & Contact | Name, email address, phone number, profile photo, emergency contact details |
| Location Data | Real-time GPS coordinates, location history during active SOS alerts and shared trips, geofenced area data for organizations |
| Device & Technical | IP address, device type, operating system, app version, unique device identifiers, browser type |
| Usage Data | App interaction patterns, feature usage, SOS alert history, Safe Circle activity, incident reports submitted |
| Audio & Media | Background audio recordings captured during active SOS alerts (stored temporarily, up to 30 seconds) |
| Organizational | Organization access codes, role assignments, department information (for connected institutional users) |
Anonymous Data
We also collect anonymized and aggregated data that cannot be used to identify you personally. This includes statistical information about app usage, incident type trends, and regional safety analytics. This data is used to improve our services and is not linked to any identifiable individual.
3. How We Collect Your Data
We use different methods to collect data from and about you:
- Directly from you: When you create an account, set up your Safe Circle, submit an incident report, or contact our support team.
- Automatically: When you use the app, we automatically collect technical data (IP address, device info) and location data (with your permission). Location tracking is only active when you explicitly enable it or during an active SOS alert.
- From your device: With your consent, we may access your contacts to help you build your Safe Circle, and your microphone to capture background audio during SOS alerts.
- From connected organizations: If you link your account to an organization (estate, university, workplace), we receive your organization access code and role information from that organization's administrator.
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide core safety services: Routing SOS alerts to your Safe Circle and connected organization responders, sharing your live location during emergencies, and documenting incidents.
- To manage your account: Creating and maintaining your user profile, authenticating your identity, and enabling app features.
- To improve our services: Analyzing usage patterns, identifying technical issues, and developing new safety features.
- To communicate with you: Sending service notifications, security alerts, app updates, and responding to your inquiries.
- For organizational dashboards: Providing authorized responders with real-time alert data, incident history, and safety analytics scoped to their organization only.
- For legal compliance: Fulfilling our legal obligations, responding to lawful requests from authorities, and protecting our rights.
We will never use your personal data for purposes unrelated to safety and emergency response without your explicit consent.
5. Legal Basis for Processing
Under applicable data protection laws, we process your personal data based on the following legal grounds:
- Contractual necessity: Processing necessary to provide the safety services you have requested (account creation, SOS alert routing, location sharing).
- Legitimate interests: Processing for service improvement, fraud prevention, and network security, balanced against your privacy rights.
- Legal obligation: Processing required to comply with applicable laws, such as responding to lawful data requests from authorities.
- Consent: Processing based on your explicit permission, such as optional marketing communications or advanced location features.
- Vital interests: In emergency situations, processing necessary to protect your life or the life of another person.
6. Who We Share Data With
We do not sell your personal data to third parties. We only share your data in the following limited circumstances:
- Your Safe Circle: During an SOS alert, your live location and alert details are shared with the contacts you have designated as your Safe Circle.
- Connected organizations: If you link to an organization, authorized responders within that organization can see your alert data and location during active emergencies. They cannot see your data when no alert is active.
- Service providers: We use trusted third-party providers for hosting (AWS), analytics, and customer support. These providers are contractually bound to protect your data and only process it on our instructions.
- Legal authorities: We may disclose data when required by law, such as in response to a court order, subpoena, or to protect public safety.
- Business transfers: If AMBA is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, subject to the same privacy protections.
7. Data Security
We take the security of your personal data seriously, especially given the sensitive nature of safety and emergency response information. We implement the following security measures:
- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- Role-based access: Access to personal data is strictly limited to authorized personnel who need it to perform their job functions. Organization responders can only access data scoped to their organization.
- Security monitoring: We maintain continuous monitoring for unauthorized access attempts, data breaches, and anomalous activity.
- Regular audits: We conduct regular security assessments and penetration testing of our infrastructure.
- Staff training: All AMBA employees and contractors with data access undergo privacy and security training.
- Incident response: We have established procedures to detect, respond to, and notify users of any data breaches as required by law.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our protections.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
- Account data: Retained for the duration of your active account. If you delete your account, we will delete or anonymize your data within 30 days, except where retention is required by law.
- SOS alert data: Alert logs and location history are retained for 12 months to support incident investigation and organizational compliance requirements.
- Audio recordings: Background audio captured during SOS alerts is retained for 7 days, then automatically deleted.
- Incident reports: Retained for 24 months to support safety analytics and organizational reporting.
- Technical logs: Anonymized technical data may be retained indefinitely for service improvement and security analysis.
When we no longer have a legitimate business need to process your personal data, we will either delete it or anonymize it. If deletion is not immediately possible (for example, because data is stored in backup archives), we will securely isolate it from further processing until deletion is feasible.
9. Your Rights
Depending on your jurisdiction, you have the following rights regarding your personal data:
- Right to access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can request that we correct any inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): You can request that we delete your personal data, subject to legal retention requirements.
- Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
- Right to data portability: You can request a copy of your data in a structured, machine-readable format.
- Right to object: You can object to our processing of your data based on legitimate interests, including direct marketing.
- Right to withdraw consent: Where we rely on your consent, you can withdraw it at any time.
- Right to complain: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
To exercise any of these rights, please contact us using the details in the Contact Us section below. We will respond to all requests within one month of receipt, and we may need to verify your identity before processing your request.
10. Cookies & Tracking
Our website and app use cookies and similar tracking technologies to enhance your experience and analyze usage:
- Essential cookies: Necessary for the app and website to function properly (e.g., authentication, session management).
- Analytics cookies: Help us understand how users interact with our services so we can improve them. This data is anonymized where possible.
- Preference cookies: Remember your settings and preferences (e.g., language, display options).
You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of our services.
11. Children's Privacy
AMBA is not intended for use by children under the age of 13 without parental consent. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately.
For users aged 13–17, we recommend that a parent or guardian reviews this privacy policy and helps the minor understand how their data will be used.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service improvements. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy.
- Notify you via email or through the app if the changes are significant.
- Post a prominent notice on our website.
We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of AMBA after any changes constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please contact us:
Data Protection Officer
AmBa Technology Solutions Limited
You also have the right to make a complaint to the Nigeria Data Protection Commission (NDPC) or your local data protection authority if you believe we have not adequately addressed your concerns.