Skip to content

Privacy Policy

Last updated: March 11, 2026

1. Information We Collect

Waitlist: Email address, and optionally your name, role, and message.

API Keys: Email address associated with your API key. API keys are stored as SHA-256 hashes — we cannot recover the original key.

Contracts: When you create a Ricardian Contract, we store the contract text (human-readable and machine-readable JSON), SHA-256 hash, principal declaration (agent ID, principal name, principal type), and creation metadata.

Signatures: Wallet addresses and ECDSA signatures submitted when signing contracts.

Share Tokens: When you generate a share link, we store the token, associated contract, and expiry date.

2. Lawful Basis for Processing

Under the EU General Data Protection Regulation (GDPR), we process personal data on the following bases:

  • Contract performance (Art. 6(1)(b)): Processing contract data, signatures, and principal declarations is necessary to perform the service you requested — creating, signing, and verifying Ricardian Contracts.
  • Legitimate interest (Art. 6(1)(f)): Hash verification and contract metadata (contract ID, status, dates) are publicly accessible to enable document integrity verification. This serves the legitimate interest of all contract parties and third-party verifiers.
  • Consent (Art. 6(1)(a)): Waitlist subscriptions and marketing communications are based on your explicit consent.

3. Contract Visibility

Ambr follows a private-by-default model for contract data:

  • Public (no authentication): Contract metadata only — contract ID, status, SHA-256 hash, amendment type, and creation date. This enables hash verification without exposing contract content.
  • Private (authentication required): Full contract text, principal declarations, and financial terms require either: (a) the API key of the contract creator, or (b) a valid share token generated by a contract party.
  • Shared (consent-based): Contract parties can generate time-limited share links to grant read access to lawyers, auditors, or counterparties.

4. Data Storage and Security

Your data is stored securely using Supabase with row-level security policies. Data is encrypted in transit (TLS) and at rest. API keys are stored as irreversible SHA-256 hashes. Share tokens expire automatically and are validated server-side using a service-role client (not accessible via public APIs).

5. Data Minimization

We collect only data necessary to provide the service. Public-facing views expose only metadata (no personal data). Share tokens are ephemeral with configurable expiry (default: 7 days, maximum: 1 year).

6. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data. For contracts, this means the human-readable text and principal declaration will be replaced with "[REDACTED]". The SHA-256 hash is preserved to maintain chain integrity for other parties and amendments, but no personal data remains in the hash (it is a one-way function).
  • Portability: Export your contracts in JSON, Markdown, or plain text format via the API or Reader Portal.
  • Objection: Object to processing based on legitimate interest.

We will respond to all requests within 30 days.

7. Third Parties

We do not sell or share your personal information with third parties. Contract data is processed using Anthropic's Claude API for AI-generated contract text — Anthropic does not retain API inputs/outputs for training purposes.

8. Contact

For privacy-related inquiries, data access requests, or erasure requests, contact us at privacy@ambr.run.