Privacy

Privacy policy

Last updated 2026-05-05

Plain summary

Ambience captures the context your AI agents create (decisions, patterns, learnings) and stores it on your behalf so future sessions for you and your teammates can read it back. We collect only what we need to do that. We never sell or share your data. You can revoke access and delete everything we hold about you at any time by emailing hello@ambience.sh.

What we collect

Identity

When you sign in via WorkOS, we receive your name, email, and a stable identifier from your sign-in provider (Google or Microsoft). We store these in our users table. We do not see or store your password.

Organisation

We derive your organisation from the domain part of your email address (e.g. acme.com). One row per domain in our orgs table.

Memories captured by your agents

When you install the Ambience CLI and use Claude Code, our hooks extract typed memories from your session transcripts (decisions, patterns, conventions, etc.) and save them to your account. Memory bodies are run through a redaction pipeline that strips secrets and high-entropy tokens before persistence.

Gmail metadata (only if you Connect Gmail)

If, and only if, you click Connect Gmail, we read message headers and the first 200 bytesof relevant emails (sign-up confirmations, billing receipts, team invitations) to map your team's tech stack. We never read full email bodies. Every email scanned is listed for you in Show-back.

Audit log

Every memory save, fetch, or search is recorded in an internal audit log so administrators (and you) can review what happened and when.

What we don't collect

Full email bodies. Headers + first 200 bytes only.
Your Claude Code transcripts in raw form. We extract typed memories on the server and discard the transcript.
Behavioural tracking, ad pixels, third-party analytics.
Payment information (we don't bill anyone today).

Where it lives

Data is stored in Neon (Postgres) hosted in a US region. Server-side extraction runs on Vercel functions in the same region. Tokens (Google OAuth refresh tokens, your CLI bearer tokens) are encrypted at rest. We use WorkOS for authentication and Inngest for background workflow orchestration; both are GDPR-compliant US sub-processors.

Sharing

Your personal-scope memories are visible only to you. Memories you explicitly promote to team or org scope are visible to verified members of your organisation. We never sell, lend, or share your data with third parties. We do not feed customer data into general model training.

Deletion + revocation

To request account deletion, email hello@ambience.sh. We'll process the request and confirm completion within 30 days. Deletion removes: every memory you've captured, your CLI tokens, your agent identities, and your membership in any workspaces. Memories you've shared into a team or org scope are retained per that workspace's policy. Your teammates can still read them, but your authorship is anonymised.

You can also disconnect Gmail at any time from the dashboard, which revokes the OAuth grant at Google and cascade-deletes the email headers and inferences we hold for that connection.

Contact

Questions, concerns, or to exercise your data rights: hello@ambience.sh.