Data Governance

Our approach to handling data responsibly, transparently, and under Canadian privacy law.

Our commitment

Data governance at Ambar Systems is not a compliance checkbox - it is an engineering principle. AmbarDigitalHub is designed with multi-tenant data isolation, privacy by design, and configurable controls that adapt to the regulatory requirements of the Tenants we serve.

This page describes the governance framework we apply across the Platform, the controls available to Tenant Administrators, and our alignment with major data-protection frameworks - starting with Canada's own.

For the full legal statement of how we handle personal information, see our Privacy Policy.

Governance pillars

1. Data isolation

Tenant data is logically isolated through per-Tenant schemas and connection strings. No cross-Tenant data access is possible at the application layer. Tenant-level encryption keys are available on Enterprise plans.

2. Privacy by design

Collection of personal information is limited to what is necessary for the purpose identified at the point of collection. Purposes are documented in our Privacy Policy and enforced through role-based access control and audit logging.

3. Canadian data residency, by default

Our production infrastructure runs on Microsoft Azure. Where operationally possible, Tenant data is stored and processed in Azure Canada regions (Canada Central and Canada East). Certain ancillary services - for example, specific AI model providers - may process data in other jurisdictions. Those cases are documented in our Privacy Policy and subject to written data-processing agreements.

4. Audit trail

All administrative actions, data-access events, and configuration changes are logged. Logs are tamper-resistant and available to Tenant Administrators through the admin console.

5. Data lifecycle

Configurable retention policies, automated anonymization of inactive accounts, and secure deletion workflows ensure data does not persist beyond its useful life.

Regulatory alignment

Framework	Scope	Status	Platform controls
PIPEDA - Personal Information Protection and Electronic Documents Act	Personal information of Canadian residents	Alignment	Privacy Officer designated; consent-based collection; access- and correction-request workflow; documented purposes; safeguards; breach-notification procedures.
CASL - Canada's Anti-Spam Legislation	Commercial electronic messages sent to Canadian recipients	Alignment	Express-consent capture; identification of sender; functional unsubscribe within 10 business days; records of consent retained.
Quebec Law 25 (formerly Bill 64)	Personal information of Quebec residents	Alignment	Privacy Officer; purpose limitation; impact assessments for new processing activities; breach-notification workflow.
GDPR - General Data Protection Regulation	Personal data of EU/EEA residents	Alignment	Data Subject Access Request (DSAR) workflow; right-to-erasure and data-portability tooling; Data Processing Agreements with sub-processors; Standard Contractual Clauses for cross-border transfers.
PCI DSS - Payment Card Industry Data Security Standard	Cardholder data	Alignment (via processors)	No card numbers stored on Platform servers; payments delegated to PCI-certified processors (Stripe, PayPal); tokenized references only.
SOC 2 - Service Organization Control, Type II	Security, availability, processing integrity, confidentiality	Roadmap	Internal controls in place: audit logging, change management, incident response, access review. Third-party attestation is on our compliance roadmap; contact us for current status.
FERPA - Family Educational Rights and Privacy Act (US)	Student education records (US education customers)	Alignment	Tenant-level access controls for learner records; LTI 1.3 launches share only required claims; enrolment and grade data restricted to authorized roles.

A note on claims. We publish only what we can substantiate. Where a framework is listed as alignment, we have implemented the controls but do not hold an independent certification. Where we are pursuing formal certification, the row says roadmap with current status available on request.

Controls for Tenant Administrators

User and role management

Create custom roles with granular permissions.
Assign module-level access across LmsStudio, CommerceStudio, CrmStudio, AIAgentStudio, PaymentStudio, and EngagementStudio.
Enable multi-factor authentication for admin accounts.
Configure external identity providers (OIDC, SAML).

Data retention and deletion

Configure per-entity retention policies.
Automated anonymization of inactive accounts on a schedule you set.
Bulk data export in JSON or CSV for portability and audit requests.
Secure account deletion with a 30-day grace period.

Audit and reporting

Searchable audit log of administrative and data-access events.
Exportable compliance reports for enrolment, payments, and access.
Configurable alerts for unusual access patterns.
Webhook integration with external SIEM tools.

Encryption and access security

TLS 1.2 or higher for all data in transit.
AES-256 encryption at rest for databases and backups.
Tenant-specific encryption keys available on Enterprise plans.
Automatic session timeouts and IP-based access restrictions.

AI governance

No silent model training. We do not use Tenant content to train public or shared AI models without the Tenant's explicit written consent.
Provider agreements. Where a third-party AI model provider is used, we rely on written agreements that prohibit training use of customer data, in line with provider enterprise terms.
Explicit disclosure. AI-generated content is surfaced as such within the Platform. Users remain responsible for reviewing and verifying AI output before acting on it.
Tenant-level configuration. Tenant Admins can disable specific AI features, restrict them to specific roles, or opt out entirely.
Auditability. AI agent invocations are logged for review through the audit trail.

Incident response

Detect.

Automated monitoring identifies anomalies - unusual access, error spikes, integrity alerts - and notifies our on-call team within minutes.

Contain.

Affected systems are isolated. Multi-Tenant boundaries prevent lateral impact on unaffected Tenants.

Remediate.

Root-cause analysis, patching, and recovery. Affected Tenants are notified in accordance with PIPEDA breach-notification requirements and, where applicable, with GDPR Article 33 timelines.

Review.

Every significant incident produces a post-incident review, process updates, and improvements documented for reference.

To report a security concern, contact security@ambarsystems.ca. We commit to acknowledging every report within one business day.

Data flow (simplified)

A simplified view of how data moves through the Platform:

User Browser
   |  TLS
   v
CDN / WAF
   |
   v
API Gateway --> Microservices --> Tenant Database (Azure Canada)
                   |
                   +--> Stripe / PayPal (tokenized payment refs only)
                   +--> AI Model Providers (per-tenant agreements)
                   +--> LTI 1.3 Tools (required claims only)

All inter-service communication is encrypted. Full payment card numbers never touch Platform storage.

Governance inquiries

Privacy and data-governance requests

Email: privacy@ambarsystems.ca
Post: Privacy Officer, Ambar Systems Inc., 1401-28 Linden Street, Toronto ON M4Y 0A4, Canada

Security incidents

Email: security@ambarsystems.ca

We respond to all privacy and security contacts within one business day, and commit to formal responses within the timelines required by applicable law.

This page is informational. It does not constitute legal advice. If you have specific compliance requirements - for example, sector-specific regulation or contractual obligations to your own customers - consult qualified legal counsel. For the binding legal statement of how we handle personal information, refer to our Privacy Policy.

Subscribe to the newsletter!

Get information about the latest happenings.

Platform
Curriculum
Blog
FAQ

Company
About Us
Contact