Ambassify classifies all information it handles to ensure appropriate protection at every stage. Clear classification helps us apply the right security controls and meet our obligations to you.

Classification Levels

All data at Ambassify falls into one of three classification levels.

  • Confidential: The highest level of protection. Includes customer data, personally identifiable information (PII), financial data, authentication credentials, and source code
  • Restricted: Internal information that requires controlled access. Includes internal policies, legal documents, and contracts
  • Public: Information intended for open distribution. Includes marketing materials and release notes

Data Handling

Handling requirements are determined by the classification level of the data.

  • Encryption: Confidential data is encrypted both at rest and in transit
  • No Removable Media: Confidential data is never stored on removable media such as USB drives or external hard disks
  • Device Protection: Secure device configuration and protection is required for all data handling activities
  • Need-to-Know Access: Access to data is granted strictly on a need-to-know basis, aligned with the principle of least privilege

Retention and Disposal

We retain data only for as long as it serves a clear purpose.

  • Purpose-Based Retention: Data is retained only as long as necessary to fulfill the purpose for which it was collected
  • Regular Reviews: Data retention periods are reviewed regularly to ensure compliance with legal and business requirements
  • Post-Contract Removal: Customer data is removed within 30 days after contract termination
  • Systematic Disposal: Defined disposal processes ensure data is removed consistently and securely when no longer needed

Data Destruction

When data reaches the end of its lifecycle, it is destroyed securely.

  • Secure Methods: All data types are destroyed using industry-standard secure destruction methods
  • Certificate of Destruction: A certificate of destruction is provided upon request for customer data
  • Consistent Standards: Destruction practices follow recognized industry standards to prevent data recovery

Annual Review

Our data classification and handling procedures are reviewed on a regular cycle.

  • ISMS Review: The ISMS team conducts an annual review of all data classification and handling procedures
  • Regulatory Alignment: Reviews ensure continued alignment with regulatory requirements and evolving business needs