Legal

Privacy Policy

Effective Date: April 26, 2026 · Last Updated: April 26, 2026

Ambix LLC ("Ambix," "we," "us," "our") builds three products that work together as one ecosystem: Ambix POS (the in-store register), Ambix Daisho (the iPhone companion for store owners and managers), and Ambix Kanpai (the loyalty app for shoppers age 21+). This policy explains what information each product collects, how we use and protect it, and the rights you have over your data.

1. Who this policy covers

This policy applies to people who interact with Ambix in the United States, including:

  • Liquor-store owners and employees using Ambix POS on a Mac Mini or iPad register, and using Ambix Daisho on an iPhone.
  • Shoppers age 21 and over using Ambix Kanpai to track loyalty rewards, points, and coupons issued by participating stores.
  • Visitors to our website who request a demo or browse our marketing pages.

Ambix is sold business-to-business: store owners are our customers. The data your store collects from your shoppers (loyalty members, age-verification records, purchase history) is your data — we process it on your behalf as a service provider. Where we collect information directly from a shopper (for example, when a shopper installs Ambix Kanpai), we act as the controller of that data.

2. Information we collect

2.1 Information you provide

  • Demo requests (website): Your name, email, and phone number when you submit our demo form.
  • License activation (Ambix POS & Daisho): The license key issued to your store and the device name/identifier of the Mac Mini or iPhone activating that license.
  • Owner/employee accounts: Employee name, role (Admin / Manager / Cashier), and a hashed-and-salted PIN. We do not store PINs in plain text.
  • Store profile: Store name, address, phone, tax rate, printer settings, and similar configuration.
  • Kanpai shopper accounts: Your U.S. mobile phone number (verified by SMS one-time code), display name, and date of birth (used to confirm you are 21+ and to send birthday rewards).
  • Subscription billing (store owners): When you subscribe, billing details (card number, billing address) are entered directly with our PCI-DSS-compliant payment processor. We receive only a customer reference and subscription status — never your full card number.
  • Owner corrections & lab feedback (Daisho): When an owner corrects something the AI invoice parser got wrong (e.g., a vendor name), we save the original and corrected values so we can improve future parses.

2.2 Information generated by your use of the products

  • Sales & inventory data (Ambix POS): Transactions, line items, prices, quantities, payment method (cash/credit/debit), employee on-duty, register, and timestamp.
  • Customer records the store creates (Ambix POS): If your store enrolls a customer in its loyalty program, the store may save a phone number, optional name, optional birthday, optional email, points balance, tier, last-visit date, and marketing-consent state.
  • Audit logs: Employee actions inside the POS (sign-in, voids, discounts, age verifications, inventory edits) with timestamps. Audit entries record the employee involved and the action; they do not record the customer's identity.
  • Aggregated dashboards (Daisho): Today's revenue, transaction counts, average ticket, hourly breakdowns, low-stock alerts, and approvals — synced from the store's POS.
  • Invoice scans (POS & Daisho): Photos of distributor invoices that owners scan to update inventory. Images are sent to our cloud parser and the structured fields (vendor, line items, totals) are saved to the store's records. See Section 7.
  • Loyalty & coupon activity (Kanpai): Stores you have linked, your points balance, tier, coupons received and redeemed, and the purchase history attributed to your linked customer record at each store (product names, amounts, dates).

2.3 Information collected automatically

  • Device and connection data: Device type (iPad, Mac, iPhone), device name, machine serial number (POS — used to bind a license to a specific Mac Mini), app version, operating-system version, and IP address are observed when your apps connect to our servers.
  • Push-notification tokens: When you enable notifications in Daisho or Kanpai, Apple or Firebase issues a token that lets us deliver alerts (low stock, approval requests, new coupons). Tokens are not used for advertising.
  • Crash and error logs: If an app crashes, the operating system or Firebase infrastructure may transmit a stack trace so we can diagnose the bug. Crash reports do not include sales, customer records, or ID-scan data.

2.4 What we do not collect

  • We do not store images of driver's licenses or passports. When age is verified at the register, we read the date of birth and expiration from the ID, confirm the customer is 21+, and immediately discard the image and any name, address, or document number that was on the ID. Only a pass/fail audit record (with the employee who performed the check, the verification method, and a timestamp) is retained.
  • We do not collect precise location. None of our apps request GPS access.
  • We do not use the microphone, contacts, calendar, health, or photo library beyond the limited uses described in this policy (e.g., picking an invoice image to scan).
  • We do not sell personal information.
  • We do not collect Apple's advertising identifier (IDFA) and we do not run any advertising SDKs in our apps.

3. How we use information

We use the information described above to:

  • Provide, operate, and synchronize the POS, Daisho, and Kanpai apps across your registers and devices.
  • Authenticate users, validate licenses, and tie a license to a specific Mac Mini or iPhone.
  • Process subscription payments through our PCI-DSS-compliant payment processor and prevent fraud and abuse.
  • Help store owners run their business — sales reports, inventory, employee timekeeping, and AI-assisted invoice parsing.
  • Verify that customers buying age-restricted products are 21 or older, and produce a compliance audit trail.
  • Power loyalty programs: track points, issue coupons, and notify Kanpai shoppers about birthdays, rewards, and store events they have opted in to.
  • Improve our AI invoice parser using corrections and labeled examples submitted by owners.
  • Detect, investigate, and respond to security incidents, bugs, and abuse.
  • Comply with our legal obligations, including federal and state alcohol-control laws.

We do not use your information to build advertising profiles, sell to third parties, or train general-purpose AI models on your data.

4. How we share information

We share information only with the categories of recipients below, and only as needed to operate the service.

  • Cloud infrastructure — Google Firebase: All three apps use Google Firebase (Firestore database, Cloud Functions, Cloud Storage, Authentication, App Check, and Cloud Messaging) to store, synchronize, and secure data. Firebase data is hosted in U.S. Google Cloud regions.
  • Payment processor (subscription billing): Subscription billing for store owners is handled by a third-party, PCI-DSS Level 1 certified payment processor. The processor collects card details directly from you; Ambix receives only a customer reference, the last four digits, the card brand, and subscription status. We will name the processor here once billing is live.
  • AI invoice parsing — Anthropic: When you scan a distributor invoice in POS or Daisho, the image is sent through our Cloud Function to Anthropic's Claude API for text extraction. We do not include any customer names, payment data, or ID-scan output in invoice images. See Section 7.
  • SMS verification — Firebase Authentication: Kanpai sends a one-time SMS code through Firebase Authentication to verify the phone number of new shoppers.
  • Public product data: When a UPC barcode is scanned in POS, we may query Open Food Facts or UPC Item DB to look up the product's name and image. The only thing we send is the UPC code.
  • Push notifications — Apple & Firebase Cloud Messaging: Notification tokens are exchanged with Apple Push Notification service and Firebase Cloud Messaging to deliver in-app alerts you have enabled.
  • Your store, if you are a Kanpai shopper: When you redeem a store code in Kanpai, that store's owner can see your linked customer profile, points, and visits at their store — the same way they would see any loyalty member.
  • Legal & safety: We may disclose information when we have a good-faith belief it is required by a valid subpoena, warrant, court order, or other legal process, or to protect the rights, property, or safety of Ambix, our users, or the public.
  • Business transfers: If Ambix is involved in a merger, acquisition, or sale of assets, information may transfer to the successor entity, subject to this policy.

We do not sell or rent personal information, and we do not share it with advertisers or data brokers.

5. Payments and PCI-DSS compliance

Ambix is designed so that full card numbers, CVVs, and magnetic-stripe data never touch our servers or any device we control.

  • In-store payments (Ambix POS): Cards are read by an external, certified payment terminal that communicates directly with the card processor. Our POS receives only the tokenized result of the transaction (approval status, last four digits, card brand, and a processor-issued transaction ID). At the time of writing, in-store card processing is being re-integrated; until that is live, Ambix POS operates in cash-only mode.
  • Subscription billing (license sales): Card details for your Ambix subscription are collected by a third-party, PCI-DSS Level 1 certified payment processor. Ambix's servers never see your full PAN or CVV.
  • Daisho and Kanpai never handle card data — Daisho displays aggregated revenue only; Kanpai displays loyalty rewards and shows no card information.

Our payment partners (the subscription-billing processor and the certified in-store terminal vendor) maintain PCI-DSS Level 1 certification. Ambix LLC follows PCI-DSS guidance applicable to merchants that use validated, out-of-scope payment integrations, including network segmentation, encrypted-in-transit data, and least-privilege access to systems that handle transaction metadata.

6. Age verification & ID scanning

Selling alcohol responsibly is the entire reason Ambix exists. To help store owners comply with state and federal law:

  • Cashiers can scan a customer's driver's license (PDF417 barcode) or passport (machine-readable zone). The image is processed on the device using Apple's Vision framework.
  • We extract only the date of birth and expiration date, calculate whether the customer is 21+, and check that the ID has not expired.
  • The full image, the customer's name, address, document number, and any other ID field are discarded immediately after the check. They are never written to disk, never uploaded to the cloud, and never transmitted to any third party.
  • The audit trail saved to the store's records contains only: the employee who performed the check, the method (license-barcode, passport-MRZ, or manual), the result (pass/fail), and a timestamp.

7. AI-assisted invoice parsing

To save owners hours of manual data entry, Ambix POS and Daisho can scan distributor invoices and automatically extract vendor, line items, quantities, costs, and totals. Here is how that works:

  • You take a photo (or several photos for multi-page invoices) of a paper invoice.
  • The image is JPEG-compressed and sent over HTTPS to our Firebase Cloud Function, which forwards it to Anthropic's Claude API for extraction.
  • Anthropic processes the image, returns structured JSON, and (per their commercial terms) does not retain the input or use it to train their general-purpose models.
  • We save the structured fields and an anonymized parse log to your store's records. The original image is not retained on our servers after parsing succeeds.
  • If you correct a parsed field (e.g., a misread vendor name), the correction is stored as feedback so we can improve future parses. Owner corrections do not include customer or payment data.

8. Data retention

  • Sales, inventory, employee, and audit data is retained for as long as your store keeps an active Ambix subscription, plus a reasonable wind-down period after cancellation. Owners may request export or deletion at any time.
  • Age-verification audit logs are retained as long as required by applicable state alcohol-control law (typically 1–3 years), then deleted.
  • Invoice scan images are deleted after a successful parse; only the structured data and an anonymized parse log are kept.
  • Demo-form leads are retained until we have completed our outreach, or for up to 24 months, whichever is shorter.
  • Kanpai shopper accounts are retained until you ask us to delete the account or your account is inactive for an extended period (typically 36 months).
  • Backups may persist for a short additional period (typically up to 30 days) before being overwritten on schedule.

9. Security

We take reasonable and appropriate steps to protect your information, including:

  • HTTPS/TLS for all data in transit between apps, our cloud, our payment processor, and Anthropic.
  • Server-side rules on every Firestore collection that limit reads and writes to authenticated users tied to the correct store.
  • App Check on Kanpai to deter abuse from non-genuine clients.
  • Employee PINs stored as salted bcrypt hashes — never plaintext.
  • License keys and similar secrets stored on-device in the iOS Keychain or macOS Application Support, scoped to "this device only."
  • Least-privilege admin access, scoped by email, on all administrative cloud functions.

No system is perfectly secure. If we ever discover a breach that affects your personal information, we will notify you and the appropriate authorities as required by U.S. federal and state law.

10. Your choices and rights

U.S. residents have the following choices over their information. State law may give you additional rights — see the state-specific notices below.

  • Access & export: Email us and we will provide a copy of the personal information we hold about you in a machine-readable format.
  • Correction: You can correct your name, birthday, or store linkage in Kanpai's profile screen. Store owners can correct employee records inside Ambix POS.
  • Deletion: You can ask us to delete your account and associated personal information. We may retain records required by law (for example, age-verification audit logs or tax records).
  • Marketing opt-out: You can unsubscribe from marketing emails at any time and turn off push notifications in iOS Settings.
  • Do Not Sell or Share: We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.

State-specific notices

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Indiana, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have additional rights under your state's privacy law, including the right to access, correct, delete, and obtain a portable copy of your personal information, and the right to appeal a denial. Contact us at AmbixPOS@yahoo.com to exercise any of these rights. We will verify your request using the information we already have on file and respond within the time required by your state's law (generally 45 days).

California "Shine the Light": California Civil Code § 1798.83 permits California residents to request a notice describing the categories of personal information we have shared with third parties for their direct marketing purposes. We do not share personal information for third-party direct marketing.

11. Children & minimum age

Ambix Kanpai is intended for individuals 21 years of age or older. We verify date of birth at signup; an account that does not meet the minimum age cannot be created. Ambix POS and Ambix Daisho are business tools used by store owners and employees and are not directed at children. We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us information, contact us and we will delete it.

12. SMS, email & push notifications

  • SMS verification (Kanpai): When you sign up, we send a one-time SMS code to confirm your phone number. Standard message and data rates may apply.
  • Loyalty messaging: If your participating store enables marketing SMS or email through its Ambix loyalty program, you will be asked to opt in before any marketing message is sent. You can text STOP to any marketing SMS or click "unsubscribe" in any marketing email to opt out at any time.
  • Push notifications: Daisho and Kanpai may send push notifications (low stock, approvals, new coupons). You can disable push notifications in iOS Settings at any time. We do not use push notifications for advertising.

13. Where your data is processed

Ambix is a U.S. company and our products are offered only in the United States. Personal information is processed and stored in the United States on Google Cloud and Firebase infrastructure. If you access the apps from outside the United States, you are transferring your information to the U.S.

14. Changes to this policy

We may update this policy as our products change or to reflect new legal requirements. When we make a material change, we will update the "Last Updated" date at the top of this page and, where appropriate, give you notice through the apps or by email. Your continued use of Ambix after a change takes effect means you accept the updated policy.

15. Contact us

If you have questions about this policy, want to exercise any of the rights described above, or want to report a privacy concern, please reach out:

Ambix LLC
Email: AmbixPOS@yahoo.com
Mailing address: Available on request — please email for current correspondence address.

This policy is provided in plain English to help our customers understand it. It is not a substitute for legal advice. If a court determines that any provision of this policy is unenforceable, the remaining provisions remain in full force and effect.