How we handle your data.Quietly, and only as needed.

1. Who We Are

Amber & Forge ("we," "us," or "our") is a hospital and clinic consulting firm based in Seoul, Republic of Korea. We provide advisory services to medical institutions across brand, revenue structure, organization & operations, marketing strategy, and team education. We are not a medical provider and do not deliver medical services directly to patients.

Studio: 317 Bongeunsa-ro, Gangnam-gu, Seoul, Republic of Korea.
Privacy inquiries: please use our contact form and write "Privacy" in the message.

2. What We Collect

When you submit our contact or diagnostic form, we collect:

• Name — to personalise our response
• Email address — to respond to your inquiry
• Clinic / organisation name — for context
• Inquiry content — to provide relevant advisory guidance

We do not collect: payment information, patient medical records, or sensitive personal data as defined under GDPR Article 9.

3. How We Use Your Information

We process your personal data for the following purposes and legal bases (GDPR):

• Responding to your inquiry — Article 6(1)(b), pre-contractual steps
• Internal record-keeping — Article 6(1)(f), legitimate interests
• Compliance with legal obligations — Article 6(1)(c)

4. How We Share Your Information

We do not sell your personal information.

We share data with the following processors only as necessary:

• Resend, Inc. — email delivery (USA, EU SCCs + DPA)
• Vercel, Inc. — hosting + form processing (USA + global CDN, EU SCCs + EU-US DPF)
• Notion Labs, Inc. — internal CMS for insights content (USA, EU SCCs)

5. International Data Transfers

We are based in South Korea. If you are located in the EEA or UK, your data will be transferred to and processed in South Korea and the United States.

• South Korea has been granted EU adequacy status under GDPR (Commission Decision 2021).
• United States transfers are covered by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.

6. Cookies

Our website uses minimal cookies:

• Session cookie (strictly necessary) — form submission security (CSRF). Lifetime: session.
• Analytics (Vercel Analytics) — aggregate page-view statistics, no personal identifiers. Lifetime: 30 days.

EU/UK visitors: we request your consent before setting any non-essential cookies via our cookie consent banner. You may withdraw consent at any time.

7. Your Rights

EU / UK Residents (GDPR / UK GDPR)

• Access your personal data
• Correct inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing based on legitimate interests
• Lodge a complaint with your supervisory authority

California Residents (CCPA / CPRA)

• Know what personal information we collect, use, or disclose
• Delete your personal information
• Opt out of sale or sharing — we do not sell personal information
• Non-discrimination for exercising your privacy rights

South Korean Residents (개인정보 보호법 / PIPL)

Under the Korean Personal Information Protection Act, you have the right to access, correct, delete, and request suspension of processing of your personal data.

Japanese Residents (改正個人情報保護法)

Under Japan's amended Act on the Protection of Personal Information (APPI), you have the right to request disclosure, correction, or deletion of your retained personal data.

To exercise any of these rights, please use our contact form and indicate the request type in your message.

8. Data Retention

We retain inquiry data for a maximum of 24 months from the date of last contact. After this period, data is securely deleted. You may request earlier deletion at any time.

9. Confidentiality of Client Engagements

Where we have entered into a consulting engagement with a clinic or hospital, all client information — including operational data, financial records, and patient flow analyses — is held under non-disclosure obligations and used solely for the contracted engagement. No client data is reused for marketing without explicit written permission.

10. Changes to This Policy

We may update this policy periodically. Material changes will be notified on this page. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For all privacy-related inquiries, please use our contact form and indicate "Privacy" in your message.