Operational Insights: Ambio Life Sciences

Here's what we understood from our conversation. Read it at your own pace, flag anything that's not quite right, and we'll walk through it together on the call.

Prepared June 2026 Based on discovery call + research AZ1.AI Inc. (Coditect)

Before Our Follow-Up

This analysis was built from our discovery conversation and additional research. On our next call, we'll walk through it together, confirm what we got right, and discuss next steps.

Scroll through at your own pace. Flag what jumps out.

Scope note: This is CODITECT's understanding of the call, not a neutral assessment, and not a proposal, quote, or contract (AZ1.AI is a prospective vendor). Clinical points are what Ambio reported; regulatory points are context to navigate, not legal advice. The recommendations on this page are AZ1.AI Inc. (CODITECT)'s; David Chen, as architect and likely builder, would own the implementation.

Your Operation As We Understand It

A small team, a large dataset, an open regulatory door

Clinical Programs

Treatment: Ibogaine from iboga root bark
Indications: Opioid-use disorder + longevity and alternative-treatment care
Care setting: Program-specific treatment homes
Dataset: Ambio reports the world's largest growing clinical dataset on ibogaine treatment

Supply Chain & IP

Source: Gabon root bark
Export license: UN Nagoya Protocol (CEO-held)
Community benefit: Bwiti-community benefit-sharing agreement
Processing: GMP facility, Mississauga, Canada
IP: Patent-filed cardiotoxicity safety protocols

Company Profile

HQ: Vancouver, Canada
Founders: Abhi Pushparaj and David Q Chen (both ex-BenchSci)
CEO: Jonathan Dickinson
Regulator: Active NIDA discussions underway
Research: Dalhousie University mitochondrial effects study in preparation

The Footprint

From a Gabonese forest to a regulator's desk

Source / treatment home Processing HQ Regulator presentation (US)

From Our Conversation

A lean team running a multi-jurisdiction clinical operation against an August clock

You need compliant data infrastructure to turn locally-held records into a regulator-ready evidence package, starting with a near-term cardiac-telemetry analysis, on a foundation that respects where each jurisdiction's data must live.

What We Heard

The priorities you raised

No EMR or patient-data infrastructure

Patient records exist locally at each treatment home without a unified, governed system. There is no structured intake, no common schema, and no mechanism to query across sites without manually aggregating files.

Priority #1 · Critical

Data sovereignty and aggregation across jurisdictions

Malta sits under GDPR. Mexico has LFPDPPP and COFEPRIS oversight. Patient data cannot leave each jurisdiction without a proper legal basis, which means any aggregation layer must respect residency while enabling analysis.

Priority #2 · Critical

Cardiac-telemetry and blood-work analysis for regulators

The immediate need is a traceable, analysis-ready pipeline for cardiac-telemetry and blood-work data to support the cardiotoxicity safety argument with FDA and NIDA. This is the August deliverable.

Priority #3 · Immediate

▲

End-of-summer deadline: aggregated data to FDA and NIDA

Ambio has committed to presenting an aggregated regulatory evidence package by August 2026. The timeline is firm. Any infrastructure built must be operational and producing analysis-ready output within weeks, not months.

High · August 2026

A Realistic Way to Hit August

Telemetry first (Phase 1.0), the full EMR next (Phase 2)

A complete multi-jurisdiction EMR in under 60 days would be aggressive. Our recommendation: stand up CODITECT as the secure ingestion vault for the cardiac-telemetry data first, guaranteeing an FDA/NIDA-ready package by August, then build the full EMR on the same governed foundation. David would architect and likely lead both phases.

Phase 1.0 · Now to August

Telemetry Fast-Track

Secure ingestion vault for cardiac-telemetry and blood-work data. Immutable, fully logged analysis pipeline. Regulator-ready cardiotoxicity evidence package with full provenance chain.

Phase 2 · After August

Full Multi-Jurisdiction EMR

Backend-first, sovereignty-aware electronic medical record system covering all clinical modalities. Built on the same data foundation and audit trail established in Phase 1.0.

~190-200

Patients treated per month

Patient-data jurisdictions (MX · MT)

Aug 2026

Regulator presentation deadline

Compliance Surface Area

The regulatory surface we'd help you navigate

This is the surface area to navigate, not legal advice. Date-sensitive items must be confirmed against primary sources and your counsel.

🇪🇺

GDPR (Malta / EU)

Primary regime for Malta treatment site. Requires data residency within the EU, a lawful basis for processing health data (explicit consent or research exemption), and a legal basis before any cross-border transfer or aggregation.

High · Residency Required

🇲🇽

Mexico (LFPDPPP + COFEPRIS)

LFPDPPP governs personal data protection. COFEPRIS has jurisdiction over clinical research and therapeutic use. Both apply to the Baja California treatment home. Data localization is expected; cross-border transfer requires authorization.

High · Dual Regime

🇺🇸

FDA / NIDA (US)

Ibogaine is Schedule I in the US. FDA's path for research data involves IND applications or pre-IND meetings. NIDA is a research funder and regulator-adjacent collaborator. The cardiac-telemetry safety package must meet FDA data integrity standards (21 CFR Part 11).

High · IND Pathway

🇨🇦

Canada (PIPEDA + Health Canada)

Applies to the Vancouver HQ and Mississauga GMP facility. PIPEDA governs personal information handling. Health Canada has jurisdiction over the GMP processing and any clinical research conducted on Canadian soil.

Medium · GMP Scope

Where Coditect Applies

An AI control plane your team builds on

CODITECT doesn't replace your builder. Your team (with David as architect) owns the build. CODITECT is the autonomous AI control plane around it, providing governance, audit trails, and automation.

⚠ Before

Fragmented, unrouted records

Patient records exist independently at each treatment home. No unified intake form, no common schema, no jurisdiction-aware routing. Any cross-site view requires manual file aggregation.

✓ With CODITECT

Sovereignty-aware intake vault

Structured intake with jurisdiction tagging at the point of capture. Data stays in its required residency zone. A governed analytical layer provides a unified view without physically moving PHI across borders.

⚠ Before

Local files, manual compilation

Cardiac telemetry and blood-work data sit in local files at each site. No traceable analysis chain. Each regulatory presentation requires manual aggregation with no audit trail proving data integrity.

✓ With CODITECT

Immutable pipeline, full audit trail

Secure ingestion vault captures each measurement at source. Every transformation step is logged and timestamped. Automated analysis produces regulator-ready cardiotoxicity output with a complete, verifiable provenance chain.

⚠ Before

Manual, scattered, hard to verify

Evidence compiled manually from scattered site records. No provenance chain. Reviewers cannot independently verify completeness or trace any data point back to its source measurement.

✓ With CODITECT

Traceable, tamper-evident export

Every data point in the regulatory package is linked to its source record and ingestion timestamp. The export includes a compliance attestation. Reviewers can trace any finding back to the raw measurement in one step.

Landscape

Where CODITECT fits

Competitors described by category only.

Option	Description	Strength	Fit
CODITECT	Governance-native AI control plane. Backend-first, data-sovereign architecture. Runs on any LLM. Audit trail from day one.	Speed + sovereignty + ownership	Strong
Certified SaMD tooling	FDA-oriented software lifecycle platforms with IEC 62304 / ISO 13485 certification credentials.	Certification pedigree	Partial
Legacy / enterprise EMR	Built for clinical care delivery in hospital settings. Strong on care workflows, weak on research data models.	Care delivery	Weak
Generic cloud platforms	Flexible building blocks (S3, BigQuery, etc.). Fast to spin up, no governance-native layer out of the box.	Flexibility	Partial

Ambio Strength

A uniquely deep, growing, single-source clinical dataset on ibogaine treatment, combined with a Nagoya-backed supply chain. That combination is rare and defensible as a research and regulatory asset.

Honest Risk

The medical-device certification attestations that certified-SaMD-tooling holds (IEC 62304, ISO 13485) are a gap CODITECT must close or scope around in the build plan. And the August deadline is aggressive; it requires focused, disciplined execution from week one.

How We Work

Three steps to the August goal

Scientific mapping

Understand the science, data sources, and sovereignty constraints for each jurisdiction

Specification and architecture

Backend-first data dictionary and models, fully documented before a line of code is written

Targeted build

Your team builds; CODITECT provides automation, governance rails, and optional hands-on support

On Our Follow-Up Call

Tell us what we got wrong

On our follow-up call we'll confirm a handful of things together, enough to scope the cardiac-telemetry pilot and start the data model.

Agreed next steps: mutual NDA (sent / signing), cardiac-telemetry analysis, platform walkthrough, compliance requirements list (GDPR + regional), schedule the follow-up, business-model details.

The goal: an MVP contributing by August, with the regulator evidence package and QMS following.