Back to Amplora

Privacy Policy

Version 1.0.0 — Last updated March 21, 2026

1. Who We Are

Amplora, Inc. (“Amplora,” “we,” “us,” or “our”) operates the Amplora platform at amplora.io. We are the data controller for personal data processed through our platform. For questions about this policy, contact us at privacy@amplora.io.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), organization name, role, and profile settings.
  • Contact data: names, email addresses, phone numbers, job titles, company information, and social profiles of your business contacts that you store in Amplora.
  • Usage data: feature usage, page views, click events, session duration, and performance metrics collected via PostHog.
  • Communication data: email content, templates, sequences, and engagement metrics (opens, clicks, replies).
  • AI interaction data: prompts, generated content, feedback signals, and cached responses used to improve AI quality.
  • Billing data: subscription plan, credit usage, and payment method details (processed and stored by Stripe; we do not store card numbers).
  • Technical data: IP address, browser type, device information, and cookies (see Section 7).

3. How We Use Your Data

We process personal data for the following purposes:

  • Service delivery: operating your account, processing email sends, enriching contacts, generating AI content, and managing subscriptions.
  • AI processing: your prompts and contact data are sent to AI providers (OpenAI, Anthropic) to generate personalized emails, research briefs, and meeting summaries. We do not use your data to train third-party AI models.
  • Data enrichment: contact email addresses and company domains may be sent to third-party enrichment providers to retrieve publicly available business information.
  • Analytics and improvement: aggregated, de-identified usage data helps us improve features and fix bugs.
  • Legal compliance: we may process data as required by law, including fraud prevention and responding to legal requests.

4. Legal Bases (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we rely on:

  • Contract performance: processing necessary to provide the services you signed up for.
  • Legitimate interests: analytics, security monitoring, fraud prevention, and product improvement, balanced against your privacy rights.
  • Consent: analytics cookies and marketing communications (you can withdraw at any time).
  • Legal obligation: compliance with applicable laws and regulations.

5. Third-Party Data Sharing

We share personal data only with the following categories of service providers, under strict data processing agreements:

  • Infrastructure: Supabase (database and authentication), Vercel (hosting).
  • AI providers: OpenAI and Anthropic (content generation — data is not used for model training).
  • Email delivery: Resend (transactional and marketing emails).
  • Payments: Stripe (billing and subscriptions).
  • Enrichment: Apollo, Hunter, Clearbit (contact data enrichment — business contact data only).
  • Analytics: PostHog (product analytics, only with your consent).
  • Error tracking: Sentry (error reporting with minimal PII).

We do not sell your personal data. We do not share data with advertisers or data brokers.

6. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: request a copy of all personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): request deletion of all your data. Available in Settings → Account → Delete All My Data. Cascade purge completes within 72 hours.
  • Data portability: export your data in a machine-readable format.
  • Restriction: limit how we process your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: for consent-based processing (analytics cookies, marketing emails), withdraw at any time.

CCPA-specific rights (California residents): right to know, right to delete, right to opt-out of sale (we do not sell data), and right to non-discrimination.

To exercise any right, email privacy@amplora.io or use the in-app controls. We respond within 30 days (GDPR) or 45 days (CCPA).

7. Cookies

We use the following categories of cookies:

  • Essential: authentication session, CSRF token, theme preference. Always active — required for the platform to function.
  • Analytics: PostHog tracking for product usage analytics. Only loaded with your consent.
  • Functional: feature preferences and UI customization. Only loaded with your consent.

For EU visitors, a consent banner appears on first visit. Analytics and functional cookies are not pre-checked and are not loaded until you opt in. You can change your preferences at any time from the cookie settings link in the footer.

8. Data Retention

We retain your data for as long as your account is active. After account deletion or erasure request:

  • Personal data is deleted within 72 hours.
  • Activity logs are anonymized (not deleted) to preserve aggregate analytics integrity.
  • Compliance logs are retained for 7 years as required by law.
  • Billing records are retained per Stripe's data retention policy.

9. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest (AES-256), row-level security on all database tables, API rate limiting, content security policy headers, and regular security audits.

10. International Transfers

Your data may be transferred to and processed in the United States. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Our sub-processors maintain appropriate safeguards.

11. Children

Amplora is a B2B platform not directed at children under 16. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notification at least 30 days before the changes take effect. The version number and date at the top of this page indicate the latest revision.

13. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

  • Email: privacy@amplora.io
  • Address: Amplora, Inc., San Francisco, CA, United States

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.