Privacy Policy
Last updated: Nov 24, 2025 — Version 2.1
Introduction
Amplify respects user privacy while requiring personal data to deliver optimal experiences. This policy explains what data is collected, how it's saved, protected, and processed across Amplify Studio (the "Apps"), websites (the "Websites"), and related services (the "Services"). The company complies with the General Data Protection Regulation and relevant Dutch law provisions.
Personal Data
Data qualifies as "personal data" when it contains "information or pieces of information that could allow a person to be directly or indirectly identified," a broad definition that includes dynamic IP-addresses.
Information Collection
Information You Provide
Users create Amplify accounts by signing in with Google, Microsoft, or email, authorizing access to personal details like name/alias and email address.
Information Collected During Service Use
The platform collects data about service usage, including invites sent, groups joined, and other interaction metrics to improve products and services.
Google Analytics (GA4)
Amplify uses Google Analytics 4 (GA4) to collect anonymised data about how visitors interact with this website — including pages viewed, session duration, and traffic sources. GA4 uses first-party cookies and does not store full IP addresses. Data is processed by Google LLC and may be transferred to servers in the United States under Google's Standard Contractual Clauses. Users can opt out at any time via Google's opt-out browser add-on or by adjusting cookie preferences. For more information, see the Google Privacy Policy.
Microsoft Clarity and Related Services
Amplify uses Microsoft Clarity to capture website interactions through heatmaps, session replays, and usage metrics via first and third-party cookies. This data improves products, tailors advertising, optimizes sites, and detects fraud. Users agree to data collection by Microsoft per the "Microsoft Privacy Statement."
Information from Third Parties
When users upload contact lists, Amplify may combine that data with existing information to suggest friends, though this data is never stored.
Information Usage
Collected data enables Amplify to:
- Deliver and improve products/services
- Manage accounts and provide customer support
- Communicate with users
- Perform research and usage analysis
- Conduct user behavior analytics
- Perform functions described at collection time
Data Retention
Personal data is stored while accounts remain active. Upon deactivation, data deletes within 30 calendar days. Users requesting faster deletion should email privacy@amplify.one. Irreversibly anonymized usage data may be retained.
Data Protection Measures
Account Security
The website and APIs operate exclusively via HTTPS with JWT authentication tokens.
Physical Security
Infrastructure runs on Amazon Web Services (AWS) data centers in Ireland featuring environmental controls, restricted access, and professional security monitoring.
Software Security
Systems run latest stable Amazon Linux versions with Docker applications. Servers aren't internet-accessible. Developers receive secure development training following Open Web Application Security Project guidelines, with multi-point code reviews.
DDoS Mitigation
Firewalls protect against bandwidth and protocol attacks; intelligent web application firewalls and elastic scaling mitigate application-layer attacks.
Data Security
Customer data stores encrypted with dual redundancy. Chat messages use dedicated databases without personally identifiable information.
Logging
Activity logging spans individual API requests to infrastructure changes, with archives in vaulted storage and tampering prevention measures.
Employee Access
Team access follows strict security policies. All members sign non-disclosure agreements and receive sensitive data handling training, with database session logging implemented.
Regular Audits
Internal security audits review hardware, software, and physical configurations. Discovered vulnerabilities follow formal incident response frameworks.
Information Sharing
With Other Amplify Users
Visible profiles include optional profile pictures and names/aliases.
With Third Parties
Amplify shares data when reasonably necessary to comply with legal processes, investigate Terms of Service violations, protect rights/property/safety, or detect fraud/security issues. Data may transfer during mergers, acquisitions, asset sales, or financing involving Woov Holding BV.
With Data Processors
Data processors handle information under agreements requiring careful usage limited to relevant data. These "processors" operate per GDPR definitions and follow Amplify instructions only.
Other Considerations
Links
Third-party, advertising, or external content may link elsewhere. Amplify doesn't control external websites or their privacy protections.
Policy Modifications
Updates to privacy policies receive notifications on Services with updated policy links. Unregistered users should review this policy regularly.
Age Restrictions
Services restrict use to individuals 16 and above. Amplify doesn't knowingly collect personal information from younger users.
User Rights
Users may:
- Request access to processed personal data
- Request corrections, updates, or deletions (with fraud/non-payment exceptions)
- Request processed data copies for transfer to other parties
- File complaints about data processing
- File complaints with Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
- Withdraw consent (though previously stored data remains unless specifically deleted)
Users exercise these rights by emailing privacy@amplify.one, with responses expected within 30 days.
Contact Information
Data Protection Officer
privacy@amplify.one
Woov BV
Overhoeksplein 31
1031KS Amsterdam
The Netherlands