We are Amplify. We respect your privacy and private life, but sometimes we need your personal data in order to provide you with the optimal Amplify experience. In this privacy policy we explain which data we use and how we save, protect and process this data. This privacy policy applies to our applications including Amplify Studio (the "Apps"), our websites (the "Websites"), collectively the services that we offer (the "Services"). We comply with the General Data Protection Regulation and, when implemented, with the relevant provisions under Dutch law (the "Relevant Legislation").

‍

Personal Data

To offer our Apps, Websites and Services we process data, some of which can be regarded as Personal Data. Data is considered “personal data” by the relevant legislation when it contains “information or pieces of information that could allow a person to be directly or indirectly identified”. This is a very wide definition. The European Court e.g. ruled that even dynamic IP-addresses may qualify as personal data.

‍

Information we collect about you

We collect Personal information in a variety of ways:

Information you provide

Amplify is a personalized platform, which is why we ask you to make a profile by creating an Amplify account. 

To create an Amplify account, you will be given the option to sign in with your Google account, Microsoft or to create an Amplify account with your e-mail address. When doing so, you authorize us to access and store personal details like your name / alias, email address.

Information we collect when you use our Services

When you use our Services, we collect information about which of those services you've used and how you've used them. 

Information about how you use our Services. In order to improve our product and services, we continuously collect data on how you use the Services including, but not limited to, the number of invites you send, the number of groups you are in, the number 

Use of Microsoft Clarity and Related Services

‍We use Microsoft Clarity (in partnership with Microsoft Advertising) to capture how you interact with our website. This service helps us collect behavioral data—including heatmaps, session replays, and other usage metrics—using first and third-party cookies and similar tracking technologies. The information gathered is used for:

• Improving our products and advertising: Understanding user behavior helps us enhance our services and tailor our advertising.
• Site optimization: Analyzing website performance and identifying areas for improvement.
• Fraud and security: Protecting our site and users by detecting and preventing fraudulent or suspicious activities.

By accessing or using our website, you agree to the collection and use of your data by us and Microsoft as described in this policy. For more details on how Microsoft handles your data, please visit the Microsoft Privacy Statement.

Information we collect from Third Parties

If another user uploads their contact list, we may combine information from that user's contact list with other your information to determine whether you already know each other. This information will be used to create friend suggestions at that moment and will never be stored by Amplify.

‍

How will we use your information

In order to provide you with the best experience, we may use information that we collect about you to:

• Deliver and improve our products and services, and manage our business;
• manage your account and provide you with customer support;
• communicate with you;
• perform research and analysis about your use of, or interest in, our or others' products, services, or content;
• perform user behaviour analytics; and
• perform functions or services as otherwise described to you at the time of collection.

‍

How long do we retain your information

We shall store your personal data as long as your account is active. You can always de-activate your account, after which your personal data will be deleted - as a rule within 30 calendar days. If you want your personal data deleted on a shorter notice, please send us an email via PRIVACY@AMPLIFY.ONE. Please note that we reserve the right to store data regarding your use of our Services when they are irreversibly anonymized.

‍

How we protect your information

We work hard to protect your personal data from unauthorized or unlawful access, alteration, disclosure, use or destruction. That way, unauthorized persons do not have access to your data. We take the following measures to protect your personal data:

Account security: We serve our website and our APIs exclusively via HTTPS. We use JWT authentication tokens for API logins to help you protect your account data.

Servers - Physical security: Our infrastructure runs inside data centers designed and operated by Amazon Web Services (AWS) in Ireland. AWS data centers feature state of the art environmental security controls to safeguard against fires, power loss, and adverse weather conditions. Physical access to these facilities is highly restricted and they are monitored by professional security personnel. We require all personnel to take their laptop computer with them when they leave the office, to prevent theft from our offices. No data is ever stored on these laptops. Laptops are encrypted to prevent data loss when being stolen.

Software security: Our systems run the latest stable versions of Amazon Linux and our applications run on the latest stable version of docker. Application and database servers are not directly accessible from the internet. We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog). Our developers receive training for secure software development, including Open Web Application Security Project guidelines. All code changes are subject to a multi-point code review with specific attention paid to security.

DDoS mitigation: User data and specifically location can be charged subjects. We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.

Data security: All customer data is stored encrypted with at least dual redundancy. We store and secure chat messages in a dedicated database with no personal identifiable data attached.

Logging: We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.

Employee access: Amplify team access is controlled by a carefully managed security policy. All team members sign non-disclosure agreements to protect your data. All employees receive tools and training for handling sensitive data (including credentials) and for avoiding social engineering and other non-technical attacks. Furthermore we use logging of all database sessions as a protective measure.

Regular audits: We conduct regular internal security audits to review our hardware, software, and physical security configurations. If we discover a vulnerability, we follow a formal incident response framework to ensure rapid mitigation and transparent customer communication.

‍

How we share information

We may share your information about you in a number of ways.

With other Amplify Users

Your profile will be visible to other registered users of our Services. This includes the following information:

• Profile picture (optional)
• Name or Alias

With Third Parties

Amplify may share your data with third parties when we reasonably believe that disclosing the information is needed to:

• Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
• Investigate, remedy, or enforce potential Terms of Service violations.
• Protect the rights, property, and safety of us, our users, or others.
• Detect and resolve any fraud or security concerns.

Finally, we may share your data with third parties as part of a merger or acquisition. If Woov Holding BV gets involved in a merger, asset sale, stock sale, share sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes.

With Data Processors

We may share your personal data with companies that process data as a service to Amplify. In a data processing agreement, we shall agree with those parties that they shall use your data carefully and they shall only receive the data that is relevant for their services. These parties use your data in accordance with our instructions and not for their own purposes. These parties are "processors" within the meaning of the Relevant Legislation. In the following table we have listed these Processing parties, and explain to you - in their words - what data is processed, why and where. We take care to keep this table up to date, however if you find any inconsistencies please let us know via PRIVACY@AMPLIFY.ONE.

‍

Other considerations

Links

You may find third party, advertising or other content on our Services that link to other websites. We do not control the content on these websites and are not responsible for the content or the privacy protection of these websites. We advise you to read the privacy policies of those websites.

‍

Modifications to this privacy policy

We may update our privacy policy from time to time. When we change this privacy policy in a significant way, we will post a notification on our Services along with a link to the updated privacy policy. If you are not registered as user we advise you to visit the Website and this policy regularly.

‍

Are you under the age of sixteen?

Although our Services are general audience Service, we restrict the use of our service to individuals age 16 and above. We do not knowingly collect, maintain, or use personal information from children under the age of 16.

‍

Your rights

We consider the data we collect to be personal. Therefore, you have the following rights:

You may request access to the personal data we process about you;

You may request us to correct, update, shield or delete your personal information in our records. In the event of fraud, non-payment, or other wrongful act, we can keep some data in a register on a black list;

You may request a copy of the personal data we have processed about you. We can - on your request - send this copy to another party, so you don't have to send the data yourself;

You may file a complaint against processing your data;

You may file a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), if you are under the impression that we process your data unlawfully;

You may always withdraw your consent to process your data. We cannot process your data from the moment you withdraw your consent. Please be aware that when you revoke your consent we will keep your data that was stored up and onto that moment in time. If you want us to delete your data please specify this in your request.

You can exercise these rights by sending an email to privacy@amplify.one, to which we will respond in less than 30 days. Should you have further questions regarding this privacy policy, please contact us via the information below.

‍

Contact information

Data Protection Officer
privacy@amplify.one

Woov BV
Overhoeksplein 31
1031KS Amsterdam
The Netherlands

‍