Privacy

Plain-language overview of how Amplifying handles your data. Questions? security@amplifying.ai

What we collect

Contact and newsletter details

If you subscribe, contact us, or request a report, we collect the information you provide, such as your email address, name, company, tool name, category, message details, and newsletter subscription status where applicable.

Account and authentication data

For signed-in products, Clerk manages authentication identity such as email address, session data, MFA-related metadata, and related account identifiers.

Account, plan, and billing metadata

We store the account metadata needed to operate the service, such as name, email, plan state, billing identifiers, timestamps, and access entitlements. Stripe handles checkout and payment processing; we do not store full payment card numbers.

Amplifying-generated customer reports

Customer dashboards and vendor intelligence reports are generated by Amplifying from Amplifying-created benchmark prompts, repositories, runs, and research data, without customer-submitted data. Advisory intake and account-specific records are private to the customer relationship unless we have explicit permission to publish or share them.

Amplifying-generated benchmark data

We store benchmark prompts, repository fixtures, benchmark runs, model responses, extracted results, and datasets that Amplifying creates or runs without customer data. These are Amplifying research artifacts, not customer data.

Usage, analytics, and operational logs

We collect request metadata, product usage events, page analytics, deployment events, authentication events, and error signals to operate, secure, debug, and improve the service.

What we do not intentionally collect

No customer workspace content

The current service does not intentionally ingest customer source code, workspace files, benchmark prompts, benchmark inputs, or benchmark outputs supplied by customers. Amplifying creates the prompts, repositories, and benchmark runs used for its research.

No special-category or children's data

We do not intentionally collect health, financial account, biometric, children's, or other special-category data. If a customer wants to process that type of data, it is out of scope unless we explicitly agree otherwise.

No sale of personal data

We do not sell personal data. We also do not share private customer reports, dashboards, or inquiry details with competitors.

Public vs. private data

Public research

Published research, reports, dashboards, and datasets use benchmark data generated by Amplifying without customer data. Public datasets may include Amplifying-created benchmark prompts, repository fixtures, and model responses from our research runs, but not customer workspace content.

Customer reports and dashboards

Customer-specific reports and dashboards are generated by Amplifying from benchmark prompts, repositories, and runs that we create and operate, without customer data. We do not publish, redistribute, or use those materials in public research without explicit permission.

Service providers

Infrastructure and identity

We use Vercel for hosting and edge infrastructure, Neon (Databricks) for managed Postgres, Clerk for authentication, GitHub for source control and CI, Linear for issue tracking, and Tailscale for protected internal access.

Billing, email, and communications

We use Stripe for checkout and subscription billing, Resend for operational email delivery and newsletter contact management, Google Workspace for business email, documents, and calendar, and Slack/Slack Connect for internal routing and customer-collaboration channels when a customer chooses that channel.

Analytics and error monitoring

We use PostHog, Vercel Analytics, and Sentry to understand product usage, diagnose issues, and monitor service health. These tools process usage, device/browser, request, and error metadata.

Subprocessor details

Core subprocessors and security review materials are listed on our security page and are available on request at security@amplifying.ai.

Data storage and retention

Account data

Authentication identity and account metadata are retained while the account is active and deleted within 30 days after account closure, unless a legal obligation requires longer retention.

Billing records

Billing and financial records may be retained for up to 7 years after account closure for tax and accounting requirements.

Operational logs and backups

Operational logs are retained on rolling provider windows, generally 30 days. Neon (Databricks) database backups use point-in-time recovery windows, generally 7 days, and then age out.

Newsletter and communications

Newsletter contacts are retained until you unsubscribe or ask us to remove them. Customer communications and operational email records are retained for the duration of the relationship and as needed for ordinary business records.

Your choices and rights

Access, export, correction, and deletion

You can request access, export, correction, or deletion of personal data by emailing security@amplifying.ai. Where required by law, we respond within 30 days.

Non-essential email opt-out

You can opt out of non-essential emails by emailing us directly.

Security questions and disclosures

Security questions, vulnerability reports, data subject requests, and DPA requests should be sent to security@amplifying.ai.

Security practices

Encryption

Traffic is encrypted in transit with TLS. Data at rest is encrypted through managed providers such as Neon (Databricks), Vercel, Clerk, and Stripe.

Access controls

Private benchmark data and Amplifying-generated customer reports and dashboards are access-controlled and not publicly accessible.

Security program

Amplifying maintains a documented security program and publishes a security overview at amplifying.ai/security.

Last updated May 21, 2026. If we make material changes, we'll note them here and notify affected customers where required.