Privacy Policy

Last updated: 19 April 2026

Amplifier Consulting Limited (“Amplifier”, “we”, “us”, “our”) is the data controller for personal information about you when you use the Amplifier service. This policy explains what we collect, how we use it, who we share it with, and the rights you have. We want you to read this, so we have kept it short.

Who we are

• Company: Amplifier Consulting Limited
• Registered in: England and Wales
• Company number: 17038769
• Registered office: Office 2.05, Clockwise, Old Town Hall, 30 Tweedy Road, Bromley, BR1 3FE
• ICO registration: C1913003
• Contact: hello@weareamplifier.co.uk

What we collect

Account information. Your name, email address, and authentication tokens when you create an account.

Connected channel data. When you connect a channel (Gmail, Outlook, Slack, Teams, Telegram, SMS, WhatsApp, Google Chat), we access the messages, contacts, calendar events, and metadata needed to provide the service. You control which channels are connected. You can disconnect any channel at any time.

Derived data. We analyse your sent messages to build a writing-style profile, track commitments you make to others, and classify inbound messages as Decision, Info, or Noise. These are stored against your account and used only for your Brief, your drafts, and your classifications.

Usage data. Which features you use, how often, and what actions you take. We use this to improve the product. It is not tied to your message content.

Payment information. Processed by Stripe. We do not store your card details.

Why we collect it

• To provide the service. Ingesting messages, drafting replies, writing your daily Brief, categorising conversations. Without this data, there is no product.
• To improve the service. Aggregate, anonymised usage patterns inform product decisions.
• To comply with our legal obligations. Tax, accounting, and regulatory record-keeping.
• To communicate with you. Service updates, security alerts, and billing notices.

Legal bases for processing (UK GDPR)

• Contract (Article 6(1)(b)) — to provide the service you subscribed to.
• Legitimate interests (Article 6(1)(f)) — to improve the product and prevent abuse. Balanced against your rights; you can object.
• Consent (Article 6(1)(a)) — for optional features like marketing communications. You can withdraw consent at any time.
• Legal obligation (Article 6(1)(c)) — for tax and compliance records.

Who we share it with

Amplifier uses a small set of trusted third parties to operate. Each has a data processing agreement with us and processes your data only on our instructions. The full list is maintained at Subprocessors.

We do not sell your data. We do not share it with advertisers. We do not use it to train third-party AI models. If we ever change any of these positions, we will tell you in advance and give you the right to object and delete.

AI models and your data

Amplifier uses AI to categorise and draft. The platform default runs inference through Google Gemini via paid API with zero data retention. On Team and Business tiers, you can bring your own model key (Anthropic, OpenAI, or Google) and route through your own contract with that provider.

In no case is your data used to train any AI model.

Where we store it

All application data is stored in the EU (Netherlands), on Railway infrastructure in the Amsterdam region. The UK and EU have mutual adequacy decisions in place for GDPR purposes, so data transfers between the two are treated as transfers within a single adequate jurisdiction. Specific data categories may transit third-party subprocessors under appropriate safeguards (UK adequacy, EU Standard Contractual Clauses, or equivalent). See Subprocessors for details per service.

How long we keep it

• Active accounts: for as long as your account is active, plus 90 days after you close it.
• Deleted accounts: purged within 30 days of deletion request, except where we are legally required to retain specific records (e.g. tax records, 7 years).
• Disconnected channels: message data from a disconnected channel is purged within 30 days.
• Analytics and logs: 12 months, rolling.

Your rights

Under UK GDPR, you have the right to:

• Access your personal data.
• Correct inaccurate data.
• Delete your data (“right to be forgotten”).
• Port your data to another service (structured, machine-readable format).
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests.
• Withdraw consent at any time.
• Lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk).

Exercise any right by emailing hello@weareamplifier.co.uk. We will respond within 30 days.

Security

• Data in transit is encrypted with TLS 1.2 or higher.
• Data at rest is encrypted (AES-256 for databases, envelope encryption for OAuth tokens).
• Access to production systems is limited to named Amplifier engineers, authenticated via SSO and 2FA.
• All access is logged and reviewed.

We maintain an internal Data Handling Policy and a Record of Processing Activities. If you need to see these for due diligence, contact us.

Children

Amplifier is not intended for children under 18. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will delete it.

Changes

We will post material changes at the top of this page and email existing users. Continued use of the service after changes means you accept the updated policy.

Contact

For any privacy question, concern, or request, email hello@weareamplifier.co.uk.