Privacy Policy — AmpPilot

1. Information We Collect

1.1 Information You Provide Directly — When you register for or use the Service, we collect information you provide, including your name, email address, and organization details, account credentials such as username and password, billing and payment information processed through our payment providers, and communications you send us including support requests, feedback, and correspondence.

1.2 Information Collected Automatically — When you use the Service, we automatically collect usage data such as features accessed, actions taken, and session duration, log data including IP addresses, browser type, operating system, and referring URLs, device identifiers and technical information about your device, and cookies and similar tracking technologies as described in Section 9.

1.3 Third-Party Platform Data via OAuth — AmpPilot allows you to connect third-party advertising and social platforms — such as Google Ads, Meta, LinkedIn, and others — to the Service using OAuth authorization. When you authorize such connections, we access and store OAuth tokens and access credentials on your behalf, account identifiers and profile information from connected platforms, campaign data, performance metrics, and analytics from connected accounts, and audience and asset data necessary to provide the Service. This data is accessed and processed solely to provide the Service to you. You remain the data controller for all data within your connected platform accounts. AmpPilot acts as a data processor with respect to this data. You can revoke platform access at any time through your account settings or directly through the relevant third-party platform.

1.4 Data You Upload — You may upload or input marketing assets, content, audience data, and other materials into the Service. You are solely responsible for ensuring you have the right to upload and process such data and that doing so complies with applicable laws and the terms of any relevant third-party platforms.

2. How We Use Your Information

We use the information we collect to provide, operate, and maintain the Service, authenticate users and manage accounts, process transactions and send billing-related communications, connect to and interact with third-party platforms you have authorized, analyze and improve the performance, reliability, and functionality of the Service, respond to your support requests and communications, send service-related notices, updates, and security alerts, detect, investigate, and prevent fraudulent, unauthorized, or illegal activity, comply with applicable legal obligations, and enforce our Terms of Service.

We do not use your data for advertising purposes or sell your data to third parties under any circumstances.

3. Legal Basis for Processing

We process your personal data on the following grounds depending on the nature of the processing: performance of a contract where processing is necessary to provide the Service you have subscribed to, legitimate interests where processing is necessary for our legitimate business interests such as security, fraud prevention, and service improvement provided these do not override your rights, legal obligation where processing is required to comply with applicable law, and consent where you have explicitly consented to specific processing activities.

4. Data Sharing & Subprocessors

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances.

Subprocessors: We engage trusted third-party subprocessors to help operate the Service, including cloud infrastructure and hosting providers, AI model providers used for content generation and analysis, payment processors, email and communication service providers, and analytics and monitoring tools. All subprocessors are bound by confidentiality obligations and are permitted to process your data only as necessary to provide their services to us.

Legal Requirements: We may disclose your data if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of our users or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

We will maintain and make available a current list of our key subprocessors upon request.

5. OAuth & Third-Party Platform Connections

When you connect third-party platforms via OAuth, you authorize AmpPilot to access your accounts on those platforms on your behalf. We want to be clear about how we handle this access.

We access only the data and permissions necessary to provide the features you use. We store OAuth tokens securely using encryption at rest and in transit. We do not share your platform credentials or OAuth tokens with any third party other than as necessary to provide the Service. We do not use data from your connected accounts for any purpose other than providing and improving the Service for you. You can disconnect any platform integration at any time through your account settings, after which we will cease accessing that platform on your behalf and delete associated tokens within 30 days.

Your use of connected third-party platforms remains subject to those platforms' own terms of service and privacy policies.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account termination, we will delete or anonymize your personal data within 90 days, except where we are required to retain it longer to comply with legal obligations, resolve disputes, or enforce our agreements.

OAuth tokens and connected platform data are deleted within 30 days of disconnection or account termination. Aggregated, de-identified data that cannot reasonably be used to identify you may be retained indefinitely for analytics and service improvement purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include encryption of data in transit using TLS and at rest, strict access controls and authentication requirements, regular security monitoring and vulnerability assessments, and employee and contractor confidentiality obligations.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.

8. Your Rights

Depending on your location and applicable law, you may have the right to access the personal data we hold about you, correct inaccurate or incomplete personal data, request deletion of your personal data subject to legal retention requirements, object to or restrict certain processing of your data, request a portable copy of your data in a commonly used machine-readable format, and withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at privacy@amppilot.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

We will not discriminate against you for exercising your privacy rights.

9. Cookies & Tracking Technologies

We use cookies and similar technologies to maintain your session and authentication state, remember your preferences and settings, analyze usage patterns and improve the Service, and ensure security and prevent fraud.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. We do not use cookies for cross-site advertising or behavioral tracking.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without parental consent, we will delete that data promptly. If you believe we have inadvertently collected such data, please contact us at privacy@amppilot.com.

11. International Data Transfers

AmpPilot operates from India. If you are accessing the Service from outside India, please be aware that your data may be transferred to, stored, and processed in India or in other countries where our subprocessors operate. We take steps to ensure that such transfers comply with applicable data protection laws and that your data receives an adequate level of protection.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the Last Updated date at the top of this Policy and, where appropriate, by sending an email notification to your registered address. Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes.