Privacy Policy

01Who We Are

Amplitica s.r.o., a company registered in the Czech Republic. Address available on request — write to info@amplitica.io for the registered seat and corporate identification number.

For the purposes of the EU General Data Protection Regulation (GDPR), Amplitica is the data controller for the data described in this policy.

02What Data We Collect

2.1 Website visitors

This website uses minimal analytics. We do not set tracking cookies that require explicit consent. We may log:

• IP address (truncated, retained 30 days, used for abuse prevention)
• User-agent string (retained 30 days)
• Pages visited and referrer (aggregated, no individual profiling)

2.2 People who contact us

If you email us, fill in a contact form, or book a demo, we collect what you give us — typically name, work email, company, and the content of your message. We use this only to respond to you and, if a commercial relationship begins, to manage that relationship.

2.3 Customers

For paid customers we additionally process: contract details, billing information, named user accounts of your administrators, and any support tickets you raise. We do not process the data your end-users put into the Amplitica platform — that data lives entirely on your infrastructure.

03Why We Process It (Legal Basis)

• Performance of a contract — to deliver the product and services you’ve bought.
• Legitimate interest — to respond to inbound enquiries, maintain website security, and run the business.
• Legal obligation — to keep tax, accounting, and statutory records.
• Consent — for the (rare) cases where consent is the only valid basis (e.g. opt-in marketing emails).

04The On-Prem Promise

This is enforced architecturally, not just contractually:

• The product runs in your VPC / data centre / air-gap, with no required outbound calls to Amplitica services.
• Optional update checks can be disabled. Deployments designed for air-gap environments operate fully offline.
• LLM inference, vector storage, audit logs, file storage — all hosted on customer-controlled infrastructure.

05Sub-Processors

For the limited data we do process (website + commercial relationship management), we use a small number of vetted EU-hosted providers for hosting, email, accounting, and CRM. A current sub-processor list is available on request.

For the on-prem product itself: there are no Amplitica sub-processors. The customer chooses every component.

06Data Retention

• Web analytics logs: 30 days.
• Inbound enquiries that don’t lead to a commercial relationship: 12 months from last contact.
• Customer relationship data: duration of the contract + 10 years (statutory).
• Job applications: 12 months unless you ask us to keep them longer.

07Your Rights

Under GDPR you have the right to:

• Access the personal data we hold about you
• Have inaccurate data corrected
• Have your data deleted (where no overriding legal obligation applies)
• Restrict or object to processing
• Receive your data in a portable format
• Lodge a complaint with the Czech supervisory authority (ÚOOÚ) or your local data protection authority

To exercise any of these rights, write to info@amplitica.io. We respond within 30 days.

08International Transfers

The personal data we process for the purposes described above stays in the EU/EEA. We do not transfer it to the United States or any other third country without an appropriate transfer mechanism (Standard Contractual Clauses or adequacy decision).

09Security

The Amplitica corporate environment runs with industry-standard controls: SSO with MFA, encrypted laptops, encrypted backups, principle of least privilege. The product itself is engineered with the same posture and ships secure-by-default.

10Changes to This Policy

If we materially change this policy we’ll update the date at the top and, for active customers, send a notification. Older versions are retained internally for audit.

11Contact

Questions about this policy or about how we handle your data?

📧 info@amplitica.io