At AmplifyX, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered X (Twitter) growth platform.
1. Information We Collect
Personal Information
We collect information that you provide directly to us, including:
- Account Information: Name, email address, password (encrypted)
- Payment Information: Billing details processed securely through Stripe (we do not store credit card numbers)
- Profile Information: Company name, website, profile picture
- Communication Data: Messages you send to our support team
X (Twitter) Account Data
When you connect your X account, we collect:
- OAuth Credentials: Encrypted access tokens and refresh tokens
- Public Profile Data: Username, display name, bio, profile picture, follower count
- Content Data: Posts, threads, replies, engagement metrics
- Analytics Data: Impressions, likes, retweets, replies, follower growth
Usage Information
We automatically collect information about your use of our platform:
- Log Data: IP address, browser type, operating system, pages visited, time stamps
- Device Information: Device type, operating system, unique device identifiers
- Analytics Data: How you interact with our platform, features used, errors encountered
2. How We Use Your Information
We use the information we collect to:
- Provide Our Service: Operate the platform, generate AI content, schedule posts, analyze performance
- Personalization: Customize content based on your persona and niche settings
- Communication: Send service updates, security alerts, support responses, and marketing emails (opt-out available)
- Payment Processing: Process subscription payments and manage billing
- Improvement: Analyze usage patterns to improve features and user experience
- Security: Detect fraud, prevent abuse, and protect our platform and users
- Legal Compliance: Comply with legal obligations and enforce our Terms of Service
3. AI Content Generation
AmplifyX uses advanced AI to generate content on your behalf:
- Training: We do NOT use your data to train AI models. All content generation is done via API calls to Anthropic Claude.
- Processing: Your persona, niche, and historical content data are sent to Anthropic's API solely to generate your requested content.
- Storage: Generated content is stored in your account and associated with your X account.
- Third-Party AI: Anthropic (Claude API provider) processes content according to their privacy policy. See Anthropic's data handling practices at anthropic.com/privacy.
4. How We Share Your Information
We share your information only in the following circumstances:
Service Providers
We share data with third-party service providers who perform services on our behalf:
- Clerk: Authentication and user management
- Stripe: Payment processing and subscription billing
- Anthropic: AI content generation (Claude API)
- Upstash: Redis caching and QStash scheduling
- Resend: Transactional email delivery
- Neon: PostgreSQL database hosting
- PostHog: Product analytics (anonymized usage data)
X (Twitter) API
We use X's API to post content, fetch analytics, and manage engagement on your behalf. Content you approve for publishing is posted to your X account using your connected credentials.
Workspace Team Members
If you're part of a workspace, other members with appropriate permissions can view shared account data and content.
Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:
- Comply with legal process
- Protect our rights or property
- Prevent fraud or abuse
- Protect user safety
Business Transfers
If AmplifyX is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.
5. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:
- Active Accounts: Data is retained while your account is active
- Deleted Accounts: Most data is deleted within 30 days of account deletion
- Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., tax records for 7 years)
- Anonymized Data: We may retain anonymized analytics data indefinitely for product improvement
6. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data is encrypted in transit (TLS) and at rest (AES-256-GCM for credentials)
- Authentication: OAuth 2.0 with PKCE for X account connections (we never see or store your X password)
- Access Controls: Role-based access controls limit who can access your data
- Security Monitoring: We monitor for suspicious activity and potential security breaches
- Regular Audits: We conduct regular security audits and penetration testing
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Rights and Choices
Access and Portability
You can access and export your data at any time from your account settings. We provide data in JSON format for portability.
Correction and Deletion
You can update your information or delete your account from the Settings page. Account deletion is permanent and cannot be undone.
Marketing Communications
You can opt out of marketing emails by clicking "Unsubscribe" in any marketing email or updating your notification preferences. You will continue to receive essential service emails.
Cookie Management
You can control cookies through your browser settings. See our Cookie Policy for details.
GDPR Rights (European Users)
If you are located in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
CCPA Rights (California Users)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of data collection and sharing practices
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of sale of personal information (we do not sell personal information)
- Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment
To exercise these rights, contact us at privacy@amplifyx.ai. We will respond within 30 days.
8. International Data Transfers
AmplifyX is based in the United States. If you access our platform from outside the U.S., your information will be transferred to, stored in, and processed in the United States and other countries where our service providers operate.
We comply with applicable data protection laws when transferring data internationally, including:
- Using Standard Contractual Clauses (SCCs) approved by the European Commission
- Ensuring service providers provide adequate data protection
- Complying with Privacy Shield principles (where applicable)
9. Children's Privacy
AmplifyX is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@amplifyx.ai and we will delete the information.
10. Third-Party Links
Our platform may contain links to third-party websites and services (e.g., X/Twitter, Anthropic). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:
- Sending an email to the address associated with your account
- Posting a prominent notice on our platform
- Updating the "Last updated" date at the top of this policy
Your continued use of AmplifyX after changes become effective constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@amplifyx.ai.