How It Works Features Pricing Industries Blog About Contact
Log In Start Free →
Legal

Privacy Policy

Your privacy matters. Here's how we collect, use, and protect your data.

Last Updated: March 24, 2026
Effective Date: March 24, 2026

1. Introduction

This Privacy Policy ("Policy") applies to Ampliyo ("we," "us," or "our"), a software-as-a-service (SaaS) platform operated by Ampliyo, designed to enhance customer engagement and reputation management for local businesses. This Policy governs our practices for collecting, using, maintaining, protecting, and disclosing information obtained through the Ampliyo platform (the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Policy, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Business Account Information

When you register for an Ampliyo account, we collect:

  • Business name, address, phone number, and email address
  • Account credentials (email and hashed password)
  • Billing and payment information (credit card details are processed securely through our third-party payment processor and are not stored on our servers)
  • Business category and industry information
  • Service and plan selection details

2.2 End-User Information

We collect personal information of end-users (your customers) as provided by our business clients. This may include:

  • Customer names, email addresses, and phone numbers
  • Visit dates and transaction information
  • Review and feedback content
  • Loyalty program participation data (points balances, redemption history)
  • Communication preferences and opt-out status

2.3 Automatically Collected Information

When you access the Service, we automatically collect:

  • IP address, browser type, operating system, and device information
  • Log files, access times, and pages viewed
  • Referring URLs and exit pages
  • Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

  • Service Operation: To provide, operate, maintain, and improve the Ampliyo platform and its features
  • Communications: To send SMS messages, emails, and other communications on behalf of our business clients, including review requests, marketing campaigns, appointment reminders, and loyalty notifications
  • AI Content Generation: To power AI-generated marketing copy, review request messages, and campaign content based on business information and campaign goals. Your data is used solely to generate content for your business and is not shared with other clients
  • Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance
  • Analytics: To analyze usage patterns, monitor Service performance, and improve user experience
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Security: To detect, prevent, and address fraud, security breaches, and technical issues

4. SMS Communication

4.1 Data Collected

We collect end-user phone numbers as provided by our business clients to facilitate SMS communications. Business clients are responsible for obtaining proper consent from their customers before providing their phone numbers to Ampliyo.

4.2 Purpose of SMS Messages

SMS messages sent through Ampliyo include:

  • Review requests and satisfaction surveys
  • Appointment and service reminders
  • Marketing and promotional messages (on behalf of the business)
  • Loyalty program updates and point notifications

4.3 Opt-Out Rights

End-users can opt out of receiving SMS messages at any time by replying "STOP" to any message received through Ampliyo. Businesses can also manage opt-out preferences within their Ampliyo dashboard. Once opted out, no further SMS messages will be sent to that phone number unless the end-user explicitly re-subscribes.

4.4 CASL and TCPA Compliance

We comply with Canada's Anti-Spam Legislation (CASL) and the U.S. Telephone Consumer Protection Act (TCPA) as applicable. Business clients are required to obtain and maintain proper consent records (express or implied, as applicable) for all SMS and electronic communications sent through our platform.

5. Email Communication

Similar to SMS, email communications are sent on behalf of our business clients. All marketing emails include an unsubscribe link. Business clients must have proper consent before sending marketing emails through Ampliyo.

We comply with Canada's Anti-Spam Legislation (CASL) and the U.S. CAN-SPAM Act. All commercial electronic messages include our business client's identifying information, a valid mailing address, and a functioning unsubscribe mechanism.

6. Data Security

  • Encryption: All data is transmitted using SSL/TLS encryption. Sensitive data is encrypted at rest
  • Secure Infrastructure: Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2-compliant data centers
  • Access Controls: Strict access controls, role-based permissions, and multi-factor authentication protect your account
  • Regular Audits: We conduct periodic security assessments and vulnerability testing
  • Data Breach Notification: In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law

7. Cookies and Tracking Technologies

7.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (authentication, session management)
  • Analytics Cookies: Help us understand how users interact with our Service (e.g., Google Analytics)
  • Functional Cookies: Remember your preferences and settings

7.2 Third-Party Analytics

We use Google Analytics to collect anonymized usage data. Google's privacy policy applies to data collected by Google Analytics. You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

8. Google reCAPTCHA

We use Google reCAPTCHA to protect our forms from spam and abuse. By using our forms, you acknowledge and agree to be bound by Google's Privacy Policy and Terms of Service.

9. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share data in the following limited circumstances:

  • Service Providers: We share data with trusted third-party providers who assist in operating our Service (e.g., payment processors, SMS delivery providers, email delivery services, cloud hosting). These providers are contractually bound to protect your data
  • AI Processing: Campaign and message content may be processed through AI providers (e.g., OpenAI) for content generation. Only business information and campaign goals are shared — customer personal data is not sent to AI providers
  • Legal Requirements: We may disclose information when required by law, subpoena, court order, or governmental regulation
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify users of any such change
  • Protection of Rights: We may disclose information to protect our rights, safety, property, or the rights of our users or the public

10. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Data: Retained for the duration of the account plus 30 days after deletion request
  • Customer Data: Retained for as long as the business client's account is active
  • Communication Logs: Retained for up to 12 months for compliance and support purposes
  • Billing Data: Retained as required by tax and financial regulations

Upon account termination, we will delete or anonymize your data within 30 days, except where retention is required by law.

11. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your data for marketing purposes
  • Opt-Out: Opt out of promotional communications at any time

To exercise any of these rights, contact us at support@ampliyo.com. We will respond to valid requests within 30 days.

12. Canadian Privacy Rights (PIPEDA / PIPA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, if you are in Alberta, the Personal Information Protection Act (PIPA):

  • Right to access your personal information held by us
  • Right to challenge the accuracy and completeness of your information and have it amended
  • Right to withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
  • Right to file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is being collected
  • Right to know if your personal information is being sold or disclosed and to whom
  • Right to opt out of the sale of your personal information (we do not sell personal information)
  • Right to request deletion of your personal information
  • Right to not be discriminated against for exercising your privacy rights

14. International Data Transfers

Your data may be transferred to and maintained on servers located outside your state, province, or country. By using our Service, you consent to such transfers. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy.

15. Children's Privacy

The Service is not directed to individuals under the age of 18 ("Children"). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately. We will take steps to remove such information from our systems.

16. Third-Party Websites

Our Service may contain links to websites not operated by us. We are not responsible for the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policy of every site you visit.

17. Account Security

You are responsible for maintaining the confidentiality of your account credentials. Ampliyo is not liable for any losses incurred due to unauthorized access to your account resulting from your failure to protect your credentials. Notify us immediately at support@ampliyo.com of any unauthorized use of your account.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy. For significant changes, we may also notify you via email.

19. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at:

Ampliyo
Email: support@ampliyo.com
Alberta, Canada