Privacy Policy

At Ampli (a CoreNet Solutions product), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee advocacy platform.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, job title, company name, and password when you create an account.
• Organization Information: Company details, team structure, and user roles within your organization.
• Content: Posts, campaigns, and other content you create or upload to the platform.
• Communications: Messages, feedback, and support requests you send to us.

1.2 LinkedIn Integration Data

When you connect your LinkedIn account to Ampli, we collect and process the following information through the LinkedIn API:

• Profile Information: Your LinkedIn profile name, profile picture, and headline (for display purposes).
• OAuth Access Tokens: Encrypted tokens that allow Ampli to post on your behalf (stored securely using AES-256-GCM encryption).
• Sharing Activity: Records of when you share approved content through our platform.
• Connection Count: Anonymous aggregated data about your network size for reach estimation (we do not access or store your individual connections).

Important: Ampli only posts to LinkedIn when you explicitly click the "Share" button. We never post automatically or access your LinkedIn data beyond what is necessary for the sharing functionality. You can disconnect your LinkedIn account at any time from your settings.

1.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
• Device Information: Browser type, operating system, IP address, device identifiers.
• Cookies and Tracking: We use essential cookies for authentication and optional analytics cookies (see Section 7).

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve the Ampli platform, including posting content to LinkedIn on your behalf.
• Authentication: To verify your identity and manage your account access.
• LinkedIn Integration: To facilitate one-click sharing of approved content to your LinkedIn profile.
• Analytics: To provide admins with insights about team participation, content performance, and estimated reach.
• Communication: To send service updates, security alerts, and respond to your inquiries.
• Compliance: To comply with legal obligations and enforce our Terms of Service.
• Platform Improvement: To analyze usage patterns and develop new features.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

3.1 Within Your Organization

Admins in your organization can see team participation metrics, sharing activity, and content performance analytics. Individual employee LinkedIn credentials are never visible to admins.

3.2 Third-Party Service Providers

• LinkedIn: For OAuth authentication and posting functionality (governed by LinkedIn's Privacy Policy).
• Supabase: Database and authentication services (encrypted data storage).
• Stripe: Payment processing for subscriptions (we do not store credit card information).
• Vercel: Hosting and CDN services.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, prevent fraud, or ensure user safety.

3.4 Business Transfers

If Ampli is acquired or merged with another company, your information may be transferred. You will be notified of any such change.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted to and from Ampli is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at Rest: LinkedIn OAuth tokens are encrypted using AES-256-GCM encryption.
• Database Security: Row-level security policies ensure organizational data isolation.
• Access Controls: Role-based access controls limit data access to authorized personnel only.
• Regular Audits: We conduct regular security reviews and vulnerability assessments.
• Secure Authentication: Passwords are hashed using industry-standard algorithms; we support SSO for enterprise customers.

Note: While we take extensive measures to protect your data, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

5. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

5.1 General Rights

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Data Portability: Request a machine-readable copy of your data.
• Objection: Object to certain processing activities, including marketing communications.
• Restriction: Request that we limit how we use your data.

5.2 LinkedIn Integration Controls

• Disconnect LinkedIn: You can disconnect your LinkedIn account at any time from your account settings.
• Revoke Access: You can revoke Ampli's access through LinkedIn's authorized applications page.
• Delete Tokens: When you disconnect, we immediately delete all stored LinkedIn OAuth tokens.

5.3 GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent at any time (where processing is based on consent)
• Right to data portability in a structured, commonly used format

5.4 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of sale of personal information (note: we do not sell your data)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, please contact us at privacy@ampli.social. We will respond within 30 days of your request.

6. Data Retention

• Active Accounts: We retain your data while your account is active and for the duration of your subscription.
• After Account Deletion: When you delete your account, we delete your personal data within 30 days, except where retention is required by law.
• LinkedIn Tokens: OAuth tokens are deleted immediately upon disconnecting your LinkedIn account.
• Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for platform improvement.
• Backup Retention: Data in backups may persist for up to 90 days after deletion.

7. Cookies and Tracking Technologies

We use the following types of cookies:

Essential Cookies (Required)

• Authentication cookies to keep you logged in
• Security cookies to protect against fraud and abuse
• Session cookies for platform functionality

Analytics Cookies (Optional)

• Usage analytics to understand how users interact with Ampli
• Performance monitoring to identify and fix issues

You can control cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of Ampli.

8. International Data Transfers

Ampli is hosted on servers located in the United States. If you access Ampli from outside the United States, your data may be transferred to, stored, and processed in the United States. We ensure that such transfers comply with applicable data protection laws through appropriate safeguards, including standard contractual clauses where required.

9. Children's Privacy

Ampli is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

10. LinkedIn API Compliance

Ampli's use of LinkedIn data is subject to LinkedIn's API Terms of Use and Privacy Policy. By connecting your LinkedIn account, you acknowledge that:

• Ampli will only post content to LinkedIn when you explicitly authorize it by clicking "Share"
• You can review and edit content before it is posted
• You can revoke Ampli's access to your LinkedIn account at any time
• LinkedIn's terms and privacy policy also govern the data shared through their platform
• Ampli does not access or store your LinkedIn connections list, messages, or other private LinkedIn data

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice on the Ampli platform

Your continued use of Ampli after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Legal Basis for Processing (GDPR)

For users in the EEA, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to provide the Ampli service you signed up for
• Consent: For LinkedIn integration and optional analytics cookies (you can withdraw consent at any time)
• Legitimate Interests: For platform improvement, security, and fraud prevention
• Legal Obligation: For compliance with applicable laws and regulations