Privacy Policy

Last updated: August 2025

Effective date: October 25, 2025
Contact: support@amplifywebhosting.com

This Privacy Policy explains how Amplify Web Hosting (“Amplify,” “we,” “us,” “our”) collects, uses, shares, and protects personal information when you visit our websites, use our services, or interact with us. It is designed to comply with the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA), as well as general privacy best practices.

If anything here conflicts with local law, the stricter rule for your location applies.

1) Who we are (Controller)

  • Controller: Amplify Web Hosting

  • Contact: support@amplifywebhosting.com

  • Registered/Postal Address: Autusus LLC, 1277 Webster St, San Francisco CA 94115

  • For certain activities (e.g., payments), our partners may act as independent controllers (see §7).

2) Scope

This Policy covers personal information we process when you:

  • Browse our website(s) and dashboards;

  • Create/manage an account;

  • Purchase services (e.g., hosting, domains, add-ons);

  • Contact support or engage with our communications;

  • Use our portals, APIs, or customer tools.

It does not cover data you host on your own websites/apps except where we process it to provide hosting (see §6 & §9).

3) What we collect

A. Information you provide

  • Account & profile: name, email, password (hashed), company, role.

  • Billing: billing address, tax/VAT details; payment details are handled by Stripe (we do not store full card numbers).

  • Support & comms: messages, attachments, feedback, survey responses.

  • Contracts: signatures, business identifiers.

B. Information collected automatically

  • Device & usage: IP address, device/browser type, operating system, pages viewed, referring URL, timestamps.

  • Service telemetry: login events, API calls, error logs, performance metrics.

  • Cookies & similar tech: see §5.

C. Data from third parties

  • Payments: transaction status/metadata from Stripe.

  • Anti-fraud/abuse: risk signals (e.g., IP reputation).

  • Analytics: aggregate engagement metrics from our analytics provider(s).

We do not intentionally collect information about children; see §13.

4) Why we process your data (Purposes & GDPR legal bases)

Purpose Examples Legal basis (GDPR) Provide and secure services Account setup, authentication, hosting, uptime, support Contract (Art. 6(1)(b)); Legitimate interests for security/abuse prevention Payments & billing Process payments, invoices, refunds, fraud prevention Contract; Legal obligation (tax/records); Legitimate interests Communications Service emails, support replies, policy updates Contract; Legitimate interests Improve & analyze Diagnostics, performance, product decisions (aggregate) Legitimate interests Marketing (optional) Newsletters, promotions Consent (where required); right to opt out anytime Compliance & enforcement Regulatory requests, dispute resolution, TOS enforcement Legal obligation; Legitimate interests

Where we rely on consent, you may withdraw it at any time (it won’t affect prior processing).

5) Cookies & similar technologies

We use cookies/SDKs to operate our site, keep you signed in, remember preferences, measure performance, and reduce fraud.

Categories:

  • Strictly necessary (e.g., session, CSRF) – required for the site to function.

  • Functional (e.g., preferences).

  • Analytics (e.g., page views, performance).

  • Advertising (if/when used; disabled by default unless we state otherwise).

Your choices:
You can manage cookies in your browser settings. Where required, we provide a cookie banner to accept/reject non-essential cookies. Blocking some cookies may impact functionality.

Sample non-exhaustive cookies we may use:

  • amplify_session (strictly necessary): login session; expires on logout/timeout.

  • amplify_csrf (strictly necessary): request protection; session.

  • analytics_* (analytics): page usage metrics; short to medium duration.

6) Hosting, analytics, and infrastructure

  • Framer (Hosting): Our marketing website is hosted on Framer. Framer may process IP addresses, device info, and access logs to deliver content and maintain security. We treat Framer as our processor for hosting our site.

  • Website analytics: We use privacy-respecting analytics to understand aggregate usage (e.g., page views, referrers, events). If cookies or SDKs are used, they are governed by §5 and consent controls where required.

  • Server logs & telemetry: To ensure reliability and security, we maintain logs (IP, timestamps, user IDs, request metadata). Logs are rotated and retained for limited periods (see §10).

7) Payments (Stripe)

  • We use Stripe to process payments.

  • Stripe typically acts as an independent controller for payment instrument data and fraud prevention. We receive limited information such as transaction status, last4, card brand, and billing details necessary for invoicing and support.

  • Stripe may set cookies/collect device identifiers for fraud detection. See Stripe’s own privacy disclosures for details.

8) How we share information

We do not sell your personal information. We may share with:

  • Service providers (processors): hosting, analytics, communications, ticketing, logging, and security vendors—bound by contract and confidentiality.

  • Payment processors: Stripe (see §7).

  • Corporate transactions: merger, acquisition, or asset transfer (with appropriate safeguards).

  • Legal/compliance: to comply with law, enforce terms, or protect rights/safety.

  • At your direction: e.g., domain registrars, SSL authorities, or integrations you enable.

For California users, see “Do Not Sell or Share” rights in §12.

9) Customer content you host with us

If you host websites/apps with Amplify, you control the content and any personal data contained in it. We process that data solely to provide the hosting service (e.g., store/serve content, run backups, mitigate abuse). You are the controller of that end-user data; Amplify is your processor. See §15 (DPA).

10) Retention

We keep personal data only as long as needed for the purposes in §4:

  • Account data: for the life of your account, then a reasonable period to close out requests and meet legal/financial obligations.

  • Billing/transactions: generally 7–10 years (tax/audit laws may vary).

  • Logs/telemetry: typically 30–180 days, unless needed for security, legal, or debugging purposes.
    When no longer needed, we delete or irreversibly anonymize data.

11) Security

We use administrative, technical, and physical safeguards aligned with industry practice, including encryption in transit, principle of least privilege, access logging, and vulnerability management. No method is 100% secure; please use strong, unique passwords and enable any offered security features.

12) Your rights

A. GDPR (EEA/UK/Switzerland)

Subject to limits under law, you can:

  • Access your data;

  • Correct inaccurate data;

  • Delete your data;

  • Restrict or object to processing;

  • Port data to another provider;

  • Withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with your local supervisory authority.

B. California (CCPA/CPRA)

California residents may:

  • Request to know/access categories and specific pieces of personal information;

  • Request deletion of personal information;

  • Request correction of inaccurate personal information;

  • Request to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising (we do not sell personal info; if we begin cross-context advertising, we will provide a “Do Not Sell or Share” link);

  • Limit use/disclosure of sensitive personal information (we do not use SPI for inferring characteristics).
    We will not discriminate against you for exercising your rights.

Submitting requests: Email support@amplifywebhosting.com. We may verify your identity and, where applicable, accept authorized agent requests with proof of authorization.

13) Children’s privacy

Our services are not directed to children under 16 (or as defined by local law). We do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will take appropriate action.

14) International transfers

We may process data in countries other than yours. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses for EEA/UK transfers) and conduct transfer risk assessments as applicable.

15) Data Processing Addendum (DPA) — Summary

When Amplify processes personal data on your behalf (e.g., hosting your website/app), the following apply:

  • Roles: You are the Controller; Amplify is the Processor (or Sub-Processor where applicable).

  • Instructions: We process only on your documented instructions (Terms + this Policy + your configuration).

  • Confidentiality & security: We ensure personnel confidentiality and implement appropriate technical/organizational measures.

  • Sub-processors: We engage vetted vendors (e.g., infrastructure, Framer hosting, analytics) under written contracts with equivalent protections. We can provide an up-to-date list on request.

  • Assistance: We assist with data subject requests, security incidents, DPIAs, and consultations as required by law.

  • Deletion/return: On termination, we delete or return personal data, subject to legal retention obligations.

  • Audits: We provide information necessary to demonstrate compliance and will cooperate with reasonable audit requests.

  • International transfers: Where applicable, we rely on SCCs and other lawful transfer mechanisms.

If needed, we can provide a separate signed DPA incorporating the EU/UK SCCs.

16) How to contact us

Questions or requests about privacy? Email support@amplifywebhosting.com. If you’re in the EEA/UK and believe we haven’t resolved your concern, you may contact your local supervisory authority.

17) Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. Material changes will be highlighted on this page and, where appropriate, we’ll notify you (e.g., by email or dashboard notice). Please review periodically.