Privacy Policy

Last updated: February 21, 2026

1. Introduction

Amplify Productivity LLC, a Wyoming limited liability company ("Amplify," "we," "our," or "us"), respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, desktop application, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

(a) Information You Provide

  • Account information (email address, name, password)
  • Profile information (nickname, display preferences, timezone)
  • Onboarding responses (productivity goals, scheduling preferences, work hours)
  • Productivity content you create (calendar events, habits, goals, tasks, journal entries, reminders)
  • Focus and screen-blocking preferences (desktop application)
  • AI chat messages and coaching conversations
  • Contact form submissions and support requests

(b) Information Collected Automatically

  • Device information (browser type, operating system, screen resolution)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Usage information (features used, interaction patterns, session duration)
  • A/B testing variant assignments
  • Performance and error data

(c) Information from Third Parties

  • Google OAuth profile information (name, email, profile picture) when you sign in with Google
  • Google Calendar data (events, calendars) if you enable calendar sync
  • Stripe payment confirmation data (subscription status, billing period) — we never receive your full card number

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain your account
  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions via Stripe
  • Sync your calendar data with Google Calendar (if enabled)
  • Power AI-based personalization, coaching, and natural-language features
  • Store AI conversation memories to improve future interactions
  • Send transactional emails (account verification, password resets, billing receipts, trial reminders)
  • Conduct A/B testing to improve user experience
  • Enforce rate limits and prevent abuse
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns and diagnose technical issues
  • Comply with legal obligations

4. AI-Powered Features

Amplify uses Google's Gemini AI to power coaching, natural-language event creation, and personalized productivity insights. When you use AI features:

  • Data sent to AI: Your profile context (name, preferences), relevant calendar and productivity data, and your chat messages are sent to Google's Generative AI API for processing.
  • Data NOT sent to AI: Your password, payment information, and authentication tokens are never sent to AI services.
  • Memory system: The AI may store conversation summaries and preferences to provide continuity across sessions. You can request deletion of AI memories at any time.
  • No training: Your data sent to Gemini is processed under Google's API terms and is not used to train Google's foundation models.

AI-generated content is for informational purposes only and does not constitute professional advice. For more information about how Google handles API data, see Google's Generative AI Terms of Service.

5. Google Calendar Integration

If you choose to connect your Google Calendar, the following applies:

  • We use Google OAuth 2.0 to request permission to read and write to your Google Calendar.
  • OAuth access and refresh tokens are stored securely in our database to maintain the connection.
  • We store your Google profile information (name, email, profile picture) for display purposes.
  • Calendar events are synced between Amplify and your Google Calendar based on your sync settings.
  • You can disconnect Google Calendar at any time from your account settings, which revokes our access and deletes stored tokens.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

6. Payment Information

Payment processing is handled entirely by Stripe. We do not receive, store, or process your credit card numbers, bank account details, or other sensitive payment credentials.

What we do store:

  • Stripe customer ID and subscription ID
  • Subscription status (active, cancelled, past due, trialing)
  • Billing period dates (current period start and end)
  • Plan type and pricing tier
  • Payment event history (successful payments, failures, cancellations) for billing support

For information on how Stripe handles your payment data, see Stripe's Privacy Policy.

7. Cookies and Tracking Technologies

We use the following cookies and local storage technologies:

  • Supabase authentication cookies: Essential session cookies to keep you signed in. These are strictly necessary and cannot be disabled.
  • A/B testing cookie (ab_landing-cta): Stores your assigned variant for landing page experiments. Expires after 1 year.
  • localStorage: Used to store user preferences (theme, view settings, sidebar state) locally on your device for performance.

We do not use third-party advertising trackers or sell data to ad networks. You can clear cookies and localStorage through your browser settings, though this may require you to sign in again.

8. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following service providers who process it on our behalf:

  • Supabase — Database hosting, authentication, and real-time data services
  • Stripe — Payment processing and subscription management
  • Google (Gemini API) — AI-powered features and natural language processing
  • Google (Calendar API & OAuth) — Calendar synchronization and authentication
  • Vercel — Application hosting and serverless function execution
  • Resend — Transactional email delivery

We may also disclose your information if required to:

  • Comply with applicable law, regulation, or legal process
  • Protect the rights, property, or safety of Amplify, our users, or the public
  • Enforce our Terms of Service
  • Detect, prevent, or address fraud, security, or technical issues

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your data becomes subject to a different privacy policy.

9. Data Retention

We retain your information for the following periods:

  • Active account data (events, habits, tasks, preferences): Retained for the duration of your account.
  • Billing and payment records: Retained for 7 years after your last transaction for tax and legal compliance.
  • Server logs: Automatically deleted after 90 days.
  • Contact form submissions: Retained for up to 2 years.
  • Post-account deletion: After you delete your account, we purge your personal data within 30 days. Anonymized, aggregated data may be retained indefinitely for analytics.

10. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
  • Encryption at rest: Data stored in our database is encrypted using AES-256 encryption via Supabase.
  • Password security: Passwords are hashed using bcrypt and are never stored in plaintext.
  • Row-Level Security (RLS): Database policies ensure users can only access their own data.
  • Rate limiting: API endpoints are protected against abuse with rate limiting.
  • Security headers: HTTP security headers are configured to prevent common web vulnerabilities.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. If we become aware of a security breach that affects your personal data, we will notify affected users and relevant authorities as required by applicable law.

11. International Data Transfers

Amplify is based in the United States. Our primary data infrastructure (Supabase, Vercel) is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate transfer mechanisms to ensure adequate protection for your data. Our sub-processors maintain their own compliance with international data transfer requirements.

12. Your Privacy Rights

General Rights

Regardless of your location, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing

Additional Rights for EEA/UK Residents (GDPR)

If you are located in the EEA or UK, you additionally have the right to:

  • Object to processing based on legitimate interests (Article 21)
  • Restrict processing of your data (Article 18)
  • Not be subject to automated decision-making with legal effects (Article 22)
  • Lodge a complaint with your local data protection authority

Our legal bases for processing your data include:

  • Contract performance: Processing necessary to provide the Service you requested
  • Consent: Where you have given specific consent (e.g., AI features, Google Calendar sync)
  • Legitimate interests: Analytics, security, and service improvement, balanced against your rights
  • Legal obligation: Tax records, fraud prevention, and compliance requirements

California Residents (CCPA-Aligned)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information — we do not sell your personal information
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@amplifyproductivity.com. We will respond to verified requests within 30 days (or 45 days if an extension is needed, with notice).

13. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@amplifyproductivity.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice by posting the updated policy on the Service, updating the "Last updated" date, and — where feasible — sending an email notification. Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.

15. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us: