Privacy Policy
Last Updated: June 2026
1. Introduction
Welcome to Amplycom. This Privacy Policy explains how Liljeforce AB ("we," "us," or "our") collects, uses, and protects your personal information when you use our AI-powered B2B outreach platform (the "Service").
Important: Amplycom is currently in development and available only to manually onboarded users. Features and data practices may evolve as we develop the platform. We will provide notice of material changes to this Privacy Policy.
By using Amplycom, you confirm that you are at least 18 years old and agree to the data practices described in this policy.
2. Data Controller
Liljeforce AB
Organization Number: 559211-3186
Address: Grundtvigsgatan 39, c/o Liljefors, 16848 Bromma, Sweden
Contact:
General inquiries: support@amplycom.com
Privacy matters: privacy@amplycom.com
3. What Data We Collect
We collect and process the following categories of personal information:
3.1 Account Information
- Email address
- Name
- Job title
- Organization name and details
- Role and permissions within the platform
- Account preferences and settings
3.2 Organization & Business Data
- Organization description and domain
- Ideal customer profile (ICP)
- Offering description and unique selling points
- AI-generated research about your business
3.3 CRM Data
- Company Records: Company names, industries, size, locations, websites, LinkedIn profiles, keywords, descriptions
- Contact Records: First and last names, email addresses, phone numbers, job titles, LinkedIn profiles, engagement status
- Interaction History: Notes, calls, meetings, tasks, and other activities you log
3.4 Email Communications
- Email subject lines and body content
- Sender, recipient, and CC information
- Email attachments
- Email thread identifiers
- Timestamps and open, reply, and delivery status
- Important: How much of your incoming email we store depends on each mailbox's sync mode (see Section 4 below)
3.5 Email Account Connection Data
- Email service provider (Gmail, Outlook, etc.)
- Connection status and authentication tokens
- Email account identifiers (managed by Nylas)
3.6 AI Research Data
- AI-generated research on companies and contacts
- Industry trends and news summaries
- Research timestamps and confidence scores
- Cached research results (automatically refreshed periodically)
3.7 Usage and Technical Data
- Audit logs of system actions
- Activity timestamps
- Authentication session data
- Feature usage information
3.8 Payment & Billing Information
- Subscription status, plan, and number of paid seats
- Billing references (Stripe customer and subscription identifiers)
If you subscribe to a paid plan, payment is handled by Stripe on Stripe-hosted pages. Your billing name, address, VAT or tax ID, and card details are collected and stored by Stripe, not by us. We never see or store your card number. In our own database we keep only your subscription status, seat count, and Stripe reference IDs. See Section 8.
4. Email Integration & Sync Modes
Amplycom connects to your email through Nylas (our email infrastructure provider) to send, receive, and organize messages. How much of your incoming email we store depends on the sync mode you choose for each connected mailbox.
4.1 Selective and Full Sync
Each mailbox you connect runs in one of two modes:
- Selective sync (the default for personal mailboxes): We store only emails involving the contacts in your CRM. Emails from senders who are not in your CRM are filtered out and not saved to our database; they remain only in your regular email inbox.
- Full sync (used for shared team mailboxes, and optional for personal mailboxes): We store all incoming email to that mailbox so it can be managed inside Amplycom, including messages from senders who are not in your CRM. You choose whether to turn this on for a personal mailbox. Shared mailboxes, such as a team support address, use full sync by design.
You can see and change the sync mode for each connected mailbox in your account settings.
4.2 Privacy Protections
We apply privacy-by-design measures across email processing:
- Minimal logging: we do not log email bodies, subjects, or sender addresses
- Encryption: all email data is encrypted in transit using TLS/HTTPS
- Verification: webhook communications are cryptographically verified
- For selective-sync mailboxes, emails from non-CRM senders are identified and discarded at the earliest stage, without storage
4.3 AI Analysis of Incoming Email
For incoming emails that we store, our AI reads the subject and body to sort the message by what it is about (for example sales, support, or an ongoing conversation) and to decide whether a reply is worth drafting for your review. This analysis is performed by Google Gemini (see Section 7). We do not send the sender's or recipient's email address to the AI for this step, and nothing is sent on your behalf without your approval.
4.4 Shared Mailboxes
If you connect a shared mailbox (such as a team support or info address), the emails stored for that mailbox are visible to the members of your organization so they can handle them together. Only connect a shared mailbox if you intend your team to have access to its messages.
4.5 Email Engagement Tracking
When you send emails through Amplycom, we track engagement signals to help you understand how your outreach performs.
- What We Track: whether an email was opened and when it was first opened, whether a reply was received, and whether the email bounced (could not be delivered)
- What We Don't Track: multiple opens, location data, device information, or reading behavior beyond the first open
- Purpose: to give you engagement analytics and to protect your sending reputation by pausing outreach to addresses that bounce
This is standard practice for B2B communication platforms.
4.6 Platform Limitations
Due to how email webhook systems work (standard industry practice for B2B platforms), incoming email notifications pass through our infrastructure with their full content before any filtering. For selective-sync mailboxes, emails from non-CRM senders are discarded at this stage and never stored, logged, or displayed in Amplycom.
5. How We Use Your Data
We use your personal information for the following purposes:
- Provide the Service: To operate Amplycom, manage your account, and deliver CRM and outreach features
- AI Research: To conduct automated research on companies and contacts in your CRM using Google Gemini AI
- Email Generation: To generate personalized email content based on research insights and your communication preferences
- Lead Qualification: To score and categorize leads based on engagement signals and AI evaluation
- Communication Management: To track email communications, engagement history, and conversation threads
- Service Notifications: To send you service-related updates and information about new features
- Improve Our Service: To analyze usage patterns, fix bugs, and develop new features
- Security & Compliance: To protect against fraud, abuse, and security threats
6. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Consent: When you connect your email account, enable AI communication features, or grant specific permissions
- Contractual Necessity: To provide the Service you have signed up for and to fulfill our obligations to you
- Legitimate Interests: To improve our Service, ensure security, prevent fraud, provide email engagement analytics (open tracking), and conduct business analytics (balanced against your privacy rights)
7. AI Processing
Amplycom uses Google Gemini AI to power research, content generation, classification, and decision-making features:
- Research Agent: Analyzes company websites, news, and industry information
- Content Agent: Generates personalized email content based on research and your preferences
- Decision Agent: Evaluates outreach timing, lead qualification, and engagement signals
- Intent Classifier: Reads the subject and body of incoming emails to sort them by topic and decide whether a reply is worth drafting (see Section 4.3)
- Knowledge Agent: Learns from your edits to AI drafts so future drafts better match your business and writing style
AI Data Usage:We use the paid tier of the Google Gemini API (Google AI Studio). Under this paid tier, Google does not use your prompts or responses to train or improve its models, and processes your data as our data processor under Google's Data Processing Addendum. Research results are cached in our database and automatically refreshed periodically (typically every 10 days) to keep insights current.
8. Data Sharing & Third-Party Services
We share your data only with trusted service providers necessary to operate Amplycom. We do not sell your personal information to third parties.
8.1 Service Providers (Subprocessors)
- Supabase (EU - Stockholm): Database hosting and user authentication
- Google Gemini AI (USA): AI-powered research, content generation, email classification, and decision-making
- Nylas (USA): Email service integration and email account management
- Stripe (USA): Payment processing and subscription billing
- Vercel (USA): Application hosting and infrastructure
All service providers are SOC2 and/or GDPR compliant, and we have appropriate data processing agreements in place.
8.2 Legal Disclosures
We may disclose personal information if required by law, legal process, or government request, or if necessary to protect our rights, users, or the public.
9. International Data Transfers
Your primary data is stored in the EU (Stockholm, Sweden) via Supabase. However, some service providers (Google Gemini AI, Nylas, Vercel) may process data in the United States or other jurisdictions.
For transfers outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and service provider commitments to GDPR compliance mechanisms.
10. Data Retention
We retain your personal data as follows:
- Active Account Data: Retained while your account is active and for a reasonable period thereafter
- Research Data: Cached with periodic refresh cycles; older research may be automatically replaced with updated findings
- Email Communications & Attachments: Retained until you delete them or close your account
- Deleted Accounts: Data is removed within a reasonable timeframe following account deletion (see Section 11)
11. Account Deletion
To protect against accidental data loss, account and organization deletion is handled by our support team rather than a self-service button in the app. When you ask us to delete your account, we help you export your data, transfer ownership of your contacts and companies to another team member where needed, and then permanently delete your account.
To start, email us at privacy@amplycom.com or support@amplycom.com. We process deletion requests within a reasonable timeframe. Some data may be retained where required for legal or compliance reasons, and any data we keep for analytics is anonymized.
12. Your Rights Under GDPR
As an EU data subject, you have the following rights:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Data Portability: Request your data in a machine-readable format
- Right to Restrict Processing: Request that we limit how we use your data
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for processing where we rely on consent
To exercise any of these rights, contact us at privacy@amplycom.com. We will respond within a reasonable timeframe.
You also have the right to lodge a complaint with your local data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY): www.imy.se
13. Data Security
We implement industry-standard security measures to protect your personal data:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest (database encryption)
- Webhook signature verification for email integrations
- Role-based access control and permission management
- Multi-tenant data isolation (organization-level segregation)
- SOC2-compliant infrastructure providers
- Automated monitoring for unusual account and email-sending activity
- Regular security monitoring and updates
While we strive to protect your data, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.
14. Cookies & Tracking
Amplycom uses essential cookies necessary for authentication and session management. We do not use third-party tracking cookies or analytics cookies. Session cookies are automatically deleted when you log out or close your browser.
15. Beta & Development Status
Amplycom is currently in development and available only to manually onboarded users. During this period:
- Features and functionality may change without advance notice
- Data practices may evolve as we refine the platform
- We may add new service providers or capabilities
- Material changes to privacy practices will be communicated
By using Amplycom during this development phase, you acknowledge that the Service is under active development.
16. Age Restrictions
Amplycom is intended for business use by individuals 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete it.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. The "Last Updated" date at the top of this policy indicates when it was last revised.
Continued use of Amplycom after changes become effective constitutes acceptance of the updated Privacy Policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email:
General: support@amplycom.com
Privacy: privacy@amplycom.com
Postal Address:
Liljeforce AB
Grundtvigsgatan 39, c/o Liljefors
16848 Bromma
Sweden
Liljeforce AB is committed to protecting your privacy and handling your data with transparency and care.