Your Data, Protected by Design
This page explains how AmpliFlow protects your personal data β in plain language, not legal jargon. For binding terms, see the Privacy Policy.
Last updated: 2026-02-10
Privacy Is Not a Checkbox
Data protection is built into how AmpliFlow works β not bolted on afterward.
EU-only hosting by default. Minimal data collection. Transparency about every sub-processor. A Data Processing Agreement with every subscription. These are not policies we wrote to comply β they are decisions we made because protecting your data is fundamental to a management system you can trust.
Your Data's Journey
Follow your data from browser to secure EU storage. Click each step to see the security measures protecting your information at every stage.
Your Data Stays in the EU
Click a location to see details
Map data Β© SimpleMaps.com
How We Protect Your Data
Six pillars of data protection built into every AmpliFlow subscription.
EU-Only Hosting
All customer data is stored on Microsoft Azure in Sweden Central (GΓ€vle) and West Europe (Netherlands). No data leaves the EU/EEA.
Encryption
AES-256 encryption at rest. TLS 1.2+ for all data in transit. Every connection to AmpliFlow is encrypted.
Data Subject Rights
Access, correct, delete, restrict, port, and object β all your rights under GDPR. Contact info@ampliflow.com and we respond within one month.
Sub-Processor Transparency
Limited sub-processors: Microsoft Azure, Pendo, Sendgrid, and optional AI providers (opt-in only). Customers are notified of changes and can object.
Breach Notification
24-hour contractual notification commitment. Includes what happened, what data was affected, and what steps are being taken.
Data Portability
Full data export available at subscription end. Your data is yours β before, during, and after your subscription.
Our Sub-Processors
Full transparency about who handles your data β and where.
AmpliFlow App
Marketing website (ampliflow.se / ampliflow.com)
Data Processing Agreement
When your organization uses AmpliFlow, you are the data controller β you decide what personal data enters the system and why. AmpliFlow (operated by Cognit Consulting AB) is the data processor β we process that data on your behalf, strictly according to your instructions and GDPR requirements.
A Data Processing Agreement (DPA) defines each party's responsibilities: what data is processed, how it is protected, and what happens if something goes wrong. AmpliFlow provides a DPA as part of every subscription agreement β no add-on, no extra cost.
In practice, this means your organization stays in control. We handle your data according to the rules you and GDPR set.
Need a DPA? Contact us and we'll sort it out!
Your Data Belongs to You
Full data export is available at the end of your subscription. We export all your data in JSON format (structured data) plus original files (attachments you've uploaded). After confirmed receipt, your data is deleted from our systems and you receive a deletion certificate.
Your data belongs to you β before, during, and after your subscription.
We charge a fee for the export as the process still requires some manual handling. We're actively working to automate this and continuously reduce the cost.
Check Your GDPR Readiness
Answer 7 quick questions to see how your current management system stacks up against core GDPR requirements β and where AmpliFlow can help.
Is Your Management System GDPR-Ready?
Answer 7 questions to see how well your current solution meets GDPR requirements.
Frequently Asked Questions
What personal data does AmpliFlow process?
Names, email addresses, and usage data as described in our Privacy Policy. The specific categories depend on how your organization uses the service.
Where is my data stored?
EU only β Microsoft Azure Sweden Central (GΓ€vle) and West Europe (Netherlands). No customer data is transferred outside the EU/EEA. If you opt into AI features, those providers may process data outside the EU with Standard Contractual Clauses (SCCs) in place.
Why not store all data in Sweden only?
We distribute data across two EU regions (Sweden and the Netherlands) for geopolitical risk diversification. If one region faces political instability, natural disaster, or regulatory changes, your data remains accessible from the other. Both locations are within the EU/EEA so GDPR applies equally. For enterprise customers who require it, we can set up a fully Swedish sealed solution at Swedish infrastructure partner datacenters β contact us to discuss.
How do I exercise my data subject rights?
Email info@ampliflow.com with your request. We respond within one month, as required by GDPR.
What happens to my data when I cancel?
Full data export is available so you can retrieve your information. After export, your data is deleted from our systems. Specifics β including timelines and format β are covered in the Terms of Service.
Is a DPA included?
Yes. A Data Processing Agreement is included with every subscription agreement. It defines responsibilities, data categories, security measures, and breach notification procedures.
Do you transfer data outside the EU?
No β except for optional AI features that you explicitly opt into. When AI features process data outside the EU/EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) are applied.
Does the website collect data?
This website (ampliflow.se / ampliflow.com) uses Rybbit β a self-hosted, open-source analytics platform running on our own servers. It collects anonymous visitor statistics without cookies and without personal data. We track page views, navigation patterns, outbound link clicks, campaign parameters (such as UTM tags from ads), and JavaScript errors β so we can see which content and campaigns visitors find relevant. No data leaves our servers for analytics purposes.
Questions About Data Protection?
If you have questions about how AmpliFlow handles your data, need a copy of our DPA, or want to exercise your data subject rights β we're here to help.
Email: info@ampliflow.com