Labs Support
EN SV

Privacy Policy

Last updated: 2026-02-19

TL;DR - Quick summary (not legally binding)

  • Who we are: Cognit Consulting AB, based in Gothenburg, Sweden
  • What we collect: Name, email, job title, usage data - the basics needed to run a SaaS platform
  • Where it's stored: Microsoft Azure, EU only (Sweden and Netherlands). Hetzner, EU only (Germany and Finland) for internal business systems.
  • Who we share with: Azure (hosting), Pendo (app analytics), Sendgrid (email delivery), Hetzner (data center for CRM/support). Website: Rybbit (self-hosted analytics on our own servers - collects anonymous statistics including campaign parameters), MailerLite (newsletters). Optional: AI providers if you actively opt in.
  • Your rights: Access, correct, delete, or port your data. Email info@ampliflow.com - we respond within one month.
  • Cookies: Essential only in the app. The website does not use cookies.
  • Google Ads clicks: If you click one of our ads and then submit a contact form, we store a Google click ID (gclid) for 90 days to measure advertising effectiveness.

⬇ This summary is provided for convenience. Scroll down for the full, legally binding policy.

This Privacy Policy is incorporated by reference into, and forms a part of, our Terms of Service. By using our Services, you agree to be bound by this Privacy Policy and our Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service, the Terms of Service shall prevail to the extent permitted by applicable law.

Who We Are

Cognit Consulting AB

Swedish corporation ID: 559010-4021

Varholmsgatan 2a, 414 74 Göteborg, Sweden

info@ampliflow.com

What Data We Collect

We collect business-related information that you or your company provide to us when using AmpliFlow, including:

  • Name, email, company name, and job title
  • Login/account credentials
  • Usage data (e.g., logs, activity and actions within the platform)
  • Communications with us (e.g., support requests)
  • Marketing preferences

We may also collect data automatically via analytics tools (see the "Cookies and Tracking Technologies" section below).

Additional data collection may occur when you:

  • Register online or place an order for our products or services
  • Complete surveys or provide feedback (including via message boards or email)
  • Enter or upload data into your AmpliFlow account
  • Use or view our website or the SaaS application, which may result in information being gathered through cookies or log data

Cognit Consulting AB will process personal data only as documented in the Terms of Service, this Privacy Policy, and any applicable Data Processing Agreement (DPA), and as otherwise required by law. Cognit Consulting AB is not obliged to accept or act on individual instructions from customers outside of the scope of these agreements.

Log Data

When you use our Service, we automatically collect certain technical and usage information ("Log Data"). This may include:

  • Your computer's IP address
  • Browser type and version
  • Pages visited on our Service
  • Time and date of your visit
  • Time spent on those pages
  • Other usage statistics

We log platform usage with Microsoft Azure Application Insights, Sentry (self-hosted), and Pendo.

Cookies and Tracking Technologies

Cookies are small data files stored on your device. We use cookies and similar technologies to:

  • Remember your preferences
  • Analyze usage patterns
  • Support authentication and security
  • Improve our website and platform experience

On www.ampliflow.com (our website):

The website does not use cookies. Website analytics are handled by Rybbit, a self-hosted, cookieless analytics tool running on our own servers. Rybbit collects anonymous visitor statistics - page views, navigation patterns, outbound link clicks, and campaign parameters (such as UTM tags from ads) - so we can see which content and campaigns visitors find relevant. No personal data is collected and no data is shared with third parties.

On the AmpliFlow SaaS application:

Cookies are strictly necessary for the core platform to function (for example, for authentication and essential security). You cannot refuse these necessary cookies in the SaaS application. If you do not wish to accept these cookies, please discontinue use of the SaaS application.

Types of cookies and tracking used:

  • Essential cookies: Required for authentication, security, and core platform functionality
  • Analytics (app): Microsoft Azure Application Insights, Pendo
  • Analytics (website): Rybbit (self-hosted on our own servers, cookieless - collects anonymous page views, navigation, outbound clicks, campaign parameters such as UTM tags, and JavaScript errors)

How to manage cookies:

The website does not use cookies. For the SaaS application, cookies are necessary for authentication and security and cannot be refused.

How We Use Your Data

We use your personal data to:

  • Provide, manage, and improve the AmpliFlow Service
  • Communicate with you about your account, billing, and support
  • Send marketing communications about our products and services (you can opt out at any time)
  • Comply with legal obligations

We do not sell your personal data.

Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract (providing our service to you or your company)
  • Legitimate interest (improving and securing our service, marketing to business contacts)
  • Legal obligations

Data Storage and Transfers

Your data is stored on cloud and data center infrastructure within the EU/EEA:

  • Microsoft Azure: West Europe (Netherlands) and Sweden Central (Gävle, Sweden). We rely on Microsoft Azure's compliance program (ISO 27001, SOC 1/2/3, GDPR).
  • Hetzner Online GmbH: Data centers in Germany and Finland (EU). Used for internal business systems such as CRM and customer support tools. We have a signed Data Processing Agreement with Hetzner in accordance with GDPR Article 28.

No customer data is transferred outside the EU/EEA. Where third-party sub-processors operate outside the EU/EEA (e.g. optional AI services), appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are applied in line with GDPR requirements.

Data Sharing

We only share potentially sensitive data with service providers who support our platform.

For the website www.ampliflow.com:

  • Rybbit: Self-hosted cookieless analytics running on our own servers (collects anonymous visitor statistics including campaign parameters - no personal data collected)
  • MailerLite: Newsletter delivery

For the SaaS product AmpliFlow:

  • Microsoft Azure: Hosting, security, and log data (via Application Insights)
  • Pendo: Usage analytics to help us improve the service
  • Sendgrid: Email delivery service

For internal business systems (CRM, customer support):

  • Hetzner Online GmbH: Data center infrastructure in Germany and Finland (EU) - hosts our CRM and customer support systems where we store business contact information such as names, email addresses, and communication history

Optional AI and cloud processors:

If you, as a customer, actively opt in to use advanced AI features or integrations, your data may be processed by:

  • OpenAI, LLC
  • Google LLC (Cloud and AI services)
  • Mistral AI
  • Anthropic PBC
  • Additional AI or cloud vendors as specified at the time of opt-in

Authorities:

We may share information with authorities if required by law.

Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the content or privacy practices of these sites. Please review their privacy policies before providing any personal information.

Security

We use commercially acceptable means to protect your personal information, but no internet or electronic storage method is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Our Services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn a child has provided us with personal data, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Your Rights

You or your business representatives have the right to:

  • Access your personal data
  • Correct your personal data
  • Request deletion of personal data (subject to legal requirements)
  • Restrict or object to processing of your personal data (in certain cases)
  • Request transfer of your personal data (data portability)
  • Opt out of marketing at any time

To exercise any of these rights, email us at info@ampliflow.com. We will respond within one month.

Advertising Attribution (Google Ads Click Identifiers)

When you click one of our Google Ads and subsequently submit a contact form on our website, we capture the Google Click Identifier (gclid) parameter from your URL. This identifier is stored alongside your form submission in our database for up to 90 days. We use this to understand which advertising campaigns and keywords lead to genuine business inquiries, so we can allocate our advertising budget responsibly.

We do not share gclid data with third parties beyond uploading matched conversions to Google Ads via their offline conversion import API.

Legal basis: Legitimate interests (measuring advertising effectiveness and ensuring responsible use of advertising budget).

This processing does not involve cookies or client-side tracking - it is purely server-side.

Data Retention

We retain your data as long as you use our Service or as required by law. If you request deletion, we will remove your data within 90 days unless otherwise required.

Changes

We may update this policy. Changes take effect when posted here. The date of the latest update is shown at the top of this page. It is your responsibility to periodically review this Privacy Policy for changes. We will not separately notify you of updates.

Contact

Email: info@ampliflow.com

If you have questions or concerns about this policy or your data, please contact us at the details above.