Privacy Policy

Last updated: February 4, 2026

This Privacy Policy describes how Amnify GmbH ("Amnify", "we", "us", or "our") collects, uses, and protects your personal information when you visit our website (amnify.ai) and use our cloud security services ("Services"). This Privacy Policy should be read in conjunction with our Terms of Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. We comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

Amnify GmbH
Kesselstraße 3
40221 Düsseldorf, Germany
Email: info@amnify.ai

2. Information We Collect

2.1 Information You Provide

When you register for an account, contact us, or use our Services, you may provide us with:

  • Account information: name, email address, company name
  • Billing information: For credit card payments, billing details are collected and processed directly by Stripe, Inc. For invoice payments, we collect company name and address for invoicing purposes.
  • Communications: emails, support requests, feedback you send to us
  • Content: data you upload or process through our Services

2.2 Information Collected Automatically

Our website is hosted on Cloudflare Pages. We do not use any analytics or tracking tools on our website or application. However, our hosting provider (Cloudflare) may collect the following information for security and operational purposes:

  • IP address (for security and DDoS protection)
  • Anonymized and aggregated analytics (number of visits, country, browser type, operating system)

This information is processed by Cloudflare to ensure the proper functioning and security of our website. Cloudflare's analytics are privacy-preserving and do not use cookies or persistent identifiers to track individual users. For more information, see Cloudflare's Privacy Policy.

2.3 Customer Data

When you use our cloud security Services, you may provide us access to data from your cloud infrastructure for analysis and security scanning purposes ("Customer Data"). We process this data solely to provide the Services to you and do not use it for any other purpose.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To provide and maintain our Services
  • To process your registration and manage your account
  • To communicate with you about your account and respond to inquiries
  • To process payments and billing
  • To send important notices, such as changes to our Terms or this Privacy Policy
  • To improve and optimize our Services
  • To ensure the security and integrity of our Services
  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide our Services and fulfill our contractual obligations to you.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate business interests, such as improving our Services, ensuring security, and preventing fraud.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with legal requirements.
  • Consent (Art. 6(1)(a) GDPR): Where you have given consent for specific processing activities, such as marketing communications.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

5.1 Service Providers (Subprocessors)

We use third-party service providers to help us operate our business and provide our Services. These providers process data on our behalf and are contractually obligated to protect your data. Our current subprocessors include:

  • Clerk, Inc. - Authentication services for user login and account management (Privacy Policy)
  • Cloudflare, Inc. - Website hosting and security (Privacy Policy)
  • Stripe, Inc. - Payment processing for credit card payments (Privacy Policy)
  • Web3Forms - Contact form processing for demo requests on our website (Privacy Policy)
  • Cloud infrastructure providers - For hosting our application and processing Customer Data within the EU

A complete and up-to-date list of our subprocessors is available upon request by contacting info@amnify.ai.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If Amnify is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.

6. Data Location and Security

6.1 Data Location

Our primary data infrastructure is located within the European Union. Your data is processed and stored in EU data centers to ensure compliance with GDPR and other European data protection regulations.

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of data at rest
  • Regular security assessments and monitoring
  • Access controls and authentication mechanisms
  • Regular backups and redundancy systems

7. Staff Access to Customer Data

Our staff may access your data only in limited circumstances:

  • To assist you with support requests (with your express consent)
  • When an automated process encounters an error and requires manual intervention
  • To ensure the security of your data and our Services (reviewing logs and metadata)
  • When required by applicable law

All staff access is logged and monitored, and our employees are bound by confidentiality obligations.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Retained while your account is active and for a reasonable period afterward to comply with legal obligations.
  • Customer Data: Deleted within 30 days of account termination or upon your request.
  • Server logs: Automatically deleted after a reasonable period necessary for security and operational purposes.
  • Billing records: Retained as required by tax and accounting laws.

9. Cookies and Tracking Technologies

We do not use analytics cookies or tracking technologies on our website. We do not use services like Google Analytics or similar tracking tools.

Our hosting provider (Cloudflare) may set strictly necessary cookies for security purposes, such as bot detection and DDoS protection. These cookies are classified as "strictly necessary" under GDPR and do not require consent as they are essential for the secure operation of the website.

You can control cookies through your browser settings. For more information about Cloudflare's cookies, see Cloudflare's Cookie Policy.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You can request information about the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your personal data under certain circumstances.
  • Right to restrict processing (Art. 18 GDPR): You can request limitation of processing under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You can request your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at info@amnify.ai. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

11. Data Export

You may request an export of your data at any time by contacting our support team at info@amnify.ai. We will provide your data in a commonly used, machine-readable format within a reasonable timeframe.

12. International Data Transfers

Our primary data processing takes place within the European Union. If we need to transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries with an adequacy decision.

13. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the date at the top of this policy and, where appropriate, by sending you an email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: info@amnify.ai
Address: Amnify GmbH, Kesselstraße 3, 40221 Düsseldorf, Germany

This Privacy Policy was published on February 4, 2026.