Last updated: April 21, 2026

Privacy Policy

This Privacy Policy explains how AmpVorlo ("we," "us," or "our"), operated via ampvorlo.com, collects, uses, and protects your personal data when you use our website and services. We are committed to protecting your privacy and being transparent about our data practices.

By using AmpVorlo, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, and password when you create an account.
  • Profile information: avatar image and Instagram username if you choose to connect your Instagram account.
  • Payment information: billing details processed through our payment provider LiqPay. We do not store your full credit card number on our servers.
  • Communications: any information you provide when contacting us for support.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, download history, and interaction patterns.
  • Device and browser data: IP address, browser type, operating system, device identifiers, and screen resolution.
  • Cookies and similar technologies: see our Cookie Policy for details.
  • Session data: login timestamps, session duration, and authentication tokens (including passkey/WebAuthn credentials).

1.3 Information from Third Parties

  • Social platforms (Instagram, Facebook, X/Twitter, TikTok, Pinterest, LinkedIn, YouTube, Threads, Mastodon, Bluesky): when you connect a social account via OAuth, we receive your profile information and an access token to publish content on your behalf. We do not store your social platform passwords.
  • Pinterest: when you connect your Pinterest account, we access your boards solely to enable pin creation and scheduling. We do NOT store any Pinterest data — all information is fetched from the Pinterest API in real-time. We use the Pinterest API in accordance with Pinterest's Developer Guidelines.
  • Payment provider (LiqPay): transaction confirmations and billing status.

1.4 Pinterest API Data Usage

  • No data storage: We do not store, cache, or persist any data retrieved from the Pinterest API.
  • No data sharing: We do not share, sell, or provide Pinterest API data to any third parties.
  • No data combining: We do not combine Pinterest data with data from other sources.
  • Explicit consent: Every action taken on your Pinterest account requires your explicit initiation.
  • Access revocation: You may disconnect your Pinterest account at any time through your Social Accounts settings.

2. How We Use Your Information

  • To provide, maintain, and improve our services.
  • To create and manage your account and authenticate your identity.
  • To process payments and manage your subscription.
  • To send you service-related communications.
  • To monitor usage patterns and enforce usage limits based on your plan.
  • To detect and prevent fraud, abuse, and security threats.
  • To comply with legal obligations.

3. Legal Basis for Processing (GDPR)

  • Performance of a contract: processing necessary to provide you with our services.
  • Legitimate interests: improving our services, preventing fraud, and ensuring security.
  • Consent: where you have given explicit consent, such as for non-essential cookies.
  • Legal obligation: processing required to comply with applicable laws.

4. Data Sharing and Third-Party Services

We do not sell your personal data. We may share data with the following categories of service providers:

  • LiqPay (payment processing) — processes your payment information securely. See LiqPay User Agreement, Personal Data Policy, and Terms of Service.
  • Cloudinary (image hosting) — stores user avatar images on our behalf.
  • Hosting providers: our servers and infrastructure providers.
  • Email delivery services: for sending transactional emails.

4.1 Law Enforcement and Government Requests

  • Legality review: Every request from a public authority is reviewed to verify it is legally valid and properly authorized. We do not disclose user data in response to informal requests.
  • Right to challenge: If a request appears unlawful, we will, where legally permitted, challenge or seek to narrow it.
  • Data minimisation: When legally required to disclose user data, we disclose only the minimum information specifically requested.
  • Documentation: We maintain an internal record of all requests for user data from public authorities.
  • User notification: Where not prohibited by law, we endeavour to notify affected users of government requests.
  • Transparency: We do not provide governments with direct, unrestricted, or bulk access to user data.

5. Third-Party Trademark Disclaimer

AmpVorlo is an independent service and is not endorsed by, affiliated with, or sponsored by any of the following platforms: Pinterest, Instagram, Facebook (Meta), X (Twitter), TikTok, LinkedIn, YouTube (Google), Threads (Meta), Mastodon, or Bluesky. All trademarks belong to their respective owners.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data from the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Retention

  • Account data: retained until you delete your account, then removed within 30 days.
  • Usage logs (IP addresses, action history): automatically deleted after 90 days.
  • Session data: automatically deleted after 90 days of inactivity.
  • Bookmarks: retained until you delete them or your account.
  • Payment records: retained for the period required by applicable tax and accounting laws.

8. Your Rights

8.1 Rights for All Users

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Object to certain types of processing.

8.2 Additional Rights for EEA Users (GDPR)

  • Data portability: receive your data in a structured, machine-readable format.
  • Restrict processing: request that we limit how we use your data.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time.
  • Lodge a complaint: with your local data protection authority.

8.3 Rights for California Residents (CCPA)

  • Right to know: what personal information we collect, use, and disclose.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out: of the sale of personal information. We do not sell your personal information.
  • Right to non-discrimination: we will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at support@ampvorlo.com. We will respond within 30 days.

9. Children's Privacy

AmpVorlo is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16.

10. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and secure session management (including passkey/WebAuthn support).

11. Data Breach Notification

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33).
  • Notify affected users without undue delay when the breach is likely to result in high risk (GDPR Art. 34).
  • Provide details of the nature of the breach and measures taken.
  • For California residents, we will notify you in accordance with California Civil Code §1798.82.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page.

13. Contact Us

Note: This Privacy Policy is provided for informational purposes and is designed to be compliant with GDPR, CCPA, and general international privacy standards.

enuk