Security and privacy come first
Amplitude safeguards your data and your customers with comprehensive and transparent programs.
Trust starts with transparency
Amplitude provides a secure and compliant platform for customers around the globe. Learn more in our .
Privacy by Design
Protect your data end-to-end with Amplitude.
We give you full control over the data you collect and how it is shared. And we’ve built our platform with privacy in mind to enable your compliance with GDPR, CCPA, and other privacy regulations that impact your business.
Product Capabilities
Control how long event data lives in your Amplitude instance with our Time to Live functionality.
Empower your organization to efficiently delete data while maintaining data trust, privacy, and security.
Easily retrieve user data to comply with data subject access requests.
Manage ingestion of unexpected Personally Identifiable Information.
Prevent the storage of IP addresses in Amplitude.
Precisely manage who sees what data with granular access controls.
Our Privacy Principles
1
Your privacy and the privacy of your user’s data is our priority
We built the Amplitude platform to protect your data. We partner closely with customers to understand their privacy use cases so we can deliver capabilities that meet their needs.
2
Our goal is to make it easy for you to be compliant
We are committed to providing a platform our customers can use in a data-responsible manner. With constantly evolving privacy laws, we give you the flexibility to adjust quickly and remain compliant.
3
Amplitude provides you with tools to be in control of your data
We believe customers should always have the agency to control how their data is used across Amplitude’s platform.
4
We prioritize data protection through technology design
Our privacy program is based on privacy-by-design principles. We take a proactive, innovative, and user-centric approach to building privacy capabilities.
Compliance with Privacy Laws
We know that global privacy regulations and data protection requirements are constantly evolving. You can trust that Amplitude is focused on meeting your privacy compliance needs, including GDPR, CCPA, and HIPAA.
Amplitude’s privacy team has reviewed our architecture, data flows, vendor capabilities, and agreements to ensure that our platform is GDPR compliant. Amplitude’s Digital Analytics Platform does not directly interact with our customers’ end users, nor does the platform collect personal data on your behalf. However, our customers might collect and send personal data to Amplitude for processing (e.g., IP address) and, as a result, Amplitude has implemented procedures and upgrades for our customers to remain privacy regulation compliant.
Specifically, we provide our customers with APIs to automatically serve their end-user Access and Deletion requests as detailed below.
- Amplitude is self-certified under the EU-US Data Privacy Framework (DPF) and the UK Extension to the EU-US DPF, as administered by the U.S. Department of Commerce. This certification provides a lawful mechanism for the transfer of personal data from the United Kingdom, EU, and EEA to our US-West-based AWS environment. As an additional fallback transfer mechanism, Amplitude’s Data Processing Agreements (DPAs) incorporate the EU Standard Contractual Clauses (SCCs). On July 16, 2020, the Court of Justice of the European Union (CJEU) determined that the EU SCCs will continue to be a valid transfer mechanism for Personal Data from the EU to the United States.
- Amplitude has signed Data Processing Agreements with our key vendors.
- Amplitude’s SDKs give customers the flexibility to control what data they choose to collect and send to our platform for processing and storage. Our customers, not Amplitude, control the type of data that is collected, stored, and processed in the platform. is a full summary of the data keys Amplitude recognizes. Unless otherwise noted, all fields are optional and no personal data is required to use our core functionality.
- Amplitude has built advanced features that will allow customers to remove a specific individual’s information from the platform or instruct the platform not to store end-user IP Addresses.
We build our platform to enable data analytics with privacy in mind, and that includes ensuring your compliance with the California Consumer Privacy Act (CCPA) and the growing framework of other US State privacy laws.
As a first-party data analytics platform, you have complete control over the data you collect and send to Amplitude and the actions you choose to take. We only act as a service provider, storing and processing your data according to your instructions. Amplitude does not use customer data for our own purposes and we do not sell or share your data.
We’ve developed features and tools to help you easily manage your data and execute data subject requests, whether or requests. Our sets out our role as a Service Provider, to provide you assurance that your use of our platform meets your CCPA and other US privacy law compliance needs.
For our customers that are covered entities or business associates under the Health Insurance Portability and Accountability Act (HIPAA), we recognize that the protection of protected health information is of paramount importance. Amplitude can enter a Business Associates Agreement to help you maintain your HIPAA compliance.
Amplitude maintains data centers hosted by AWS in the US and in the EU so that our diverse customer base can utilize our Digital Analytics Platform while meeting their data storage and processing preferences and needs. We chose Frankfurt, Germany for our EU data center because it has some of the most stringent privacy and technology standards in the world.
AWS’ data centers are data neutral and agnostic, compliant with privacy regulations including General Data Privacy Regulations (GDPR) and certified in ISO 27001 and SOC 2 Type II.
To enable our customers to appropriately respond to and comply with data subject requests as required by global privacy laws such as the GDPR and CCPA, we have built easy-to-use APIs so you can programmatically submit data subject requests for known Amplitude IDs and/or Users IDs. You can find more details on our User Privacy API for data subject deletion requests . More details on our API for Data Subject Access Requests under the GDPR and Right to Know Requests under the CCPA can be found .
Trust in Amplitude AI
Amplitude AI is built with the same commitment to privacy, transparency, and control that underpins our entire platform.
Amplitude is infusing AI across its products to make it faster and easier for teams to get insights and take action. Our key AI features currently include , a natural language interface that lets anyone query data conversationally; , which helps ensure data quality and governance; , which helps you understand how your brand is performing in AI searches, , which allows you to create new event and user properties retroactively, based on functions and operators that you can apply across multiple existing properties, AI summaries, which generate summaries and insights related to user sessions and surveys, and Automated Insights which works like an expert analyst and proactively queries your data to figure out what's causing a change in your data. We’ve also introduced that act as AI specialists who can leverage Amplitude functionality and your data to drive insights and outcomes, and , which will transform unstructured customer feedback into actionable themes. In addition to these keynote capabilities, Amplitude has embedded AI-enhanced functionality throughout the platform, helping customers to streamline workflows and accelerate analysis and insights.
These features are powered by our trusted AI partners, which you can find listed .
No. Amplitude contractually prohibits our AI partners from using your data to train or improve their models.
Yes, you can opt out at any time. Opting out will disable all Amplitude’s AI capabilities that are powered by third party AI partners for your organization. Contact your Amplitude account team to opt out.
Currently, Amplitude AI features use models selected and managed by Amplitude (listed ), and customers can’t switch to a different model or provider within those features.
That said, we offer an that gives customers more flexibility. With MCP, you can connect your own MCP-compatible application (such as Claude, OpenAI or Github) directly to Amplitude. Once connected, your chosen model can work with your Amplitude data to power private, in-context workflows, all running on infrastructure you control.
Amplitude has embedded AI-enhanced functionality throughout the platform to help customers streamline workflows and accelerate analysis. Because these AI capabilities operate across the product, any data that a customer has submitted to its Amplitude account could potentially be included as input to, or output from, an AI feature, depending on how the customer chooses to use the feature.
However, it is important to note that Amplitude’s AI partners never use customer data to train their models, and no customer data is retained by any AI partner outside of Amplitude’s secure AWS environment. Moreover, subject to the restrictions on sensitive data set forth in Amplitude’s terms, customers are in full control of determining what data they choose to submit to the Amplitude services, and most customers choose to only send anonymous/ pseudonymous data to Amplitude.
Amplitude applies the same enterprise-grade security, privacy, and governance controls to Amplitude’s AI features that we use across the rest of the platform. All our AI partners sign enterprise-level agreements with Amplitude and must meet security measures at least as protective as our own.
For features powered by AWS Bedrock, your customer data does not leave our secure AWS environment, and the model providers themselves do not access or receive your data. Your data remains within AWS and under AWS’s security controls.
For workflows that leverage OpenAI, we use OpenAI’s Zero Data Retention endpoints for applicable use cases, ensuring OpenAI does not retain your data after processing.
For workflows that leverage Google's generative AI, we use Google's Zero Data Retention features whenever possible, and in no circumstance will your data retained by Google for longer than forty-eight hours.
Under no circumstance will any AI partner use your data to train or improve their models.
Yes, Amplitude's AI features respect the existing permissions and access controls set up in your account. No new data access is granted to a user when using an AI feature.
No. If your organization is provisioned in Amplitude’s EU data center, your data never leaves the EU when using Amplitude’s AI capabilities. When you use Amplitude’s AI capabilities, the data is processed entirely within the EU and is not transferred to any AI partners in the United States.
As mentioned above, Amplitude’s AI features use third-party models (listed ), all of which have built-in processes to test and reduce bias, such as evaluation frameworks, fairness testing, and safety filters. In addition, Amplitude continuously monitors model performance and applies guardrails and policies to help ensure outputs are appropriate, fair, and aligned with our customers’ expectations.
Moreover, we believe that the potential for bias or discrimination in connection with Amplitude’s AI features is very limited because the intended use cases are focused on product analytics and experimentation rather than high risk decision-making processes like credit scoring, hiring, or medical diagnosis. Furthermore, these features are typically used by customers for internal business purposes, and rely on aggregated, non-sensitive data, thus inherently mitigating individual impact.
As mentioned above, Amplitude’s AI features use third-party models (listed ), all of which regularly evaluate their models using metrics such as accuracy, reliability, robustness, and safety. These providers use a mix of automated testing, human evaluation, and guardrails to track how models perform. In addition, Amplitude continuously monitors the quality of responses within our AI features to ensure they meet customer needs and adjusts models or configurations when needed. However, customers are still responsible for reviewing their own outputs and Amplitude does not guarantee that all outputs will be error-free.
We know that it is important for our customers to understand how their users are engaging with Amplitude's AI features. That is why we are actively working on new features to give customers insight into how users are prompting Amplitude's AI features. However, until these features go live, customers with a dedicated CSM can work with their CSM to create an Amplitude dashboard that reflects this information.
Transparency
Amplitude believes that privacy is a fundamental right and that it is our responsibility to be clear and transparent about how we process your data. We are committed to being transparent with you about our privacy policies and practices, including with respect to our development of . Our Data Processing Agreement (DPA) outlines our strong commitment to securely and responsibly processing your data. We will continue to invest in resources that protect your privacy and build trust.
describes our practices for processing information in relation to visitors of our amplitude.com website, Community Forum and Amplitude Academy; Amplitude’s marketing activities; and Customers accessing and using our products and services.
A Data Processing Addendum (DPA) is a legal agreement that sets out the legal framework under which Amplitude processes personal data submitted to our platform by a customer and applies to all of our services. Our DPA is incorporated by reference into our and , so no further action by our customers is needed, regardless of which Amplitude services are used.
Amplitude uses third-party sub processors in the US and EU, according to our customers’ data center choices, in order to provide our services. We impose contractual obligations on our sub processors to implement appropriate safeguards to ensure that the subprocessing of personal data is protected to the standards required by applicable data protection laws. A list of our sub processors is disclosed in Schedule B of your applicable . Our customers may subscribe to notifications of subprocessor changes by emailing subprocessor.notifications@amplitude.com.
On July 10, 2023, the European Commission formally adopted its new adequacy decision for the EU-US Data Privacy Framework. The adoption of this adequacy decision follows years of intense negotiations between the EU and the US after the invalidation of the EU-US Privacy Shield. The adequacy decision provides our customers with additional certainty that any EU personal data submitted to the Amplitude platform can legally be transferred to the United States.
In addition to certifying to the Data Privacy Framework, our DPA will also continue to incorporate other data transfer mechanisms, such as the Standard Contractual Clauses and the UK Addendum.
Our Perspective
Check out Amplitude's content and press coverage to understand our stance on privacy issues.
