Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Amplitude's privacy notice covering how the company handles personal data of website visitors, prospective customers, and end users of products built on the Amplitude analytics platform. The policy discloses that Amplitude collects identifiers, IP addresses, device and browser information, professional contact details, and behavioral and usage data, and authorizes sharing with advertising, analytics, social media, and marketing automation partners for targeted advertising and marketing purposes. The policy separately discloses that data processed through Amplitude's analytics platform on behalf of business customers is handled as a service provider or data processor, with Amplitude's own use of that data limited to service delivery and improvement.
This document is Amplitude, Inc.'s Privacy Notice (effective May 14, 2026), governing the collection, use, and disclosure of personal information in connection with Amplitude's website, marketing activities, and its analytics platform products, with separate treatment for business contacts and end users of customer-deployed analytics SDKs. The policy states that Amplitude collects identifiers, contact information, professional details, device and browser data, IP addresses, usage and behavioral data, and cookie-based tracking information from website visitors and business contacts, and separately processes event data and user properties uploaded by customer organizations through the platform. The policy asserts that data collected through the platform is processed as a service provider or data processor on behalf of customers, with Amplitude's own use of such data limited to providing and improving the services, which represents a structurally significant carve-out; however, the policy also reserves the right to use aggregated or de-identified platform data for benchmarking and product improvement purposes, and the adequacy of de-identification standards is not specified in the document. The policy engages GDPR, CCPA/CPRA, and other US state privacy laws (Virginia, Colorado, Connecticut, Texas, Nevada, Oregon, Montana, New Hampshire), identifying Amplitude as a data controller for marketing data and a data processor for customer-deployed analytics data. Material compliance considerations include cross-border data transfer mechanisms for EU/EEA personal data, the dual controller/processor role Amplitude occupies depending on context, and the specific rights afforded to California residents including opt-out of sale or sharing for targeted advertising purposes.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial2 important changes detected
3 versions captured · Last updated: June 2026
New provision clarifying Amplitude's right to use platform data in aggregated form for internal business purposes, which is significant for customers and users concerned about competitive intelligence or benchmarking uses.
New explicit disclosure of cross-border transfers and legal safeguards, addressing GDPR/UK GDPR requirements post-Schrems II and providing transparency on data localization.
New detailed specification of tracking technologies and data collected, providing transparency on monitoring methods used across website and service interactions.
New comprehensive disclosure of service provider categories and contractual protections, clarifying the full scope of third-party access beyond advertising networks.
Removal of explicit EU/UK-specific rights enumeration and legal bases may indicate relocation of this information to separate EU-specific privacy notice rather than main policy.
Removal of Session Replay product-specific transparency provision may indicate product discontinuation or relocation to separate product-specific documentation.
Removal of COPPA compliance statement may indicate relocation to separate children's privacy policy or assumption of child protection obligations under multi-state laws.
Removal of explicit provision on customer data sharing may indicate consolidation into processor/controller framework or relocation to separate customer-specific terms.
Restructured explanation to emphasize customer control and responsibility, and clarified that Amplitude acts as controller only for website/marketing data collection.
Added explicit California opt-out mechanism with updated privacy request URL and specified sharing is for targeted advertising purposes rather than general analytics services.
Expanded from California-specific provisions to multi-state framework covering nine states with broader rights enumeration and removed specific contact instructions.
Minor language update changing "personal information" to "your personal information" and "our services" to "our Services" for consistency and clarity.
1 provision unchanged.
View full change record →Monitoring
Amplitude has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Advertising Data Sharing with Third-Party Partners and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.