The policy discloses that personal data of EU/EEA, UK, and Swiss residents may be transferred to the United States and other countries, and states that Standard Contractual Clauses approved by the European Commission are used as the transfer mechanism.
This analysis describes what Amplitude's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the legal basis for cross-border data transfers from the EU/EEA, UK, and Switzerland to the US, which requires ongoing adequacy and Schrems II compliance assessment. Organizations subject to GDPR must confirm that Amplitude's SCCs are current, include required supplementary measures where applicable, and cover all relevant data flows.
Interpretive note: The document states SCCs are used but does not specify whether a transfer impact assessment has been conducted or what supplementary measures are in place, creating uncertainty about the completeness of the transfer safeguard framework.
New explicit disclosure of cross-border transfers and legal safeguards, addressing GDPR/UK GDPR requirements post-Schrems II and providing transparency on data localization.
View full change record →Under this clause, personal data of EU/EEA, UK, and Swiss residents is transferred to the United States under Standard Contractual Clauses. Individuals in these jurisdictions retain GDPR-based rights to object to or restrict such transfers in circumstances specified under applicable law.
How other platforms handle this
Your personal information may be transferred to, stored, and processed in the United States or other countries outside of your country of residence, which may have data protection laws that are different from those in your country.
Your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers and partners operate. By using our Services, you acknowledge that your personal information may be transferred to countries outside your country of residence, in...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Amplitude has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"If you are located in the European Economic Area, the United Kingdom, or Switzerland, please note that we transfer your personal information to the United States and other countries that may not provide the same level of data protection as your home country. We rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to transfer your personal information.— Excerpt from Amplitude's Amplitude Privacy Notice
REGULATORY LANDSCAPE: This provision engages GDPR Chapter V (international data transfers), the UK GDPR and ICO's international transfer framework, and Swiss data protection law. The EU-US Data Privacy Framework and Standard Contractual Clauses are the primary transfer mechanisms referenced. EU data protection authorities and the UK Information Commissioner's Office are the relevant enforcement bodies. The adequacy of transfer mechanisms requires evaluation following the CJEU's Schrems II judgment. GOVERNANCE EXPOSURE: High for EU-facing organizations. The SCC-based transfer mechanism requires supplementary measures assessment under GDPR where US law may not provide equivalent protection. Organizations deploying Amplitude to process EU personal data must document their transfer impact assessment and confirm Amplitude's SCCs are the current EC-approved 2021 version. JURISDICTION FLAGS: EU/EEA and UK create the highest compliance exposure. Switzerland has its own data protection law (revised FADP) with distinct international transfer requirements. UK organizations must use the International Data Transfer Agreement or the UK Addendum to EC SCCs. Each jurisdiction may require separate documentation. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should obtain Amplitude's current SCC documentation, confirm the applicable module (controller-to-processor), and assess whether a transfer impact assessment has been conducted. Organizations should also verify that sub-processor data flows are covered by the SCCs and that Amplitude's sub-processor list is current. COMPLIANCE CONSIDERATIONS: EU and UK organizations should maintain records of the transfer mechanism relied upon, conduct or update transfer impact assessments, and confirm that supplementary technical measures (such as encryption and access controls) are documented. Any changes to Amplitude's processing locations should trigger a review of the transfer documentation.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the legal basis for cross-border data transfers from the EU/EEA, UK, and Switzerland to the US, which requires ongoing adequacy and Schrems II compliance assessment. Organizations subject to GDPR must confirm that Amplitude's SCCs are current, include required supplementary measures where applicable, and cover all relevant data flows.
Under this clause, personal data of EU/EEA, UK, and Swiss residents is transferred to the United States under Standard Contractual Clauses. Individuals in these jurisdictions retain GDPR-based rights to object to or restrict such transfers in circumstances specified under applicable law.
ConductAtlas has identified this type of provision across 84 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amplitude.