The policy discloses that residents of nine US states (California, Virginia, Colorado, Connecticut, Texas, Nevada, Oregon, Montana, and New Hampshire) may have rights to access, correct, delete, and opt out of sale, sharing, or targeted advertising with respect to their personal information.
This analysis describes what Amplitude's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the scope of US state privacy rights Amplitude recognizes and the jurisdictions in which those rights apply, creating a multi-state compliance framework. The specific rights available and associated procedural requirements vary by state, and the policy's single disclosure framework may not capture all state-specific procedural distinctions.
Expanded from California-specific provisions to multi-state framework covering nine states with broader rights enumeration and removed specific contact instructions.
View full change record →Under this clause, residents of nine listed US states may submit requests to access, correct, delete, or opt out of certain uses of their personal information by contacting Amplitude through the designated privacy request portal or by email. The specific rights available depend on the applicable state law for the individual's state of residence.
How other platforms handle this
For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below and the Consumer Health Data Policy.
If you are a California resident, you may have the right to: Know what personal information we collect, use, disclose, sell, or share. Correct inaccurate personal information. Delete your personal information. Opt out of the sale or sharing of your personal information. Limit the use and disclosure ...
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Amplitude has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you live, you may have certain rights with respect to your personal information, including the right to know, access, correct, delete, and opt out of the sale or sharing of your personal information, or opt out of targeted advertising. These rights may apply to you if you are a resident of California, Virginia, Colorado, Connecticut, Texas, Nevada, Oregon, Montana, or New Hampshire.— Excerpt from Amplitude's Amplitude Privacy Notice
REGULATORY LANDSCAPE: This provision engages CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), TDPSA (Texas), Nevada SB 220, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, and New Hampshire privacy law. Each statute has distinct definitions, rights, timelines, and enforcement mechanisms. Enforcement authorities vary by state, with the California Privacy Protection Agency and various state attorneys general having primary jurisdiction. GOVERNANCE EXPOSURE: Medium. A single consolidated privacy rights workflow may not satisfy all state-specific procedural requirements, particularly where states differ on response timelines, appeal rights, or authorized agent verification procedures. California's CPRA includes the most detailed procedural requirements, including response within 45 days and a mandatory appeals process. JURISDICTION FLAGS: California creates the highest operational compliance burden due to CPRA's detailed requirements, including the right to correct, opt out of automated decision-making, and appeal denied requests. Texas and Virginia have their own procedural requirements and enforcement regimes. Organizations operating across all nine listed states should assess whether Amplitude's consolidated rights workflow satisfies each state's specific procedural requirements. CONTRACT AND VENDOR IMPLICATIONS: Business customers deploying Amplitude who receive privacy rights requests from end users must assess whether to route those requests to Amplitude for processing under the DPA. The policy's treatment of platform data as service provider data means business customers retain primary responsibility for responding to their own end users' data rights requests. COMPLIANCE CONSIDERATIONS: Compliance teams should map each state's specific rights and timelines against Amplitude's disclosed response procedures, verify that authorized agent verification procedures are in place, and confirm that appeal mechanisms function as required under CPRA and other applicable statutes. Amplitude's privacy rights portal at https://privacy.amplitude.com should be tested for functionality and completeness.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the scope of US state privacy rights Amplitude recognizes and the jurisdictions in which those rights apply, creating a multi-state compliance framework. The specific rights available and associated procedural requirements vary by state, and the policy's single disclosure framework may not capture all state-specific procedural distinctions.
Under this clause, residents of nine listed US states may submit requests to access, correct, delete, or opt out of certain uses of their personal information by contacting Amplitude through the designated privacy request portal or by email. The specific rights available depend on the applicable state law for the individual's state of residence.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amplitude.