Your data remains yours. Amplitude can only use the data you send it to provide the services you have paid for, not for any other purpose.
This analysis describes what Amplitude's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause protects businesses by confirming that Amplitude does not acquire ownership of or broad rights over the customer behavioral and product usage data sent to the platform, limiting Amplitude's license strictly to service delivery.
Businesses retain ownership of all data they upload or send to Amplitude, and Amplitude's license to use that data is limited to providing the contracted services. This is a meaningful protection against broader commercial use of your customers' behavioral data by Amplitude.
How other platforms handle this
As between Egnyte and Customer, Customer shall own all right, title and interest in and to the Customer Data. Customer hereby grants to Egnyte a limited, non-exclusive, royalty-free, worldwide license to use, copy, store, transmit, display and modify the Customer Data solely to the extent necessary ...
Customer grants Snowflake the right to host, copy, transmit, display, and otherwise use Customer Data and Customer Applications as reasonably necessary to provide the Services in accordance with this Agreement.
To the extent permitted by applicable law, as between you and Mistral AI, you (i) retain all ownership rights in Input and (ii) own all Output. We assign to you all right, title, and interest, if any, in and to Output that we may have. You grant us a worldwide, non-exclusive, non-transferable (excep...
Monitoring
Amplitude has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"As between Amplitude and Customer, Customer owns all right, title, and interest in and to Customer Data. Customer grants Amplitude a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, and display Customer Data solely to provide the Services to Customer in accordance with this Agreement.— Excerpt from Amplitude's Amplitude Terms of Service
(1) REGULATORY LANDSCAPE: This provision is directly relevant to GDPR's controller/processor framework, confirming that Customer acts as data controller and Amplitude as data processor for Customer Data. Under CCPA and CPRA, this framing supports the characterization of Amplitude as a service provider rather than a third party for purposes of Customer Data, which has significant implications for the Customer's own privacy disclosures. The relevant enforcement authorities are EU supervisory authorities under GDPR and the California Privacy Protection Agency under CPRA. (2) GOVERNANCE EXPOSURE: Low for the Customer Data license itself, as the restriction to service delivery purposes is a standard and protective term. The governance exposure arises from ensuring this characterization is consistently applied in the DPA and that Amplitude's contractual obligations as processor are fully documented in that separate agreement. (3) JURISDICTION FLAGS: EU/EEA customers should confirm that the DPA incorporates the Standard Contractual Clauses or other lawful transfer mechanism where Customer Data is processed outside the EEA. The characterization of Amplitude as a service provider (not a third party) under CPRA depends on the DPA including appropriate restrictions on Amplitude's use of Customer Data for its own purposes, which the ToS supports but the DPA must implement. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that the DPA's processor obligations align with this ToS provision and that Amplitude's sub-processor list is disclosed and manageable. The non-exclusive, royalty-free license is appropriate and standard; the key due diligence item is ensuring the DPA's deletion and return of data provisions are adequate upon termination. (5) COMPLIANCE CONSIDERATIONS: Data mapping exercises should record Amplitude as a data processor for Customer Data, with the Customer as controller. Privacy notices to end users should accurately reflect the sharing of behavioral data with Amplitude as a service provider. Compliance teams should confirm the DPA includes obligations regarding sub-processor changes, audit rights, and breach notification timelines.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause protects businesses by confirming that Amplitude does not acquire ownership of or broad rights over the customer behavioral and product usage data sent to the platform, limiting Amplitude's license strictly to service delivery.
Businesses retain ownership of all data they upload or send to Amplitude, and Amplitude's license to use that data is limited to providing the contracted services. This is a meaningful protection against broader commercial use of your customers' behavioral data by Amplitude.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amplitude.