Skip to main content
EngagementAmp
EngagementAmp
Book a call

Legal

Privacy Policy

Last updated: May 26, 2026

EngagementAmp ("EngagementAmp," "we," "our," or "us") provides a Reddit and AI-search growth platform to brands and agencies. This Privacy Policy describes the information we collect when you visit our website, book a call, become a client, or connect a third-party account (such as Google Analytics or Google Search Console) to your EngagementAmp dashboard. It also explains how we use, share, store, and protect that information, and the rights you have over it.

By using EngagementAmp you agree to the practices described here. If you do not agree, please do not use the service.

Quick links. Submit a privacy request (access, delete, opt out) · Data Processing Addendum · Sub-processors · Accessibility statement · Manage cookie preferences

1. Information we collect

1.1 Information you provide directly

  • Account & contact details — when you book a call, sign up, or contact us, we collect your name, work email, phone number, company website, company stage, and how you heard about us.
  • Client onboarding data — for active clients, we collect the information needed to run campaigns: target keywords, competitor names, product positioning, brand assets, and similar inputs you choose to share.
  • Communications — emails, messages, and call notes exchanged between you and our team.

1.2 Information collected automatically

  • Usage data — pages visited, features used, and approximate session timing on the EngagementAmp dashboard. We use this to keep the product working and to improve it.
  • Device & log data — IP address, browser type, operating system, referring URL, and timestamps. This is standard server log information and is used for security, abuse prevention, and rate limiting.
  • Cookies — we set strictly-necessary, HTTP-only session cookies after you log in so you stay signed in. Optional analytics and marketing cookies are only set with your consent (see Section 12).

1.3 Information from third-party services you connect

When you connect a third-party account to your EngagementAmp dashboard (for example, Google Analytics or Google Search Console), we receive information from that service through its official API. The specific data we receive is described in Section 3 — Google user data.

2. How we use information

We use the information described above to:

  • Deliver and operate the EngagementAmp service.
  • Authenticate you, secure your account, and prevent abuse.
  • Display analytics, rankings, and performance reporting inside your dashboard.
  • Communicate with you about your account, scheduled calls, billing, product updates, and support requests.
  • Improve and debug the product.
  • Meet legal, regulatory, audit, and contractual obligations.

We do not sell your personal information. We do not use the content of data you store with us — or data we retrieve on your behalf from connected accounts — to train generative AI models.

3. Google user data

When you authorize EngagementAmp to access your Google Analytics or Google Search Console account, Google asks you to grant the following OAuth scopes:

  • analytics.readonly — read-only access to your Google Analytics properties, used to display traffic, sessions, conversions, and related metrics for the website you select inside the EngagementAmp dashboard.
  • webmasters.readonly — read-only access to your Google Search Console properties, used to display impressions, clicks, queries, and position data for the property you select.
  • userinfo.email — to identify the Google account that connected to EngagementAmp so we can show it back to you and let you disconnect or reconnect it later.

EngagementAmp's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features of EngagementAmp that are visible to you in your dashboard.
  • We do not transfer Google user data to third parties except as needed to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with notice).
  • We do not use Google user data for serving advertisements, including retargeting or personalized advertising.
  • We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes (for example, investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.
  • We do not use Google user data to train, develop, or improve generalized or non-personalized AI or machine learning models.

We store the OAuth refresh token issued by Google in our database so we can periodically refresh metrics on your behalf without requiring you to re-authenticate. Refresh tokens are stored encrypted at rest by our database provider and are only ever used server-side. Access tokens are short-lived and are not persisted across requests beyond the lifetime of a sync job.

You can revoke EngagementAmp's access at any time, either from your dashboard's Integrations page, or directly from Google's third-party access page. Revoking access stops any further sync from your Google account; we will also delete the stored refresh token within 30 days of revocation or sooner on request.

4. How we share information

We share personal information only in these limited situations:

  • Service providers (sub-processors) — we use vetted vendors to host the application and run essential business operations. The current list is at /sub-processors. Each is contractually bound to use your data only to provide their service to us.
  • At your direction — when you choose to connect a third- party service (such as Google Analytics) or share an export with a collaborator.
  • Legal & safety — to comply with law, respond to valid legal process, or protect the rights, property, or safety of EngagementAmp, our clients, or the public.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets. We will provide notice before your data becomes subject to a different privacy policy.

5. Data retention

We retain personal information for as long as your account is active and for a limited period afterward to meet legal, accounting, and dispute-resolution needs. Specifically:

  • Account and billing records: retained for up to 7 years after account closure to satisfy tax and audit requirements.
  • Operational logs (request logs, security logs): retained for up to 90 days unless an active investigation requires longer.
  • Google OAuth refresh tokens: deleted within 30 days of you disconnecting the integration, revoking access in your Google account, or requesting account deletion.
  • Metrics synced from connected services (Google Analytics, Google Search Console): deleted automatically when you disconnect the integration from your dashboard. Until then, retained for as long as the account is active so historical reporting continues to work.

6. Security

We protect your information with industry-standard safeguards, including:

  • TLS (HTTPS) encryption for all data in transit.
  • Encryption at rest for our primary database and object storage.
  • Role-based access controls and row-level security so each client only sees their own data.
  • HTTP-only, secure session cookies and short-lived JWT sessions.
  • Rate limiting and CSRF protection on every API route, plus standard security headers (HSTS, X-Frame-Options, Referrer-Policy, etc.).
  • Server-side validation of all inputs with schema validation; secrets are never returned in API responses.

No system is 100% secure. If we become aware of a security incident that affects your personal information, we will notify you and the appropriate authorities as required by law.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal information we hold about you, and to object to or withdraw consent for certain processing. For a complete summary and a form for submitting requests, see our Your Privacy Rights page. You can also email support@engagementamp.com. We will respond within the time required by applicable law (typically 30–45 days).

8. Legal bases for processing (EEA / UK / Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR and equivalent laws:

  • Performance of a contract (Art. 6(1)(b)) — to provide the Service you have signed up for, manage your account, and deliver scheduled reports.
  • Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse, debug, and improve the product. We balance these interests against your rights and only rely on this basis where your rights do not override our interest.
  • Consent (Art. 6(1)(a)) — for optional analytics and marketing cookies, and for marketing emails that require consent in your jurisdiction. You can withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to keep tax, accounting, and other records that we are required by law to retain.

Where we transfer personal data outside the EEA, UK, or Switzerland to a country that has not been deemed adequate, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) and, where appropriate, supplementary measures such as encryption in transit and at rest.

You have the right to lodge a complaint with your local supervisory authority. A list of EU authorities is available on the European Data Protection Board website. In the UK, the supervisory authority is the Information Commissioner's Office.

9. Notice at Collection & U.S. state privacy disclosures

This section applies to residents of U.S. states with comprehensive consumer privacy laws, including California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. The specific rights available to you depend on your state.

9.1 Categories of personal information we collect

In the past 12 months we have collected the following categories of personal information (using the labels defined by the California Consumer Privacy Act, as amended by the CPRA):

  • Identifiers — name, email, phone number, IP address, account ID.
  • Customer records — billing contact, company role.
  • Commercial information — services purchased and usage history.
  • Internet / network activity — pages viewed, features used, referring URLs, device and browser information.
  • Geolocation data — approximate (city-level) location derived from IP address.
  • Professional information — your company, role, and business needs that you share during onboarding.
  • Inferences — preferences and product usage patterns we derive to operate the dashboard.

We do not knowingly collect sensitive personal information (such as government IDs, precise geolocation, racial or ethnic origin, religious beliefs, union membership, genetic or biometric data, health data, sexual orientation, or the contents of your mail/email/messages) and we do not use any such category for any purpose beyond the limited uses permitted without an opt-out under California law.

9.2 Sources of personal information

  • Directly from you (forms, account setup, communications).
  • Automatically from your interaction with the site and dashboard.
  • From third-party services you connect (e.g., Google).
  • From service providers helping us deliver the Service.

9.3 Purposes

See Section 2 above for the full list of purposes.

9.4 Recipients

We disclose personal information to the categories of recipients listed in Section 4 (service providers, parties at your direction, legal/safety recipients, business-transfer counterparties).

9.5 Sale / sharing / targeted advertising

We do not sell personal information for money. We do not currently "share" personal information for cross-context behavioral advertising as defined by California, Colorado, Connecticut, Virginia, and similar state laws. We do not process personal information for targeted advertising or profiling that produces legal or similarly significant effects. We have not done so in the prior 12 months.

If our practices ever change, we will update this Privacy Policy and provide a clear opt-out mechanism. You can pre-emptively opt out today at /privacy-rights.

9.6 Global Privacy Control (GPC)

We honor the Global Privacy Control browser signal as a valid opt-out of sale and sharing of personal information. If your browser sends a GPC signal, we treat your visit as an opt-out without requiring further action from you.

9.7 Retention

See Section 5 above.

9.8 Your state-law rights

Depending on the state where you reside, you have the right to: know / access, correct, delete, port, opt out of sale or sharing, opt out of targeted advertising, opt out of profiling, limit use of sensitive personal information, and appeal a denial. See /privacy-rights for the full list and instructions for submitting a request. We do not discriminate against you for exercising these rights.

9.9 Shine the Light (California Civil Code § 1798.83)

California residents may request information once per year about the personal information we disclosed to third parties for their own direct marketing purposes during the prior calendar year. We do not disclose personal information to third parties for their direct marketing purposes.

9.10 Nevada residents

Nevada residents have the right to opt out of the sale of certain "covered information" under Nevada Revised Statutes Chapter 603A. We do not sell covered information, but you may still submit a request to support@engagementamp.com to confirm.

10. International transfers

EngagementAmp is operated from the United States and our service providers are located primarily in the United States and the European Union. If you access the service from outside these regions, you understand that your information will be transferred to, stored, and processed in jurisdictions that may have different data-protection laws than your own. Where required, we use Standard Contractual Clauses or other approved transfer mechanisms.

11. EU/UK representative

We have not appointed an Article 27 GDPR representative because we believe we fall within the "occasional" processing exemption. If you are an EEA or UK resident and would like to contact us about your rights, please email support@engagementamp.com and we will respond within the timeframes required by law. We will update this section with representative contact details if our processing reaches a level that requires one.

12. Cookies & similar technologies

We use the following categories of cookies and similar technologies:

  • Strictly necessary — required for login, security, and basic site functionality. These are always on and cannot be disabled.
  • Analytics — set only with your consent. Help us understand how the site and dashboard are used so we can improve them.
  • Marketing — set only with your consent. Help us measure the performance of marketing campaigns. We do not use these to sell personal information.

You can change your choices any time using the Cookie preferences link in the footer. We also honor the Global Privacy Control signal — see Section 9.6.

13. Children

EngagementAmp is a business-to-business product and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top of this page, and for material changes we will provide more prominent notice (for example, an in-app banner or an email to account holders). Your continued use of EngagementAmp after a change takes effect constitutes acceptance of the updated policy.

15. Contact us

Questions, comments, or requests related to this Privacy Policy or your personal information can be sent to:

support@engagementamp.com