Privacy Policy

Last updated: 16/03/26

1. Information We Collect

We may collect the following types of personal and technical data when you use Amytis and our website:

• Identification data

  • Email address associated with your Amytis account.

  • We do not currently require your name or organization, but may collect these if you choose to provide them in future.

• Account and subscription data

  • Subscription status (e.g., Pro vs. free, expiry dates).

  • Basic profile metadata linked to your user ID (for example, your email and subscription state).

• Device and technical data

  • A persistent device identifier generated per installation (used to recognize your device and enforce device limits).

  • Device information such as operating system and platform version.

  • Application version and basic runtime environment information.

• Usage and analytics data

  • Pseudonymous app usage events (for example: when you open projects, create nodes, run nodes, or sign in successfully).

  • These analytics events are designed not to include your project contents, prompts, uploaded files, or other free‑text content.

  • When you use our website, we may also collect standard web analytics data such as pages visited, approximate time spent, and user flow, depending on your browser and cookie settings.

• Authentication and session data

  • Encrypted authentication tokens, user ID, email, and subscription state stored locally on your device to keep you signed in and support offline/reconnect behavior.

  • Passwords are never stored locally by Amytis.

• Communication data

  • Email address and any information you choose to share when contacting us (e.g., support requests, feedback or bug reports).

  • Records of transactional emails such as sign‑up confirmation and password reset messages.
    
    

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Amytis platform

  • Authenticate you, maintain your session, manage subscriptions, and enforce device limits.

  • Save and load your projects, and ensure core functionality of the workspace.

• Improve user experience and optimise performance

  • Analyse pseudonymous usage analytics to understand how features are used and where performance or usability can be improved.

  • Monitor stability and diagnose issues (for example, via logs and aggregated metrics).

• Communicate with you

  • Send account‑related messages, such as email confirmation, password reset links, billing and subscription updates, or security notifications.

  • Respond to your support requests and feedback.

  • Where permitted, send product updates or marketing communications that you can opt out of at any time.

• Ensure platform security and prevent misuse

  • Detect and prevent unauthorised access or abuse (for example, by enforcing per‑user device limits and monitoring for suspicious activity).

  • Protect the integrity and availability of our infrastructure and user data.

• Fulfil legal obligations and maintain compliance

  • Comply with applicable laws, regulations, and lawful requests from authorities.

  • Maintain appropriate records for accounting, taxation, and auditing purposes.
    
    

3. Data Storage and Security

We take appropriate technical and organisational measures to protect your data, including:

• Encrypted local storage

  • Authentication data (tokens, user ID, email, subscription state) is stored locally on your device in encrypted form.

  • Passwords are never stored locally by Amytis.

• Secure backend storage

  • Account, subscription, and analytics data are stored with our managed backend provider, which applies industry‑standard security practices, access controls, and encryption in transit.

  • Analytics events are stored in a dedicated schema using hashed identifiers (for users, devices, and projects) and are designed to avoid direct personal identifiers and project contents.

• Access control and least privilege

  • We use role‑based access control and database row‑level security to limit who and what can access your data.

  • Only authorized personnel and systems can access production data where strictly necessary to operate the service.

While no system can be 100% secure, we work to prevent unauthorized access, disclosure, alteration, or destruction of your information.

4. Cookies and Tracking Technologies

• On our website

  • We may use cookies and similar technologies (such as local storage, pixels, or analytics scripts) to:

    • Remember your preferences and settings.

    • Analyse website traffic and usage patterns.

    • Improve site functionality and user experience.

  • You can control or disable cookies through your browser settings, though some features of the website may not function properly without them.

• In the Amytis desktop application

  • The desktop app does not rely on browser cookies.

  • Instead, it uses encrypted local files and preferences to store necessary settings and authentication data on your device.
    
    

5. Third‑Party Services

We may use trusted third‑party services to help us operate Amytis, including:

• Authentication and data storage providers (for example, our managed backend and database hosting).

• Subscription and payment processors that handle billing and invoicing on our behalf.

• Analytics and logging infrastructure that processes pseudonymous usage events and operational metrics.

These providers process data on our instructions and are subject to appropriate contractual and security obligations. Each provider also has its own privacy policy; where relevant, those will govern their use of your data.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. In particular:

• Account and subscription data are kept for as long as your account is active and for a reasonable period afterward for legal, accounting, and security purposes.

• Encrypted local session data on your device is kept until you sign out, uninstall, or it is otherwise cleared.

• Analytics data is retained for limited periods and may be aggregated or anonymised over time. Dedicated routines are in place to:

  • Remove analytics events associated with deleted user accounts.

  • Delete analytics events older than a defined cutoff date.

When data is no longer needed, we delete or irreversibly anonymise it.

7. Your Rights

Depending on your location and applicable law, you may have the right to:

• Access the personal data we hold about you.

• Request corrections if your data is inaccurate or incomplete.

• Request deletion of your personal data, subject to legal and operational constraints.

• Object to or restrict certain types of processing, including some forms of analytics or marketing.

• Withdraw consent where processing is based on consent (for example, certain communications).

• Lodge a complaint with your local data protection authority if you believe your rights have been violated.

To exercise these rights, please contact us using the information provided on our website or within the Amytis application. We may need to verify your identity before fulfilling certain requests.

8. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy practices. When we make material changes, we will:

• Update the “last updated” date at the top of the policy; and

• Take additional steps where required by law, such as providing a prominent notice in the app or on our website, or seeking your consent to material changes.

The latest version of this Privacy Policy is always available on our website.