Privacy Policy

Introduction

SocialAmp ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at socialamp.io (the "Service").

Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you create an account or use our Service, we may collect:

• Name and email address
• LinkedIn profile information (when you connect via LinkedIn OAuth)
• Profile photo
• Company name and industry
• Payment information (processed securely by Stripe)
• Growth plan preferences you provide (goal, commitment level, topics, notification preferences)
• Self-reported LinkedIn analytics you enter as your baseline (e.g. follower count, post impressions, profile viewers, search appearances, newsletter metrics) and any subsequent monthly snapshots you submit. We do not pull these numbers from LinkedIn automatically; you type them in from your own LinkedIn dashboard.

Usage Information

We automatically collect certain information when you use our Service:

• Log data (IP address, browser type, pages visited)
• Device information
• Messages and content shared within groups
• Engagement activity within the platform

How We Use Your Information

We use the information we collect to:

• Provide and maintain our Service
• Create and manage your account
• Match you with appropriate engagement groups
• Process payments and subscriptions
• Send you updates, notifications, and support messages
• Improve and personalize your experience
• Analyze usage patterns to improve our Service
• Detect and prevent fraud or abuse

Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• With other group members: Your name, profile photo, company, and messages are visible to members of your engagement group
• Service providers: We use third-party services (Stripe for payments, Supabase for data storage) that process data on our behalf
• Legal requirements: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

Data Security

We implement appropriate technical and organizational measures to protect your personal information. Our security program is reviewed regularly and includes, among other controls:

• Encryption of data in transit (HTTPS/TLS) and encryption at rest by our database provider
• Secure authentication via LinkedIn OAuth or email and password, with industry-standard session handling
• Payment processing through PCI-compliant Stripe (we do not store full card numbers)
• Server-side authorization on every endpoint that touches your data, so users can only read or modify data they own
• Database-level access controls that enforce per-user data isolation
• Strict input validation and content-type checks on uploads (for example, profile photos must be standard image formats; certain risky formats are blocked)
• Rate limits on sensitive endpoints to deter abuse, brute-force attempts, and scraping
• Modern HTTP security headers (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
• Idempotent processing of payment provider webhooks to prevent duplicate or replayed events
• An internal audit log of privileged administrative actions
• Generic error responses on authentication failures, so account existence is not leaked
• Outbound LinkedIn URLs are stripped of common tracking parameters before being shared with other members
• Periodic security reviews of our codebase, dependencies, and infrastructure

For obvious reasons we do not publish the specific configuration details of these controls. If you are an enterprise customer who needs a more detailed security overview, contact security@socialamp.io.

No method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

Group-scoped data after a group closes

Engagement groups operate on a fixed rotation. When a group closes (its rotation ends, or it is otherwise removed by an administrator), all group-scoped data — including messages, shared links, link-click activity, and group membership records for that group — is permanently deleted within 14 days of closure. Your account, profile, growth plan, and LinkedIn baseline history are not affected; only data tied specifically to the closed group is removed.

Direct messages

Direct messages between members are retained while both users have active accounts. They are deleted within 30 days of either user closing their account.

Baseline history

The LinkedIn baseline numbers you submit (and any subsequent monthly snapshots) are retained for the lifetime of your account so that we can show you growth over time. You can request deletion of this history at any time by contacting privacy@socialamp.io.

Backups

Encrypted backups maintained by our database provider may persist for a short period after deletion takes effect in our live systems, in line with that provider's standard retention schedule.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request a copy of your data in a portable format
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@socialamp.io.

Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Analyze site traffic and usage

You can control cookies through your browser settings. Disabling cookies may affect your ability to use certain features of our Service.

Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• LinkedIn: For authentication and profile data
• Stripe: For payment processing
• Supabase: For data storage and authentication

We encourage you to review their privacy policies.

Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

SMS Notifications

If you opt in to receive SMS notifications, SocialAmp uses Twilio Inc. as its SMS carrier to deliver those messages. Your mobile phone number is shared with Twilio solely to deliver the messages you have subscribed to. SocialAmp does not sell, rent, share, or trade phone numbers or SMS content with any third party for marketing or any other purpose.

SMS opt-in data is treated as personal information and is not shared with third parties or affiliates for any purpose, including marketing. SMS phone numbers, opt-in status, opt-in timestamps, opt-out timestamps, and SMS message content are stored encrypted at rest and are never sold, rented, shared, or otherwise disclosed to third parties.

You can opt out at any time by replying STOP to any SocialAmp SMS, removing the SMS channel in your SocialAmp Settings, or emailing support@socialamp.io. See our full SMS Terms for additional details, including message frequency and carrier disclaimers.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: