EngagementAmp
EngagementAmp
Book a call

Legal

Privacy Policy

Last updated: May 19, 2026

EngagementAmp ("EngagementAmp," "we," "our," or "us") provides a Reddit and AI-search growth platform to brands and agencies. This Privacy Policy describes the information we collect when you visit our website, book a call, become a client, or connect a third-party account (such as Google Analytics or Google Search Console) to your EngagementAmp dashboard. It also explains how we use, share, store, and protect that information, and the rights you have over it.

By using EngagementAmp you agree to the practices described here. If you do not agree, please do not use the service.

1. Information we collect

1.1 Information you provide directly

  • Account & contact details — when you book a call, sign up, or contact us, we collect your name, work email, phone number, company website, company stage, and how you heard about us.
  • Client onboarding data — for active clients, we collect the information needed to run campaigns: target keywords, competitor names, product positioning, brand assets, and similar inputs you choose to share.
  • Communications — emails, messages, and call notes exchanged between you and our team.

1.2 Information collected automatically

  • Usage data — pages visited, features used, and approximate session timing on the EngagementAmp dashboard. We use this to keep the product working and to improve it.
  • Device & log data — IP address, browser type, operating system, referring URL, and timestamps. This is standard server log information and is used for security, abuse prevention, and rate limiting.
  • Cookies — we set strictly-necessary, HTTP-only session cookies after you log in so you stay signed in. We do not use third-party advertising cookies on the dashboard.

1.3 Information from third-party services you connect

When you connect a third-party account to your EngagementAmp dashboard (for example, Google Analytics or Google Search Console), we receive information from that service through its official API. The specific data we receive is described in Section 3 — Google user data.

2. How we use information

We use the information described above to:

  • Deliver and operate the EngagementAmp service.
  • Authenticate you, secure your account, and prevent abuse.
  • Display analytics, rankings, and performance reporting inside your dashboard.
  • Communicate with you about your account, scheduled calls, billing, product updates, and support requests.
  • Improve and debug the product.
  • Meet legal, regulatory, audit, and contractual obligations.

We do not sell your personal information. We do not use the content of data you store with us — or data we retrieve on your behalf from connected accounts — to train generative AI models.

3. Google user data

When you authorize EngagementAmp to access your Google Analytics or Google Search Console account, Google asks you to grant the following OAuth scopes:

  • analytics.readonly — read-only access to your Google Analytics properties, used to display traffic, sessions, conversions, and related metrics for the website you select inside the EngagementAmp dashboard.
  • webmasters.readonly — read-only access to your Google Search Console properties, used to display impressions, clicks, queries, and position data for the property you select.
  • userinfo.email — to identify the Google account that connected to EngagementAmp so we can show it back to you and let you disconnect or reconnect it later.

EngagementAmp's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features of EngagementAmp that are visible to you in your dashboard.
  • We do not transfer Google user data to third parties except as needed to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets (with notice).
  • We do not use Google user data for serving advertisements, including retargeting or personalized advertising.
  • We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes (for example, investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.
  • We do not use Google user data to train, develop, or improve generalized or non-personalized AI or machine learning models.

We store the OAuth refresh token issued by Google in our database so we can periodically refresh metrics on your behalf without requiring you to re-authenticate. Refresh tokens are stored encrypted at rest by our database provider and are only ever used server-side. Access tokens are short-lived and are not persisted across requests beyond the lifetime of a sync job.

You can revoke EngagementAmp's access at any time, either from your dashboard's Integrations page, or directly from Google's third-party access page. Revoking access stops any further sync from your Google account; we will also delete the stored refresh token within 30 days of revocation or sooner on request.

4. How we share information

We share personal information only in these limited situations:

  • Service providers (sub-processors) — we use vetted vendors to host the application and run essential business operations. These include cloud hosting (Vercel), database and authentication (Supabase), email delivery, customer-relationship tooling, and analytics data providers. Each is contractually bound to use your data only to provide their service to us.
  • At your direction — when you choose to connect a third- party service (such as Google Analytics) or share an export with a collaborator.
  • Legal & safety — to comply with law, respond to valid legal process, or protect the rights, property, or safety of EngagementAmp, our clients, or the public.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets. We will provide notice before your data becomes subject to a different privacy policy.

5. Data retention

We retain personal information for as long as your account is active and for a limited period afterward to meet legal, accounting, and dispute-resolution needs. Specifically:

  • Account and billing records: retained for up to 7 years after account closure to satisfy tax and audit requirements.
  • Operational logs (request logs, security logs): retained for up to 90 days unless an active investigation requires longer.
  • Google OAuth refresh tokens: deleted within 30 days of you disconnecting the integration, revoking access in your Google account, or requesting account deletion.
  • Metrics synced from connected services: retained for as long as the account is active so historical reporting continues to work; you can ask us to delete the synced history at any time.

6. Security

We protect your information with industry-standard safeguards, including:

  • TLS (HTTPS) encryption for all data in transit.
  • Encryption at rest for our primary database and object storage.
  • Role-based access controls and row-level security so each client only sees their own data.
  • HTTP-only, secure session cookies and short-lived JWT sessions.
  • Rate limiting and CSRF protection on every API route, plus standard security headers (HSTS, X-Frame-Options, Referrer-Policy, etc.).
  • Server-side validation of all inputs with schema validation; secrets are never returned in API responses.

No system is 100% secure. If we become aware of a security incident that affects your personal information, we will notify you and the appropriate authorities as required by law.

7. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal information we hold about you, and to object to or withdraw consent for certain processing. To exercise these rights, email us at hello@engagementamp.com. We will respond within the time required by applicable law (typically 30 days).

Specifically, you can request:

  • A copy of the personal information we hold about you.
  • Correction of inaccurate or out-of-date information.
  • Deletion of your account and the personal information associated with it.
  • Disconnection of any third-party integration and deletion of the associated tokens.

8. International users

EngagementAmp is operated from the United States and our service providers are located primarily in the United States and the European Union. If you access the service from outside these regions, you understand that your information will be transferred to, stored, and processed in jurisdictions that may have different data-protection laws than your own. Where required, we use Standard Contractual Clauses or other approved transfer mechanisms.

9. Children

EngagementAmp is a business-to-business product and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top of this page, and for material changes we will provide more prominent notice (for example, an in-app banner or an email to account holders). Your continued use of EngagementAmp after a change takes effect constitutes acceptance of the updated policy.

11. Contact us

Questions, comments, or requests related to this Privacy Policy or your personal information can be sent to:

hello@engagementamp.com