Privacy Policy - AmpliCircle

AmpliCircle Privacy Policy

Effective Date: 19 June 2025

Your privacy is important to us. This Privacy Policy (the “Policy”) explains how Sole Proprietor Denys Titoruk (“AmpliCircle,” “we,” “us,” or “our“) collects, uses, discloses, and safeguards information when you visit amplicircle.com (the “Site”) or interact with any related online services (collectively, the “Services”).

By accessing or using the Site, you acknowledge that you have read, understood, and agree to this Policy and our Terms of Service. If you disagree, please do not use the Site.

1. Who We Are (Data Controller)

Sole Proprietor Denys Titoruk
Reg. No.: 3486315037
Registered Address: 8 Volodymyra Ivasiuka Ave., Kyiv, 04219, Ukraine
Email: privacy@amplicircle.com
Phone: +380 (98) 959-66-05

For the purposes of the General Data Protection Regulation (EU 2016/679, “GDPR”) and the Law of Ukraine ‘On Personal Data Protection’ (“Ukrainian PDP Law”), we are the “controller” of your Personal Data.

2. Scope

This Policy covers data collected:

on the Site;
via emails or other electronic communications between you and us;
through analytics, advertising, and CRM integrations listed above. It does not cover offline activities or third‑party sites that merely link to us.

3. Definitions

“Personal Data (PD)” – information relating to an identified or identifiable natural person (GDPR Art.4 §1).
“Processing” – any operation performed on PD.
“Cookies” – small text files placed on your device; includes pixels, local storage, and similar tech.
“Sole Proprietor (FOP)” – a sole proprietorship (Ukr. фізична особа-підприємець) registered under the laws of Ukraine.

4. Information We Collect

4.1 Data You Provide Directly

Contact & Business Details – name, email, phone, company, job title when you submit forms, book meetings, or request resources.
Account Credentials – if we enable user log‑ins.
Communications Content – emails, chats, survey responses.

4.2 Data We Collect Automatically via Integrated Tools

Tool / Platform	PD Collected	Purpose
Google Analytics 4 (GA4)	IP (truncated/geo‑localized), device & browser data, usage events	Site analytics & UX optimization
Microsoft Clarity	Anonymized session replays, heat‑maps (masked inputs)	UX diagnostics
LinkedIn Ads (Insight Tag)	LinkedIn member ID (hashed), referrer, device	Ad attribution & remarketing
Google Ads (Global Site Tag + Conversion Linker)	Ad click ID (gclid), referrer, device	Ad attribution, conversion tracking
CookieYes	Your granular consent choices & a unique consent ID	Store & signal consent status and communicate with tag management
HubSpot CRM	Emailed form data, hubspotutk identifier, page views	Lead management & automated comms

We have configured GA4 IP anonymization, disabled User‑ID features, and use Google Signals only with explicit consent.

4.3 Data from Third‑Party Sources

We may receive lead‑generation data from LinkedIn or HubSpot, in accordance with their privacy notices and your marketing preferences.

5. Legal Bases

We rely on:

Contract (GDPR 6 (1)(b)) – to answer enquiries or deliver requested Services;
Legitimate Interests (6 (1)(f)) – core analytics, site security, B2B marketing proportional to our relationship;
Consent (6 (1)(a)) – non‑essential cookies, personalised ads, remarketing, GA4 advertising features;
Legal Obligation (6 (1)(c)) – tax, accounting, and compliance duties.

We apply the same grounds under the Ukrainian PDP Law.

6. Cookies & Similar Technologies (Cookie Policy)

This section doubles as our Cookie Policy and covers all tracking technologies used.
6.1 Categories & Details

Category	Example Cookies / Tags	Provider(s)	Purpose	Lifespan
Essential	XSRF‑TOKEN, cookie_consent	First‑party, CookieYes	security, load balancing, consent storage	Session–12 m
Analytics	_ga, _ga_*, _gid	Google Analytics 4	audience stats, UX optimization	1 m–2 y
Analytics	_clck, _clsk, CLID, ANONCHK, MR	Microsoft Clarity	session replay & heatmaps	1 d–1 y
Functional / CRM	hubspotutk, __hssrc, __hssc, __hstc	HubSpot	identify returning leads, chat widgets	Session–13 m
Marketing / Ads	li_fat_id, li_sugr, li_gc, lidc	LinkedIn	ad conversion, retargeting	24 h–24 m
Marketing / Ads	_gcl_au, IDE, test_cookie	Google Ads	ad conversion, retargeting	1 m–13 m
Container	gtm_debug (temporary)	Google Tag Manager	tag deployment debugging	< 24 h

Exact cookie names may change as Google, Microsoft, LinkedIn, or HubSpot update their libraries; we regularly track and update this table.

6.2 Consent Management

When you land on the Site:

CookieYes banner pops up – you can accept all, reject all, or customize categories.
CookieYes writes a first‑party cookie that stores your choices and passes consent signals to GA4, GTM, Clarity, Ads, LinkedIn, and HubSpot.
You can withdraw or amend consent at any time via the Cookie Settings widget.

6.3 Browser & Industry Controls

You may also manage cookies in your browser or use industry opt‑out tools (e.g., youronlinechoices.eu, NAI). Blocking essential cookies may degrade Site performance.

6.4 Retention & Updates

Cookies persist for the durations listed above, after which they auto‑expire. We may shorten or extend lifespans within regulatory limits. Material changes trigger a refreshed banner.

7. How We Use Your Information

Provide and maintain the Site;
Respond to enquiries and send requested content;
Analyze performance and improve UX (GA4, Clarity);
Manage marketing campaigns and measure conversions (LinkedIn Ads, Google Ads);
Orchestrate tags and enforce consent (CookieYes);
Nurture leads and automate emails (HubSpot);
Detect, prevent, and mitigate fraud or security incidents;
Comply with legal obligations.

8. Sharing & Disclosure

We share PD only as necessary with:

Service Providers bound by contracts & SCCs: Google Ireland Ltd., Microsoft Ireland Operations Ltd., LinkedIn Ireland Unlimited Company, HubSpot Ireland Ltd., Cloudflare Inc. (CDN), and our CookieYes Limited;
Professional Advisors under NDA;
Public Authorities, if legally required;
Successors in a business transfer, provided the recipient upholds this Policy.

We do not sell or rent your PD.

9. International Data Transfers

We store data in the EU (Google data centres) and Ukraine. When transferring outside the EEA or Ukraine, we rely on:

Google & Microsoft – EU Data‑Processing Addendums + SCCs;
LinkedIn & HubSpot – SCCs;
Cloudflare – Binding Corporate Rules.

10. Data Retention

Data Type	Typical Retention
Contact form submissions	3 y from last interaction
CRM lead records	Active client lifecycle + 3 y
Analytics event data (GA4)	14 m
Session replays (Clarity)	30 d
Cookie consent logs	5 y (evidence of compliance)
Invoices & tax records	7 y (statutory)

We may retain backups for disaster recovery purposes for up to 90 days beyond the periods above.

11. Security

We employ HTTPS/TLS, Web Application Firewalls (Cloudflare), intrusion monitoring, encryption at rest (AWS/Azure), strict role‑based access, and annual penetration testing.

12. Your Rights

You have the right to access, rectify, erase, restrict, object, port, and withdraw your consent. To exercise them, email privacy@amplicircle.com. We may verify your identity. You may lodge complaints with:

Ukrainian Parliament Commissioner for Human Rights, or
Your EU Data‑Protection Authority.

13. Children’s Privacy

The Site is not intended for children under the age of 18. We do not knowingly collect PD from them.

14. Third‑Party Links

We are not responsible for external sites linked from ours.

15. Changes to This Policy

We may modify this Policy. We will post the updated version with a new “Last Revised” date and, where appropriate, display a banner until you acknowledge it.