Privacy Policy
This Privacy Policy explains how AAMP+ (the "Platform," "we," "us," or "our") collects, uses, and protects information when you access and use the AAMP+ Ambassador Management Platform at app.aamp.pro and related services (collectively, the "Service"). AAMP+ is owned and operated by MY Agency LLC.
AAMP+ is an invitation-only, business-to-business platform used by brand ambassador programs in the spirits industry. Access is provisioned by an organization (for example, an agency or brand client) for its authorized users. If you use AAMP+ as part of your work for such an organization, that organization administers your account and is responsible for the data it manages within the Service.
AAMP+ is a workforce and reporting tool intended for authorized business users who are 18 years of age or older. It is not directed to, and is not intended for use by, the general public or children.
1. Information We Collect
Account and identity information
When you are invited to the Service and sign in, we collect the information needed to create and secure your account, including your name, email address, organizational role, and the organization you belong to. You may sign in using Google (see Section 3) or an email "magic link." We store authentication identifiers but never see or store your Google password.
Program and activity data
In the course of using AAMP+, you and your organization submit business data, which may include:
- Activity recaps, including engagement metrics, samples, accounts visited, dates, and spend;
- Photos and media you upload to document field activations;
- Account/venue records, contacts, addresses, and sales information stored in the CRM;
- Goals, KPIs, calendars, events, and planning data;
- Location and address information associated with accounts and activations (for example, to plot activity on maps).
Technical and usage information
When you use the Service, we automatically collect limited technical data such as log information, device and browser type, IP address, and timestamps. We use session and authentication cookies that are strictly necessary to keep you signed in and to operate the Service.
2. How We Use Information
- To provide, maintain, and secure the Service and authenticate your access;
- To store and process the program data your organization manages within AAMP+;
- To generate reports, dashboards, exports, and summaries for your organization;
- To send transactional communications (for example, invitations, sign-in links, and service notices);
- To monitor performance, diagnose problems, prevent abuse, and improve reliability;
- To comply with legal obligations and enforce our terms.
We do not sell personal information, and we do not use your information for advertising or to build advertising profiles.
3. Google User Data
If you choose to sign in with Google, we request only your basic profile information (name, email address, and profile picture) for the sole purpose of authenticating you and creating or matching your AAMP+ account. We do not request access to your Gmail, Drive, Calendar, or other Google services.
AAMP+'s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer or sell Google user data to third parties for advertising, and we use it only to provide and improve the authentication experience. You can revoke AAMP+'s access at any time from your Google Account permissions page.
4. Cookies and Sessions
We use only the cookies that are necessary to operate the Service, primarily to keep you securely signed in across pages and requests. We do not use third-party advertising or cross-site tracking cookies. Because these cookies are essential to the Service, disabling them may prevent you from signing in or using AAMP+.
5. How We Share Information
We share information only as needed to operate the Service:
- With your organization. Data you submit is accessible to authorized administrators and users within your organization, consistent with their roles and permissions.
- With service providers (subprocessors). We use trusted vendors to host and operate the Service. These providers process data on our behalf under contractual confidentiality and security obligations:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage |
| Google LLC | Optional Google sign-in (OAuth authentication) |
| DigitalOcean | Application server hosting |
| Cloudflare | DNS, content delivery, and edge security |
| Resend | Transactional email delivery |
| Google Maps Platform | Geocoding and mapping of account/activity locations |
- For legal reasons. We may disclose information if required by law, regulation, legal process, or to protect the rights, property, or safety of AAMP+, our users, or others.
- In a business transfer. If AAMP+ is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
We do not sell or rent personal information to third parties.
6. Data Retention
We retain information for as long as your account is active or as needed to provide the Service to your organization, and thereafter as required to comply with our legal obligations, resolve disputes, and enforce our agreements. Your organization controls much of the program data within AAMP+ and may request its deletion. When data is no longer needed, we take reasonable steps to delete or anonymize it.
7. Data Security
We implement administrative, technical, and organizational safeguards designed to protect information, including encrypted transport (HTTPS), access controls, row-level data isolation between organizations, and authenticated, role-based access. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work continuously to protect your information.
8. Your Rights and Choices
Depending on your location, you may have rights to access, correct, export, or delete personal information about you. Because access to AAMP+ is administered by your organization, the quickest way to exercise these rights is usually through your organization's administrator. You may also contact us directly using the details below, and we will respond consistent with applicable law. You can revoke Google sign-in access at any time as described in Section 3.
9. International Data Transfers
AAMP+ and its service providers may process and store information in the United States and other countries. Where information is transferred across borders, we take steps to ensure it remains protected consistent with this Policy and applicable law.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after an update constitutes acceptance of the revised Policy.
11. Contact Us
If you have questions about this Privacy Policy or how your information is handled, contact:
MY Agency LLC — operator of AAMP+
Email: admin@aamp.pro