Privacy Policy
Last updated: December 25, 2025
Amplyx ("we," "our," or "us") is a product of Quintessential Intelligence Agency, a brand of Intelliquinte L.L.C., a Delaware limited liability company. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our content attribution tracking service (the "Service").
Our Privacy Commitment: We collect only what's necessary to provide attribution tracking. We encrypt what we don't need to see. We don't sell your data. We don't use it for advertising. Your campaigns and analytics belong to you.
End-to-End Encryption on Sensitive Data
1. Our Privacy-First Architecture
Amplyx is built on a principle of minimal data collection and encryption by default. We've designed our systems so that we cannot access information we don't need to see.
1.1 What Gets Encrypted
The following data is encrypted at rest using AES-256 encryption. Even our own team cannot read this data:
- User Agent strings — Encrypted after device type extraction
- Referrer URLs — Encrypted after platform categorization
- Geographic coordinates — Never stored; only country/city derived
- IP addresses — Hashed immediately, never stored in plaintext
1.2 What We Can See (Aggregated Only)
To provide the service, we process and store these in readable form:
- Click counts and timestamps
- Device type categories (mobile, desktop, tablet)
- Platform categories (Twitter, Reddit, Discord, etc.)
- Country and city names (not precise locations)
- Campaign names and destination URLs you create
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address — Used for authentication, account communications, and password recovery. Stored in encrypted form in our authentication provider (Supabase).
- Password — Hashed using bcrypt with salt. We never store or have access to your plaintext password. Not even our administrators can see it.
- Business name (optional) — For your account profile display only.
2.2 Campaign Data
When you create tracking campaigns, we store:
- Campaign names, descriptions, and settings
- Destination URLs you want to track
- Generated tracking links and short codes
- Campaign creation and modification timestamps
2.3 Click and Attribution Data
When someone clicks a tracking link, our system automatically processes:
| Data Point |
Stored As |
Purpose |
| IP Address |
Hashed + Discarded |
Geo lookup only |
| User Agent |
Encrypted |
Device categorization |
| Referrer URL |
Encrypted |
Platform categorization |
| Country/City |
Plaintext |
Geographic analytics |
| Device Type |
Plaintext |
Device analytics |
| Platform |
Plaintext |
Source analytics |
| Timestamp |
Plaintext |
Time-series data |
| Attribution Chain |
Plaintext |
Core functionality |
2.4 What We Explicitly Do NOT Collect
- Names — We don't know who clicks your links
- Email addresses of clickers — Never collected
- Social media profiles — We don't identify individuals
- Cross-site tracking — No cookies follow users around
- Advertising profiles — We don't build them
- Precise GPS location — Only country/city from IP
- Device contacts, photos, files — Never accessed
- Browsing history — Only the immediate referrer
3. How We Use Your Information
We use the information we collect exclusively to:
- Provide the Service — Track clicks, build attribution chains, and display analytics to you
- Authenticate your account — Verify your identity when you log in
- Send essential communications — Account verification, password resets, critical service updates, and security alerts
- Improve the Service — Analyze aggregate, anonymized usage patterns to enhance features
- Prevent abuse — Detect and prevent fraudulent clicks, bot traffic, and malicious activity
- Comply with legal obligations — Respond to valid legal requests
We do NOT use your information to:
- Sell to any third party, ever
- Build advertising or marketing profiles
- Send promotional emails (unless you explicitly opt in)
- Share with data brokers
- Train AI models on your campaign data
- Target you with ads based on your usage
4. How We Share Your Information
We share information only in these strictly limited circumstances:
4.1 Service Providers (Data Processors)
We use trusted third-party services essential to operating Amplyx. Each is bound by data processing agreements:
- Supabase, Inc. — Database hosting, authentication, and data storage. Data is encrypted at rest in their SOC 2 Type II certified infrastructure.
- Netlify, Inc. — Website hosting, CDN, and serverless function execution. They process requests but do not store our user data.
- Stripe, Inc. — Payment processing (when paid plans are active). They handle payment card data; we never see your full card number.
4.2 Legal Requirements
We may disclose information if required by law, including:
- Valid subpoenas or court orders
- Government requests with proper legal authority
- To protect the rights, property, or safety of Intelliquinte, our users, or the public
- To detect, prevent, or address fraud, security, or technical issues
We will notify you of such requests when legally permitted and will challenge requests we believe are overbroad or unlawful.
4.3 Business Transfers
If Intelliquinte L.L.C. is acquired, merges with another company, or sells substantially all of its assets, your information may be transferred as part of that transaction. We will:
- Notify you before your data is transferred
- Give you the opportunity to delete your account
- Ensure the acquiring entity honors this Privacy Policy
4.4 With Your Explicit Consent
We may share information with your explicit, informed consent for purposes not covered by this policy. We will always tell you exactly what will be shared and why.
4.5 Aggregated, Anonymized Data
We may share aggregated, de-identified data that cannot reasonably be used to identify you (e.g., "X% of clicks come from mobile devices"). This data contains no personal information.
5. Data Retention
We retain your data only as long as necessary:
- Account data — Retained while your account is active. Deleted within 30 days of account deletion request.
- Campaign data — Retained while your account is active. You can delete individual campaigns at any time.
- Click data — Retained based on your plan (currently unlimited during beta). Historical data older than 2 years may be aggregated.
- IP addresses — Never stored. Used only for real-time geolocation lookup, then immediately discarded.
- Server logs — Retained for 30 days for security and debugging, then permanently deleted.
- Backup data — Backups are encrypted and automatically purged after 90 days.
You can request deletion of all your data at any time by emailing hello@intelliquinte.com. We will complete deletion within 30 days and confirm when done.
6. Data Security
We implement comprehensive security measures to protect your data:
6.1 Encryption
- In Transit — All data transmitted via HTTPS/TLS 1.3
- At Rest — Database encryption via Supabase (AES-256)
- Sensitive Fields — Additional application-level encryption for user agents and referrers
- Passwords — Hashed using bcrypt with unique salts
6.2 Access Controls
- Row-Level Security — Database policies ensure you can only access your own data
- API Authentication — All API requests require valid authentication tokens
- Admin Access — Limited to essential personnel with audit logging
- No Plaintext Secrets — API keys and credentials stored in secure environment variables
6.3 Infrastructure
- SOC 2 Compliant Providers — Supabase and Netlify maintain SOC 2 Type II certification
- Regular Security Audits — Ongoing monitoring for vulnerabilities
- Incident Response — Documented procedures for security incidents
No system is 100% secure. Despite our efforts, we cannot guarantee absolute security. If you discover a vulnerability, please report it to
security@intelliquinte.com.
7. Your Rights
Regardless of where you live, you have these rights:
7.1 Universal Rights (All Users)
- Access — Request a copy of all data we have about you
- Correction — Update or correct inaccurate data
- Deletion — Request deletion of your account and all associated data
- Export — Download your campaign data and analytics in a portable format
- Objection — Object to certain processing of your data
7.2 European Users (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you additionally have the right to:
- Restrict processing of your data
- Data portability (receive your data in machine-readable format)
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France)
Legal Basis for Processing:
- Contract Performance — Processing necessary to provide the Service you requested
- Legitimate Interests — Improving the Service, preventing fraud, ensuring security
- Consent — Where you have given explicit consent (e.g., marketing emails)
- Legal Obligation — Compliance with applicable laws
7.3 California Users (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know — What personal information we collect, use, disclose, and sell
- Delete — Request deletion of your personal information
- Correct — Request correction of inaccurate personal information
- Opt-Out of Sale — We do not sell personal information. Period.
- Opt-Out of Sharing — We do not share personal information for cross-context behavioral advertising
- Limit Sensitive Data Use — We do not collect sensitive personal information beyond what's described in this policy
- Non-Discrimination — We will not discriminate against you for exercising your rights
To exercise any of these rights, contact us at hello@intelliquinte.com.
7.4 Other Jurisdictions
If you are subject to other privacy laws (Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, etc.), we will honor rights granted by those laws. Contact us to exercise your rights.
8. Cookies and Tracking Technologies
Amplyx uses minimal cookies:
8.1 Cookies We Use
- Authentication cookies — Essential cookies to keep you logged into the dashboard. These are strictly necessary and cannot be disabled.
- Session cookies — To maintain your session state while using the service.
8.2 What We Do NOT Use
- Third-party advertising or retargeting cookies
- Cross-site tracking cookies
- Analytics cookies that track individual users
- Social media tracking pixels
- Fingerprinting technologies
8.3 How Our Tracking Links Work
The tracking links you create do not set cookies on the clicker's browser. Attribution is tracked via URL parameters only. When someone clicks your link:
- Our server receives the request with referrer and user agent headers
- We extract device type and platform category
- We derive country/city from IP (then discard the IP)
- We encrypt sensitive fields
- We redirect them to your destination URL
- No cookie is ever set on the clicker's device
9. Third-Party Links and Destinations
When users click your tracking links, they are redirected to destination URLs that you control. We are not responsible for:
- The privacy practices of destination websites
- Content at destination URLs
- Cookies or tracking set by destination websites
This Privacy Policy applies only to data collected by Amplyx.
10. Children's Privacy
Amplyx is a business service not intended for children. We do not knowingly collect personal information from anyone under 16 years of age.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at hello@intelliquinte.com. We will delete such information within 48 hours of verification.
11. International Data Transfers
Intelliquinte L.L.C. is based in the United States. Your data may be processed in the United States or other countries where our service providers operate.
For users in the EEA, UK, or Switzerland:
- We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers
- Our service providers maintain appropriate safeguards for international transfers
- You may request a copy of the safeguards we use by contacting us
By using Amplyx, you acknowledge and consent to the transfer of your information to these countries, which may have different data protection laws than your country of residence.
12. Do Not Track Signals
Some browsers send "Do Not Track" (DNT) signals. Because there is no common standard for interpreting DNT signals, Amplyx does not currently respond to them. However, our privacy practices already align with DNT principles—we don't track users across websites and we don't build advertising profiles.
13. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes:
- Minor changes — We'll update the "Last updated" date at the top
- Material changes — We'll notify you by email at least 30 days before they take effect
- Major changes — We may require you to re-accept the updated policy
Your continued use of Amplyx after changes take effect constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:
Amplyx
A product of Quintessential Intelligence Agency
Intelliquinte L.L.C.
A Delaware Limited Liability Company
We aim to respond to all privacy requests within 30 days. For urgent matters, we'll respond within 72 hours.