Privacy Policy

Effective June 15, 2026 · Version 1.1

How Amp collects, uses, and protects personal information, and the choices you have. Written in plain language and aligned with GDPR, UK GDPR, CCPA/CPRA, and PIPEDA.

On this page

  1. Quick Summary
  2. Who We Are
  3. Information We Process
  4. Why We Process It
  5. How AI Is Used
  6. Sub-Processors and Disclosures
  7. How Long We Keep It
  8. International Transfers
  9. How We Protect It
  10. Your Rights
  11. Cookies
  12. Children’s Data
  13. Changes
  14. Contact

1. Quick Summary

The short version:

Key Points

  • Amp is a service provider for employers. Most personal information in Amp belongs to our customer — the employer — and we process it on their instructions.
  • We also collect a small amount of personal information directly — about visitors to our website, sales contacts, operator accounts, and people applying for jobs at Amp.
  • We comply with GDPR, UK GDPR, CCPA/CPRA, PIPEDA, and other applicable privacy laws.
  • We do not sell personal information, and we do not “share” it for cross-context behavioural advertising.
  • We do not use customer data to train AI models. Our AI sub-processors contractually do not retain prompts for training.
  • We honour deletion and access requests within 30 days.
  • If you are a candidate of one of our customers, contact that employer directly to exercise your rights. For everything else, contact us at [email protected].

2. Who We Are

Amp is the trading name of Q7 Systems, Inc. (doing business as “Amp”), based in Ontario, Canada. Amp provides an AI-powered platform that employers use to manage recruiting and hiring workflows. Our website is runamp.com.

Most of the personal information we handle belongs to our customers — the employers using Amp — and we process it on their behalf, on their documented instructions. The smaller set of personal information we hold ourselves (visitors to runamp.com, sales contacts, operator accounts, applicants for jobs at Amp, and vendor contacts) is the focus of much of this policy.

This policy does not cover third-party websites linked from our pages, or our customers’ own systems (such as the applicant tracking systems they use alongside Amp). If you are a candidate or employee whose data is processed in Amp by one of our customers, please also read your employer’s privacy notice — they are responsible for your data.

3. Information We Process

On behalf of our customers: identity and contact details, application and employment history, communications sent and received through the platform, calendar and scheduling data, files such as resumes and supporting documents, interaction records with our AI agents, and session metadata. We process this information only on the customer’s documented instructions, under our Data Processing Agreement with that customer.

Information we collect directly:

  • Website visitors — pages visited, referrer, approximate location, device and browser information, and anything you submit through our forms.
  • Sales prospects and business contacts — name, work email, phone, employer, role, and the history of our business relationship.
  • Operator users — authentication and account information, role, audit logs of administrative actions, and product telemetry needed to operate and secure the service.
  • Job applicants to Amp — application materials and information needed to evaluate the application.
  • Vendor and partner contacts — contact details and records of our business relationship.

4. Why We Process Personal Information

We process personal information to provide the Amp service to our customers; to authenticate, operate, secure, and improve our platform; to run our website and respond to inquiries; to conduct sales, marketing, and customer relationship management; to recruit our own employees; to comply with legal, tax, accounting, and audit obligations; and to establish, exercise, or defend legal claims.

For each purpose, we rely on an appropriate legal basis under applicable privacy law — typically the performance of a contract, our legitimate interests, a legal obligation, or your consent where required.

5. How AI Is Used

Amp is an AI-powered product. Our customers use it to read and summarise candidate materials, score against their own criteria, draft communications, and automate routine workflows.

  • A human at our customer is involved in any decision that meaningfully affects a candidate. Amp surfaces information and recommendations; the customer decides.
  • We do not use customer data to train foundation AI models. Our AI sub-processors are contractually configured so that prompts and outputs are not retained for training.
  • If you believe a decision was made about you based solely on automated processing, contact the employer to request human review.

6. Sub-Processors and Disclosures

We engage a small number of vetted sub-processors to operate Amp, including providers of cloud hosting, AI model inference, AI observability, communications delivery, and the calendar and ATS integrations that customers connect. Each is bound by contractual privacy and security obligations equivalent to our own.

A current list of sub-processors is available to customers and prospective customers on request at [email protected].

We do not sell personal information, and we do not “share” personal information for cross-context behavioural advertising. We disclose personal information only when required by law, in response to valid legal process, to protect rights, property, or safety, or in connection with a business transfer — in which case the recipient will be bound by commitments equivalent to this policy.

7. How Long We Keep Personal Information

For information we process on behalf of customers, retention is governed by each customer’s organization-level retention policy, with industry-typical defaults applied automatically and adjustable by the customer. When data exceeds its retention window, it is automatically anonymized or deleted.

For information we hold as a controller, we retain personal information only as long as necessary for the purposes set out above, including any applicable legal, accounting, or reporting requirements.

8. International Data Transfers

Amp is operated from Ontario, Canada, and hosts production customer data in Microsoft Azure data centers in the United States (US East regions), with geo-redundant backups held within the United States. Our sub-processors are located in the United States. When personal information about individuals in the EU/EEA, the UK, or Switzerland is transferred to or processed in the United States, we rely on Standard Contractual Clauses (and their UK and Swiss equivalents, where applicable), incorporated into our customer and data-processing agreements, together with supplementary measures including encryption in transit and at rest, role-based access controls, and audit logging. For personal information about individuals in Canada, we apply equivalent contractual safeguards consistent with PIPEDA.

9. How We Protect Personal Information

We apply technical and organizational measures appropriate to the sensitivity of the data, including encryption in transit and at rest, role-based access controls with least-privilege defaults, single sign-on for operator users, audit logging, vendor due diligence on every sub-processor, and ongoing security testing.

We are pursuing SOC 2, and we will make the resulting report available to customers under NDA once issued.

No system can be guaranteed completely secure. If we become aware of a personal-data breach, we will notify affected customers and — where required by law — affected individuals and supervisory authorities without undue delay.

10. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you and obtain a copy
  • Correct inaccurate or incomplete information
  • Delete your personal information, subject to legal exceptions
  • Restrict or object to certain processing
  • Receive your information in a portable format
  • Withdraw consent where consent is the legal basis
  • Not be subject to decisions made solely by automated processing that have legal or similarly significant effects
  • Lodge a complaint with your local supervisory authority

How to exercise these rights:

If you are a candidate, applicant, or employee whose data is processed in Amp by one of our customers, please contact that customer directly. They are responsible for your personal information, and we will support them in honouring your request within 30 days of receipt. We do not unilaterally act on data that belongs to our customers.

If your personal information is held by Amp directly (website visitor, sales prospect, operator user, applicant to Amp, or vendor), contact us at [email protected]. We will respond within 30 days of receiving a verified request. We may need to verify your identity before fulfilling a request and will only ask for the minimum information needed to do so.

You may authorize an agent to make a request on your behalf. We do not discriminate against anyone who exercises their privacy rights, and we do not charge a fee for most requests.

11. Cookies and Similar Technologies

We use a small number of cookies on runamp.com: strictly necessary cookies (required for the site to function), analytics cookies (to understand how the site is used), and preference cookies. Our analytics tools are Google Analytics 4 (Google LLC), PostHog (PostHog, Inc., hosted in the United States), and Ahrefs Analytics (Ahrefs Pte. Ltd.); each runs only per the consent choices you make in our cookie banner. See our Cookie Policy for the full list of cookies and how to change your choices at any time. We do not use cookies for cross-site behavioural advertising. Where consent is required, we present a cookie banner and honour your choices, and we respect Global Privacy Control signals.

12. Children’s Data

The Amp service is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact [email protected] and we will delete it.

13. Changes to This Policy

We will update this policy as our practices change. The effective date at the top indicates the most recent revision. For material changes, we will provide additional notice through the website, the product, or by email to customers, as appropriate. Prior versions are available on request.

14. Contact

For privacy questions, to exercise your rights, or to request our current list of sub-processors:

Privacy Officer

[email protected]

Where we are required to appoint an EU or UK representative under GDPR or UK GDPR, their contact details will be published here.