Privacy Policy

Effective date: May 10, 2026

This Privacy Policy explains how Amplituda ("we", "us", "our"), the operator of ContractKit (the "Service"), collects, uses, discloses, and safeguards your information when you visit contractkit.amplituda.pro or use our practice management software. Amplituda is established in Latvia and complies with the EU General Data Protection Regulation (GDPR) and, where applicable, the California Consumer Privacy Act (CCPA).

1. Information We Collect

We collect the following categories of information:

  • Account information: your name, email address, password (hashed), firm name, and jurisdiction.
  • Firm and matter data: client records, matter details, documents, time entries, invoices, and any other content you upload to the Service.
  • Billing information: payment method details, billing address, and transaction history. Card numbers are processed and stored exclusively by Stripe; we never see or store full card numbers.
  • Usage data: log files, IP address, browser type, device identifiers, pages visited, and timestamps.
  • Cookies and similar technologies: session cookies for authentication and analytics cookies (where consented).

2. How We Use Your Information

We process personal data to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and secure accounts;
  • Process payments and manage subscriptions;
  • Send transactional emails (account confirmation, invoices, security alerts) via Resend;
  • Provide customer support and respond to inquiries sent to support@amplituda.pro;
  • Comply with legal obligations and enforce our Terms.

Our legal bases for processing under GDPR are: performance of the contract (providing the Service), legitimate interests (security, improvement), consent (marketing emails, optional cookies), and legal obligation (tax, accounting).

3. Data Sharing and Sub-processors

We do not sell your personal data. We share information only with trusted sub-processors that are contractually bound to safeguard it:

  • Stripe (payment processing) — Stripe Privacy Policy.
  • Resend (transactional email delivery).
  • Anthropic (AI features — only the prompts you submit are sent for processing; we do not send personally identifying data unless you include it in a prompt).
  • Hosting providers within the EU and select third countries with adequate protection.

We may also disclose information if required by law, court order, or to protect rights, safety, or property.

4. Cookies

We use strictly necessary cookies to keep you signed in and secure. We may use analytics cookies only with your consent. You can disable cookies in your browser, but parts of the Service may stop working.

5. Data Retention

We retain account and matter data while your subscription is active. After you cancel, data is retained for 30 days to allow recovery, then permanently deleted, except where retention is required by law (e.g. invoicing records up to 7 years under applicable tax laws). Backups are rotated and purged on a rolling 90-day schedule.

6. Your Rights

Under GDPR (EU residents): you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time. You may lodge a complaint with the Data State Inspectorate of Latvia (Datu valsts inspekcija) or the supervisory authority in your country of residence.

Under CCPA (California residents): you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any right, email support@amplituda.pro. We respond within 30 days.

7. Security

We use TLS 1.2+ in transit, AES-256 at rest, role-based access controls, and 2FA for administrative access. We perform routine security reviews and vulnerability scans. No system is perfectly secure; if a breach affects you, we will notify you and the relevant authorities within the time frames required by law.

8. Children's Privacy

The Service is intended for legal professionals and is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Policy. We will post the new effective date at the top of this page and, for material changes, notify you by email at least 14 days before the change takes effect.

10. Contact Us

Amplituda
Email: support@amplituda.pro
Website: amplituda.pro