Amplor is operated by JCR IT Services Pty Ltd, trading as JCR Computers ("we", "us", "our"), an Australian company registered in New South Wales. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it.
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For customers based outside Australia, we also align with the principles of the EU GDPR and similar overseas frameworks.
1. Who this policy covers
- Operators — staff at a business that uses Amplor (login accounts, dashboard activity, billing).
- Contacts — the customers, leads, and visitors of an Amplor operator who interact with that operator's business through any channel connected to Amplor (web chat, phone, email, social media, Google Business).
- Visitors — anyone who visits this website (amplor.io).
2. What we collect
From operators
- Account details: name, email, role, hashed password (or SSO identity).
- Business details: legal name, ABN, billing address, payment method.
- Usage telemetry: pages visited, actions taken, errors encountered.
- Communications: support tickets, emails, calls.
From contacts (handled on operators' behalf)
- Identifiers: name, email, phone number, social media handle, profile photo.
- Conversation content: messages sent and received across connected channels.
- Channel metadata: timestamps, message IDs, delivery status.
- Inferred data: AI-generated tags, intent classifications, summary text.
From third-party platforms
When an operator connects a third-party platform to Amplor (Meta / Facebook / Instagram, Google Business Profile, Microsoft 365, SMTP2Go, ElevenLabs, etc.), that platform shares data with us under its own terms. We only request the permissions strictly needed for the operator's chosen Amplor features.
3. How we use it
- To deliver the Amplor service: receive customer messages, generate AI-drafted replies, schedule follow-ups, surface insights.
- To bill the operator and prevent fraud or abuse.
- To maintain, secure, and improve the platform (debugging, performance monitoring).
- To communicate service announcements, security notices, and product updates.
- To comply with legal obligations (tax, audit, court orders).
We do not sell personal information. We do notuse the content of contacts' conversations to train any third-party AI model. Operator-scoped data is used only to serve that operator.
4. Where it lives
Amplor is hosted in Australia. Each customer's data lives in a dedicated stack on infrastructure operated by JCR Computers in Sydney, NSW. Some sub-processors (listed below) may process limited data outside Australia under contractual data protection commitments.
Sub-processors
- Anthropic — large language model inference (operator-scoped). Data not retained beyond inference.
- OpenAI — image generation and fallback inference (operator-scoped).
- SMTP2Go — outbound email delivery.
- ElevenLabs — voice synthesis for the AI phone receptionist.
- Cloudflare — edge networking, DDoS protection, CDN.
- Microsoft — Teams, Graph (when an operator has connected those services).
- Meta Platforms — Facebook, Instagram, WhatsApp APIs (when connected).
- Google — Google Business Profile API (when connected).
We update this list as it changes. Material changes are communicated to operators in advance.
5. How long we keep it
- Active operator data: for as long as the account is active, plus 12 months after cancellation for billing and legal continuity.
- Contact records and conversations: per the operator's retention preference (default: indefinite while account is active, deleted within 30 days of operator-requested deletion or account closure).
- Audit logs: 24 months for security and compliance.
- Backup snapshots: 30 days rolling.
6. Your rights
Under the APPs (and equivalent overseas laws), you have the right to:
- Access the personal information we hold about you.
- Correct any inaccurate information.
- Request deletion of your personal information (subject to legal retention requirements).
- Withdraw consent for any processing based on consent.
- Object to processing or request restriction.
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Operators can exercise these rights via the dashboard at app.amplor.io. Contacts (customers of an operator) should direct requests to the operator first; we will support the operator in responding. To request deletion of your personal data directly from us, see our Data Deletion page.
7. Security
- All data in transit is encrypted (TLS 1.2+).
- All data at rest is encrypted on JCR-managed infrastructure.
- Access to production systems is limited to authorised personnel with audited access.
- JWT tokens, API keys, and OAuth tokens are stored encrypted and rotated on schedule.
- We follow Australian Signals Directorate (ASD) Essential Eight controls.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you and the OAIC in accordance with the Notifiable Data Breaches scheme.
8. Cookies
The marketing website at amplor.io uses essential cookies only (no third-party advertising trackers). The dashboard at app.amplor.io uses a session cookie for authentication and a small set of preference cookies (theme, last-viewed page).
9. Children
Amplor is a B2B service. We do not knowingly collect data from anyone under 18. If you become aware of a contact under 18 in your Amplor data, please remove them and contact us so we can assist.
10. Changes to this policy
We may update this policy from time to time. Material changes are notified to operators by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact
Privacy questions, complaints, or rights requests:
- Email: privacy@amplor.io
- Phone: 1300 525 516
- Post: JCR IT Services Pty Ltd (trading as JCR Computers), Unit G24/320B Annangrove Road, Rouse Hill NSW 2155, Australia