AMP Legal

Contents

Terms of Service

Last Updated: [1] September 2025

Welcome to AMP. These Terms of Service ("Terms" or "Agreement") govern your use of the applications, services, and websites provided by AMP including any services accessed through the Shopify App Store or our website located at www.useamp.com (collectively, the "Apps"). Please read them carefully.

AMP is a unified brand comprising separate legal entities, collectively referred to as the "AMP Group." Each application, service, and website is legally operated by a distinct entity within the AMP Group. When we refer to "AMP," "we," "us," or "our" in these Terms, we mean the specific legal entity within AMP Group that operates the application, service, or website you are using. A list of these entities can be found [here].

We provide the Apps to you subject to your acceptance of these Terms, which include our Privacy Policy, Cookie Policy, Data Processing Agreement, and any other policies or guidelines we may issue from time to time and make available on our website at www.useamp.com (the "Website"). These Terms also incorporate the terms and conditions of the Shopify App Store, where applicable. All such policies, rules, and guidelines are incorporated by reference into this Agreement.

THESE TERMS SET FORTH THE LEGALLY BINDING TERMS AND CONDITIONS THAT GOVERN YOUR USE OF THE APPS. BY ACCESSING OR USING THE APPS, YOU ARE ACCEPTING THESE TERMS (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT), AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO ENTER INTO THESE TERMS (ON BEHALF OF YOURSELF OR THE ENTITY THAT YOU REPRESENT). YOU MAY NOT ACCESS OR USE THE APPS OR ACCEPT THESE TERMS IF YOU ARE NOT AT LEAST 18 YEARS OLD. IF YOU DO NOT AGREE TO ALL OF THE PROVISIONS OF THESE TERMS, DO NOT ACCESS OR USE THE APPS.

1. Rights to Access and Use the Apps

1.1 Limited Right to Access and Use. Subject to your agreement and continued compliance with these Terms, including meeting your payment obligations, AMP grants you a non-transferable, non-exclusive, revocable, limited right to access and use the Apps solely for your internal business purpose. For Apps installed from the Shopify App Store, this right is limited to one store per App. You agree not to use the Apps for any other purpose unless we provide you with prior written authorization. We reserve all other rights in the Apps.

1.2 Restrictions on Use. The rights granted to you under these Terms are subject to the following limitations: (a) you may not license, sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Apps or any content made available through the Apps, in whole or in part; (b) you may not modify, create derivative works of, disassemble, decompile, reverse compile, or reverse engineer any part of the Apps; (c) you may not access or use the Apps for the purpose of developing or operating a competing product or service; and (d) except as expressly permitted in these Terms, you may not copy, reproduce, republish, display, post, transmit, or distribute any part of the Apps or their content, in any form or by any means; provided, however, that this does not prohibit your internal downloading or exporting of reports, data, or documentation expressly made available to you through the Apps. Any future release, update, or other addition to the functionality of the Apps will be subject to these Terms, unless expressly stated otherwise. You must retain all copyright and proprietary notices on all copies of content obtained from the Apps.

1.3 Modification. AMP reserves the right, at any time and at its sole discretion, to modify, suspend, or discontinue the Apps, in whole or in part, with or without notice. You agree that AMP shall not be liable to you or any third party for any such modification, suspension, or discontinuation of the Apps or any portion thereof.

1.4 Support. Support for Apps installed via the Shopify App Store is included in your Subscription. AMP accepts support inquiries at [email protected] and generally attempts to respond within one business day, although no specific response time is guaranteed. AMP makes no commitment to ongoing maintenance, upgrades, or enhancements for these Apps and reserves the right to modify, limit, or withdraw support at its discretion.

1.5 Ownership. You acknowledge that all intellectual property rights, including copyrights, patents, trademarks, and trade secrets, in the Apps and their content are owned by AMP or its licensors. These Terms do not transfer to you or any third party any right, title, or interest in or to such intellectual property, except for the limited rights of access granted in Section 1.1. All rights not expressly granted under these Terms are reserved. There are no implied licenses granted under these Terms.

1.6 User Materials. You may provide, upload, or transmit data, content, or materials into the Apps (“User Materials”) in connection with your use of the Apps. You retain all rights in your User Materials, subject to the rights granted to AMP in these Terms. You hereby grant AMP a non-exclusive, worldwide, royalty-free, sublicensable, and transferable license to use, reproduce, process, host, display, perform, modify, and distribute User Materials solely as necessary to operate, provide, improve, and support the Apps and fulfill our obligations under these Terms. You represent and warrant that you have all necessary rights, licenses, and consents to provide the User Materials and to grant the license above, and that your User Materials do not violate any third-party rights or applicable law. Where your User Materials include personal data about other people, you confirm that the collection, use, and disclosure of that data complies with our Privacy Policy, including obtaining consent where required or relying on another legal basis that is permitted. AMP reserves the right, but has no obligation, to review, monitor, or remove User Materials that it determines, in its sole discretion, may violate these Terms. Please note that User Materials may include personal data. Where applicable, our use of such personal data is governed by our Privacy Policy, which explains your rights and how we handle such data in compliance with applicable law.

1.7 AI Features. The Apps may include features powered by artificial intelligence, including tools that generate suggested content or insights. You acknowledge and agree that any such features are provided "as is" and may produce incomplete, inaccurate, or inappropriate results. You are solely responsible for evaluating and relying on any AI-generated output, and AMP disclaims all liability arising from such use.

2. Indemnification.

You agree to defend, indemnify, and hold harmless AMP, its parent company, affiliates, subsidiaries, employees, contractors, content providers, and assignees, as well as their respective officers, directors, employees, and agents, from and against any and all liabilities, claims, actions, demands, damages, losses, and expenses (including reasonable attorneys’ fees) made by any third party arising out of or related to: (a) your use of the Apps; (b) any transaction resulting from your use of the Apps; (c) your violation of these Terms; (d) your violation of applicable laws or regulations; or (e) your submission, posting, or transmission of any User Materials. AMP reserves the right, at your expense, to assume the exclusive defense and control of any matter subject to indemnification, and you agree to cooperate fully with AMP in asserting any available defenses. You may not settle any matter without AMP’s prior written consent. AMP will use reasonable efforts to notify you of any such claim, action, or proceeding upon becoming aware of it.

3. Third-Party Links; Other Users

3.1 Third-Party Links. The Apps may contain links to third-party websites and services, and/or display advertisements for third parties (collectively, “Third-Party Links”). Such Third-Party Links are not under the control of AMP, and AMP is not responsible for any Third-Party Links. You use all Third-Party Links at your own risk, and should apply a suitable level of caution and discretion in doing so. When you click on any of the Third-Party Links, the applicable third party’s terms and policies apply, including the third party’s privacy and data gathering practices. You should make whatever investigation you feel necessary or appropriate before proceeding with any transaction in connection with such Third-Party Links.

3.2 Release. You hereby release and forever discharge AMP (and our officers, employees, agents, successors, and assigns) from, and hereby waive and relinquish, each and every past, present and future dispute, claim, controversy, demand, right, obligation, liability, action and cause of action of every kind and nature (including personal injuries, death, and property damage), that has arisen or arises directly or indirectly out of, or that relates directly or indirectly to, the Apps (including any interactions with, or act or omission of, other Apps users or any Third-Party Links). If you are a California resident, you hereby waive California Civil Code Section 1542 in connection with the foregoing, which states: “A general release does not extend to claims which the creditor does not know or suspect to exist in his or her favor at the time of executing the release, which if known by him or her must have materially affected his or her settlement with the debtor.”

4. Disclaimers.

THE APPS ARE PROVIDED ON AN “AS-IS” AND “AS AVAILABLE” BASIS, AND AMP (AND OUR SUPPLIERS) EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ALL WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, QUIET ENJOYMENT, ACCURACY, OR NON-INFRINGEMENT. WE (AND OUR SUPPLIERS) MAKE NO WARRANTY THAT THE APPS WILL MEET YOUR REQUIREMENTS, WILL BE AVAILABLE ON AN UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE BASIS, OR WILL BE ACCURATE, RELIABLE, FREE OF VIRUSES OR OTHER HARMFUL CODE, COMPLETE, LEGAL, OR SAFE. IF APPLICABLE LAW REQUIRES ANY WARRANTIES WITH RESPECT TO THE APPS, ALL SUCH WARRANTIES ARE LIMITED IN DURATION TO NINETY (90) DAYS FROM THE DATE OF FIRST USE.

SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

5. Limitation on Liability.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL AMP (OR OUR LICENSORS) BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY LOST PROFITS, LOST DATA, COSTS OF PROCUREMENT OF SUBSTITUTE PRODUCTS, OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO THESE TERMS OR YOUR USE OF, OR INABILITY TO USE, THE APPS, EVEN IF AMP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ACCESS TO, AND USE OF, THE APPS IS AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR DEVICE OR COMPUTER SYSTEM, OR LOSS OF DATA RESULTING THEREFROM.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR LIABILITY TO YOU FOR ANY DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT (FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION), WILL AT ALL TIMES BE LIMITED TO A MAXIMUM OF FIFTY US DOLLARS (U.S. $50). THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. YOU AGREE THAT OUR SUPPLIERS WILL HAVE NO LIABILITY OF ANY KIND ARISING FROM OR RELATING TO THIS AGREEMENT.

SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.

6. Term and Termination.

Subject to this Section, these Terms will remain in full force and effect while you use the Apps. We may suspend or terminate your rights to use the Apps at any time for any reason at our sole discretion, including for any use of the Apps in violation of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the Apps will terminate immediately. AMP will not have any liability whatsoever to you for any termination of your rights under these Terms, including for termination of your Account. Even after your rights under these Terms are terminated, the following provisions of these Terms will remain in effect: Sections 1.2 through 1.7 and Sections 3 through 8. Termination may include deletion of your account, data, and all User Materials associated with your use of the Apps. You must immediately stop using the Apps and certify that you have deleted all copies of any software provided under these Terms. For details about how we retain and delete personal data following account termination, including your rights to request erasure, please refer to our Privacy Policy. Upon termination of your account, we may retain your data as described in our Privacy Policy and Data Processing Agreement. These documents outline your rights to request deletion and the conditions under which we retain data for legal or operational purposes.

7. General

7.1 Changes. These Terms are subject to occasional revision, and if we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us (if any), and/or by prominently posting notice of the changes on our Website. You are responsible for providing us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to these Terms will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you (if applicable) or thirty (30) calendar days following our posting of notice of the changes on our Website. These changes will be effective immediately for new users of our Apps. Continued use of our Apps following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

7.2. Governing Law and Arbitration Clause.

(a) Governing Law. This Agreement and any action related thereto will be governed, controlled, interpreted, and defined by and under the laws of Singapore, without giving effect to any conflicts of law principles that would require the application of laws of another jurisdiction.

(b) Arbitration. All claims and disputes arising out of or in connection with the Terms, or the use of any product or service provided by AMP, that cannot be resolved through informal negotiation shall be referred to and finally resolved by arbitration in Singapore in accordance with the Arbitration Rules of the Singapore International Arbitration Centre in force when the Notice of Arbitration is submitted (“Applicable SIAC Rules”), which rules are deemed to be incorporated by reference in this Section. The seat of such arbitration will be Singapore and all proceedings will be conducted in the English language. The parties agree that the applicable Expedited Procedure Rules under the Applicable SIAC Rules will apply irrespective of the amount in dispute. The Tribunal will consist of one arbitrator to be appointed by the President of the Court of Arbitration of the Singapore International Arbitration Centre. Deposits and fees to cover the costs of arbitration will be shared equally by the disputing Parties. The award rendered by the arbitrator will, in addition to dealing with the merits of the case, fix the costs of the arbitration and decide which of the Parties will bear such costs or in what proportions such costs will be borne by the Parties hereto. The award rendered by the arbitrator or arbitrators will be final, conclusive and binding on all Parties to this Agreement and will be subject to execution and enforcement in any court of competent jurisdiction.

(c) Confidentiality. All aspects of the arbitration proceeding, including but not limited to the award of the arbitrator and compliance therewith, shall be strictly confidential. The parties agree to maintain confidentiality unless otherwise required by law. This paragraph shall not prevent a party from submitting to a court of law any information necessary to enforce this Agreement, to enforce an arbitration award, or to seek injunctive or equitable relief.

(d) Severability. If any part or parts of this Agreement are found under the law to be invalid or unenforceable by a court of competent jurisdiction, then such specific part or parts shall be of no force and effect and shall be severed and the remainder of the Agreement shall continue in full force and effect.

(e) Claims Not Subject to Arbitration. Notwithstanding the foregoing, claims of defamation, violation of the U.S. Computer Fraud and Abuse Act, and infringement or misappropriation of the other party’s patent, copyright, trademark or trade secrets shall not be subject to this Agreement. Each party may also seek injunctive or equitable relief in a court of competent jurisdiction to protect its intellectual property rights or confidential information pending the outcome of arbitration.

7.3 Electronic Communications. The communications between you and AMP use electronic means, whether you use the Apps or send us emails, or whether AMP posts notices on the Apps or communicates with you via email. For contractual purposes, you (a) consent to receive communications from AMP in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that AMP provides to you electronically satisfy any legal requirement that such communications would satisfy if it were in a hardcopy writing. The foregoing does not affect your non-waivable rights.

7.4 Entire Terms. These Terms constitute the entire agreement between you and us regarding the use of the Apps. Our failure to exercise or enforce any right or provision of these Terms shall not operate as a waiver of such right or provision. The section titles in these Terms are for convenience only and have no legal or contractual effect. The word “including” means “including without limitation”. If any provision of these Terms is, for any reason, held to be invalid or unenforceable, the other provisions of these Terms will be unimpaired and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Your relationship to AMP is that of an independent contractor, and neither party is an agent or partner of the other. These Terms, and your rights and obligations herein, may not be assigned, subcontracted, delegated, or otherwise transferred by you without AMP’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. AMP may freely assign these Terms. The terms and conditions set forth in these Terms shall be binding upon assignees.

7.5 Copyright/Trademark Information. All rights reserved. All trademarks, logos and service marks (“Marks”) displayed on the Apps are our property or the property of other third parties. You are not permitted to use these Marks without our prior written consent or the consent of such third party which may own the Marks.

8. App Contact Details:

The legal entity responsible for each App or service is listed below. These entities collectively operate under the AMP Group brand, but each is independently responsible for its respective service under these Terms.

Product	Contact Details
Website	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Lifetimely	Lifetimely Oy (Registration No. 3107222-6) c/o Bird & Bird Asianajotoimisto Mannerheimintie 8 00100 Helsinki, Finland [email protected]
Back in Stock	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Bundles	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Upsell	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Slide Cart	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Australia Post Shipping	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]

Privacy Policy

Last updated on [1] September 2025.

AMP respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and protect your personal data when you use our website, products, or services. It describes your rights under applicable laws, including the EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), and the Singapore Personal Data Protection Act of 2012 (PDPA) (“Applicable Laws”).

This privacy policy is provided in a layered format so you can click through to the specific areas set out below.

[IMPORTANT INFORMATION AND WHO WE ARE]
[THE DATA WE COLLECT ABOUT YOU]
[HOW IS YOUR PERSONAL DATA COLLECTED?]
[HOW WE USE YOUR PERSONAL DATA]
[DISCLOSURES OF YOUR PERSONAL DATA]
[INTERNATIONAL TRANSFERS]
[DATA SECURITY]
[DATA RETENTION]
[YOUR LEGAL RIGHTS]
[EEA DATA SUBJECTS: YOUR RIGHTS UNDER THE EU GDPR]
[CALIFORNIA CONSUMERS: YOUR RIGHTS UNDER THE CCPA/CPRA]
[SINGAPORE USERS. YOUR RIGHTS UNDER THE SINGAPORE PDPA]
[HOW TO CONTACT US / DATA PROTECTION OFFICER]
[GOVERNING LAW AND DISPUTE RESOLUTION]

1. Important information and who we are

Purpose of this privacy policy

This privacy policy explains how AMP collects and processes your personal data through your use of this website or our products and services, including any data you may provide through this website or our apps available on the Shopify App Store.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

This website is not intended for children under the age of 18, and we do not knowingly collect data relating to children.

Controllers

AMP is a unified brand comprising separate legal entities (collectively, the “AMP Group”), a list of which can be found in Section 12. Each product or service is legally operated by a specific entity within the AMP Group. That entity is solely responsible for processing your personal data as a controller under applicable data protection laws. When we mention "AMP," "we," "us," or "our" in this policy, we are referring to the specific legal entity within the AMP Group that operates the product or service you are using and is responsible for processing your data.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the relevant Data Protection Officer using the details set out in Section 12 ("How to Contact Us / Data Protection Officer").

Third-party links

This website and our products may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, last name, username or similar identifier.
Contact Data includes billing address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of applications and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, applications, and services, such as session statistics, browsing history, page views, clicks, trackers, user counts, and data communicated while using or in order to use the website, applications, and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not intentionally collect special categories of personal data (as defined under GDPR) or sensitive personal information (as defined under CPRA) without explicit consent or where required by law.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by email or otherwise. This includes personal data you provide when you:

purchase products or services;
create an account on our website;
subscribe to our newsletter;
request marketing to be sent to you; or
request support or contact us.

Automated technologies or interactions. As you interact with our website or products, we automatically collect Usage Data and Technical Data about your device, browsing actions, and patterns. We collect this data through cookies, trackers, server logs, and similar technologies. This may include session statistics, browsing history, page views, clicks, number of users, and data communicated while using or in order to use the website and products. Please see our [Cookie Policy] for further details.

Third parties or publicly available sources. We may collect or receive personal data about you from various third parties and publicly available sources as set out below:
- Technical Data from the following parties:
  - analytics providers such as Google and HubSpot (both based in the United States);
  - advertising networks such as Google Ads and Meta Ads (both based in the United States); and
  - search information providers such as Bing and DuckDuckGo (based outside the EU).
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Shopify (based in Canada) and Amazon Web Services (based in the United States);
- Usage Data and device information collected through hosting and backend infrastructure providers such as Amazon Web Services, WP Engine, and Shopify.
- Data communicated in order to use the service, processed through tag management services such as Google Tag Manager and Segment (Twilio).
- Email addresses and related user activity processed through user database management services such as HubSpot CRM.
- Automatically collected data via cookies, trackers, server logs, and other similar technologies when you use our website, applications, and services.
- Publicly available sources may include social media profiles, company websites, or government registers.
- Where personal data is transferred outside of the European Economic Area (EEA) or the United Kingdom, such transfers will be subject to appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Agreement.

4. How we use your personal data

We will only use your personal data when the law allows us to. We will not use personal data for purposes beyond those stated in this Privacy Policy unless we have obtained consent or where an exception under Applicable Laws applies. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal obligation.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new customer	(a) Identity (b) Contact	Performance of a contract with you
To process and deliver your subscription including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products)
To enable you to complete a survey	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests (to study how customers use our products, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, applications, services, marketing, customer relationships and experiences	(a) Technical (b) Usage	Necessary for our legitimate interests (to define types of customers for our products, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about products or services that may be of interest to you	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications	Necessary for our legitimate interests (to develop our products and grow our business)
To enable features powered by artificial intelligence, such as our AI Assistant, which processes user inputs to provide responses, insights, and service enhancements.	(a) Usage (b) Technical (c) Profile (d) Data communicated through chat interface.	Necessary for our legitimate interests (to provide AI-powered features such as our AI Assistant, to improve our services, ensure quality, support service enhancements, and develop our predictive models).

AI Features and Data Processing

We offer AI-powered features, such as our AI Assistant. User inputs in these features are processed to generate responses and insights. We share these inputs with service providers (such as OpenAI) solely to fulfill your requests, under contracts that limit their use of this data to our purposes and prohibit its use for training their own general models. We retain and may analyze de-identified logs to improve our models and services, ensuring that data used for model training does not identify you.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We use cookies, trackers, and similar technologies to manage your preferences. For more details, please see our [Cookie Policy].

For users in the EEA and UK, we will obtain your explicit consent before sending direct marketing communications. You have the right to object at any time to the processing of your personal data for direct marketing purposes.

Promotional offers and free trials

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may interest to you. This helps us determine which applications, services, and offers may be relevant for you.

You will receive marketing communications from us if you have requested information from us or purchased applications or services and you have not opted out.

Advertising and analytics

We use services such as Google Ads, Meta Ads, Google Analytics, HubSpot, and other providers to help us deliver relevant content and measure marketing effectiveness. These providers may use cookies and trackers to collect Usage Data such as session statistics, browsing history, page views, clicks, and other interactions to support interest-based advertising and analytics.

You can manage your advertising preferences through our cookie settings or by following opt-out instructions provided in our Cookie Policy.

Third-party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you by contacting us. This opt-out will not affect data provided as part of a purchase or other transaction.

Cookies

We use cookies and similar technologies to provide our services, improve user experience, and support marketing and analytics. [You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information, please see our [Cookie Policy] for further details about the types of cookies and trackers we use and how you can manage your preferences.

For users in the EEA and UK, we obtain your consent for non-essential cookies in compliance with applicable laws. For more details, please see our [Cookie Policy].

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table [Purposes for which we will use your personal data] above.

- Internal Third Parties such as other companies in the AMP Group, acting as processors (and in some cases as joint controllers where we jointly determine the purposes and means of processing), who provide IT, system administration, hosting, support, and reporting services.
- External Third Parties as set out below:

Service providers who help us deliver and support our services. This includes payment processors, hosting and cloud infrastructure providers (such as Amazon Web Services, WP Engine, Shopify), tag management services (such as Google Tag Manager, Segment), and user database management services (such as HubSpot CRM), who process your personal data only under our instructions. We also share data with analytics and advertising partners (such as Google Analytics, Google Ads, Meta Ads, HubSpot) who may act as independent or joint controllers and use your data in accordance with their own privacy policies.

Professional advisers (such as lawyers, bankers, auditors, and insurers) who act as independent controllers when providing consultancy, banking, legal, insurance, and accounting services.

- Government agencies, regulators, tax authorities, law enforcement, and other public authorities acting as independent controllers where reporting of processing activities or disclosure is required to comply with legal obligations.
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to handle it in accordance with the law. Our service providers acting as processors may only use your personal data on our instructions and for specified purposes.

6. International transfers

We operate globally and may transfer your personal data to countries outside of your country of residence, including outside the United States, the European Economic Area (EEA), and the United Kingdom (UK). This includes sharing your personal data within the AMP Group and with our service providers, who may be located in other countries.

These countries may have different data protection laws from those in your jurisdiction. Whenever we transfer your personal data internationally, we take steps to ensure it is treated securely and in accordance with this privacy policy and applicable law.

For residents of the United States, your personal data may be processed outside your state or country of residence as described in this policy.

For residents of the EEA and UK, whenever we transfer your personal data internationally, we ensure a similar level of protection is applied by implementing appropriate safeguards, which may include:

Transferring personal data to countries that have been deemed to provide an adequate level of protection by the European Commission or UK Government.

Using specific contracts approved by the European Commission or UK Government (such as Standard Contractual Clauses) that ensure personal data receives equivalent protection.

For transfers of personal data originating from Singapore, we ensure that such transfers comply with the Singapore Personal Data Protection Act (PDPA) by taking appropriate steps to ascertain that the recipient of the personal data outside Singapore is bound by legally enforceable obligations to provide a standard of protection to the personal data that is at least comparable to the protection under the PDPA. This may include, but is not limited to, relying on contractual clauses, binding corporate rules, or other recognized transfer mechanisms.

If you would like further information about how we protect your personal data during international transfers, please contact us.

7. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

For users in the European Economic Area or the UK, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach where required under the GDPR, and inform affected individuals without undue delay if the breach is likely to put their rights or personal interests at significant risk
For California residents, we will notify affected individuals, and if required, the California Attorney General, in the most expedient time possible and without unreasonable delay, consistent with California law.
For users in Singapore, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as possible, and always within three days of determining that the breach is notifiable under the PDPA.

8. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. In general, this means we keep data for as long as you maintain an account with us or as needed to provide you with our services, and for a period after that where required for legal or operational reasons. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for a period required by applicable tax and legal obligations after they cease being customers.

In some circumstances you can ask us to delete your data: see [your legal rights] below for further information.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

9. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data's accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain applications or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out in this Privacy Policy, please contact us using the details provided in Section 12 ('How to Contact Us / Data Protection Officer').

Verification Process: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification. We may also contact you to ask for further information in relation to your request to speed up our response.

Response Time: We try to respond to all legitimate requests within one month. Occasionally, it could take us longer if your request is particularly complex or you have made a number of requests. In such cases, we will notify you and keep you updated.

10. EEA Data Subjects: Your Rights Under the EU GDPR.

As an EEA (European Economic Area) data subject, you have specific rights under the EU General Data Protection Regulation (EU GDPR). These rights are in addition to the general legal rights outlined in Section 9 ("Your Legal Rights") and are specifically tailored to the GDPR framework.

For further detailed information on each of these rights, including the circumstances in which they apply, please refer to the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the EU General Data Protection Regulation.

Summary of Your GDPR Rights:

The following table summarizes your rights under the EU GDPR:

Right	Description
Right to Be Informed	The right to know or be notified about the collection and use of your personal information
Right to Access	The right to be provided with a copy of your personal information (the right of access)
Right to Rectification	The right to require us to correct any mistakes in your personal information
Right to be Forgotten	The right to require us to delete your personal information—in certain situations
Right to Restriction of Processing	The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data
Right to Data Portability	The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations
Right to Object	The right to object: • At any time to your personal information being processed for direct marketing (including profiling) • In certain other situations to our continued processing of your personal information, e.g., processing carried out for our legitimate interests
Right Not to be Subject to Automated Individual Decision-Making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

EEA Data Subjects: Transferring Your Personal Information Out of the EEA. As detailed in Section 6 ("International Transfers"), it is sometimes necessary to share your personal information outside the EEA to provide services to you. This may occur when we share data with our offices or service providers located outside the EEA, or if you are based outside the EEA. These transfers are subject to special rules under European and UK data protection law. We will ensure the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission.

Keeping Your Personal Information Secure. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

EEA Data Subjects: How to File a GDPR Complaint. We hope that we can resolve any query or concern you raise about our use of your information. The GDPR also grants you the right to lodge a complaint with a supervisory authority in the European Union (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws occurred. For contact details of the relevant supervisory authority in your country, please visit the European Data Protection Board's website: [https://edpb.europa.eu/about-edpb/about-edpb/members_en]

11. California Consumers: Your Rights Under the CCPA/CPRA.

You have the right under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:

Right	Description
Disclosure of Personal Information We Collect About You	You have the right to know, and request disclosure of: • The categories of personal information we have collected about you, including sensitive personal information • The categories of sources from which the personal information is collected • The categories of third parties to whom we disclose personal information, if any –and– • The specific pieces of personal information we have collected about you Please note that we are not required to: • Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained • Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information –or– • Provide the personal information to you more than twice in a 12-month period
Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose	In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know: • The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared –and– • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose You have the right to opt-out of the sale of your personal information or sharing of your personal information for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information. To opt-out of the sale or sharing of your personal information, email [email protected]
Right to Limit Use of Sensitive Personal Information	You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to: • Perform the services or provide the products reasonably expected by an average consumer who requests those products or services • To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with the business, if the consumer's personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business –and– • As authorized by further regulations You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. To limit the use of your sensitive personal information, email [email protected]
Right to Deletion	Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: • Delete your personal information from our records –and– • Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort Please note that we may not delete your personal information if it is reasonably necessary to: • Complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us • Help to ensure security and integrity to the extent the use of the consumer's personal information is reasonably necessary and proportionate for those purposes • Debug to identify and repair errors that impair existing intended functionality • Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law • Comply with the California Electronic Communications Privacy Act • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us • Comply with an existing legal obligation –or– • Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information
Right of Correction	If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.
Protection Against Retaliation	You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things: • Deny products or services to you • Charge different prices or rates for products or services, including through the use of discounts or other benefits or imposing penalties • Provide a different level or quality of products or services to you –or– • Suggest that you will receive a different price or rate for products or services or a different level or quality of products or services Please note that we may charge a different price or rate or provide a different level or quality of products and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.

12. Singapore Users: Your Rights Under the Singapore PDPA

Right of Access – you may request access to your personal data and information on how it has been used or disclosed in the past year.
Right of Correction – you may request that we correct any errors or omissions in your personal data.
Right to Withdraw Consent – you may withdraw consent that you previously gave, subject to legal or contractual restrictions.
Right to Data Portability – you may request a copy of your personal data in a commonly used machine-readable format and have it transmitted to another organisation, where this right applies under the Singapore PDPA.

These rights are subject to exemptions under the Singapore PDPA.

13. How to Contact Us / Data Protection Officer

For any questions regarding this Privacy Policy or to exercise your legal rights, please contact the relevant Data Protection Officer listed in the table below:

Product	Contact Details
Website	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Lifetimely	Lifetimely Oy (Registration No. 3107222-6) c/o Bird & Bird Asianajotoimisto Mannerheimintie 8 00100 Helsinki, Finland [email protected]
Back in Stock	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Bundles	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Upsell	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Slide Cart	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Australia Post Shipping	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]

You also have the right to make a complaint at any time to the data protection authority in your jurisdiction, though we would appreciate the opportunity to address your concerns first.

14. Governing Law and Dispute Resolution

The governing law and dispute resolution provisions applicable to this Privacy Policy are set forth in our Terms of Service. All disputes arising in connection with this policy shall be handled in accordance with the arbitration and jurisdiction provisions stated therein.

Cookie Policy

Last Updated: [1] September 2025

This Cookie Policy is part of AMP’s Privacy Policy and should be read together with it. We handle any personal data collected through cookies, trackers, and similar technologies in line with our Privacy Policy. This policy explains how AMP (“we,” “us,” “our”) uses these technologies on useamp.com and related services to deliver, secure, and improve our services, enhance your experience, and support marketing and analytics.

1. What Are Cookies and Trackers?

Cookies are small text files placed on your device when you visit our website, used to store information such as preferences or session data.

Trackers refer more broadly to technologies like web beacons, pixel tags, scripts, and device fingerprinting that collect data about your interactions with our content and services.

For simplicity, throughout this document, we'll often refer to all such technologies collectively as "Trackers" unless we need to specifically discuss browser-based cookies.

2. Why We Use Trackers

We use Trackers to:

Ensure the proper functioning of our website and services.
Enhance your user experience by remembering preferences.
Measure website usage and performance.
Support compliance with legal obligations (e.g., cookie consent logging).

We use both first-party Trackers (set by us) and third-party Trackers (set by our service providers). Unless otherwise specified, third-party providers may access the Trackers they manage. Consent is required for non-essential cookies and similar technologies that collect personal data, while strictly necessary cookies — such as those used for security, authentication, or core site functionality — do not require consent. Consent can be given through cookie banners or your browser and device settings, and you may withdraw it at any time.

3. Types of Trackers We Use

We use the following trackers:

We categorize the Trackers we use based on their purpose:

Strictly Necessary Trackers: These are essential for our website to operate correctly and to deliver the service you request. For example, they allow you to log into secure areas, use a shopping cart, or access e-billing services.
Analytical/Performance Trackers: These help us understand how visitors use our website, including the number of visitors and how they navigate our pages. This information helps us improve our website's functionality and user experience.
Functionality Trackers: These recognize you when you return to our website, allowing us to personalize content for you, greet you by name, and remember your preferences (like language or region settings).
Targeting/Marketing Trackers: These record your visits to our website, the pages you've viewed, and the links you've followed. We use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for these purposes. Personal data collected through these trackers is kept only for as long as needed to fulfil the purposes described, or longer if required for legal or operational reasons, in line with our Privacy Policy. Session cookies generally expire when you close your browser, while persistent cookies remain for a limited period before being anonymised or securely deleted.

4. Specific Trackers We Use

You can find more information about the specific trackers we use and the purposes for which we use them in the table below:

Cloudflare
Name: _cfuvid
Purpose: Strictly Necessary: Identifies trusted traffic, helps differentiate users behind shared IPs, and supports security features.
https://www.cloudflare.com/privacypolicy/

Cloudflare
Name: cf_clearance
Purpose: Strictly Necessary: Remembers that a challenge was passed (e.g., CAPTCHA) to avoid re-challenges.
https://www.cloudflare.com/privacypolicy/

Shopify
Name: _ab
Purpose: Strictly Necessary: Used in connection with access to the Shopify admin area.
https://www.shopify.com/legal/privacy

Shopify
Name: _cmp_a
Purpose: Functionality: Stores cookie consent status to comply with privacy requirements.
https://www.shopify.com/legal/privacy

Shopify
Name: _customer_account_shop_sessions
Purpose: Functionality: Maintains logged-in user sessions across pages.
https://www.shopify.com/legal/privacy

Google Analytics
Name: _ga
Purpose: Analytical: Used to distinguish users and analyze site performance.
https://policies.google.com/privacy

Google Analytics
Name: _ga_*
Purpose: Analytical: Stores session-level data for Google Analytics.
https://policies.google.com/privacy

Meta (Facebook)
Name: _fbp
Purpose: Targeting: Tracks visits across websites to deliver targeted advertising.
https://www.facebook.com/privacy/policy

Meta (Facebook)
Name: _fbc
Purpose: Targeting: Captures click ID to attribute ad visits to conversions.
https://www.facebook.com/privacy/policy

HubSpot
Name: __hstc
Purpose: Analytical: Tracks visitors for HubSpot marketing and analytics.
https://legal.hubspot.com/privacy-policy

HubSpot
Name: hubspotutk
Purpose: Analytical: Identifies users and associates them with form submissions.
https://legal.hubspot.com/privacy-policy

Segment (Twilio)
Name: ajs_anonymous_id
Purpose: Analytical: Assigns a unique ID to anonymous users for tracking.
https://www.twilio.com/legal/privacy

Segment (Twilio)
Name: ajs_user_id
Purpose: Functionality: Associates user identity with analytics events.
https://www.twilio.com/legal/privacy

Google Tag Manager
(No specific cookie names listed, but uses Trackers)
Purpose: Necessary/Functional: Manages various tags (scripts, pixels) on our website, including those for analytics and marketing.
https://policies.google.com/privacy

OpenAI API
(No specific cookie names listed, but uses Trackers)
Purpose: Necessary/Functional: Helps automate tasks through its AI engine.
https://openai.com/privacy/

Google Fonts
(No specific cookie names listed, but uses Trackers)
Purpose: Experience: Allows us to incorporate different font styles on our pages.
https://policies.google.com/privacy

HubSpot Analytics
Name: hmpl, hs_gpc_banner_dismiss, hssc, hssrc, hstc, hublytics_events_53, hubspotutk, messagesUtk
Purpose: Measurement: Provides analytics services.
https://legal.hubspot.com/privacy-policy

Meta Events Manager
Name: _fbp, lastExternalReferrer, lastExternalReferrerTime
Purpose: Measurement: Provides insights into website traffic and interactions by integrating the Meta pixel.
https://www.facebook.com/privacy/policy

Google Ads conversion tracking
Name: IDE, test_cookie
Purpose: Marketing: Connects data from the Google Ads advertising network with actions performed on useamp.com.
https://policies.google.com/privacy

Meta ads conversion tracking (Meta pixel)
Name: _fbc, _fbp, fr, lastExternalReferrer, lastExternalReferrerTime
Purpose: Marketing: Connects data from the Meta Audience Network with actions on useamp.com to track conversions attributed to ads.
https://www.facebook.com/privacy/policy

HubSpot CRM
Name: hmpl, hs_gpc_banner_dismiss, hssc, hssrc, hstc, hublytics_events_53, hubspotutk, messagesUtk
Purpose: Marketing: Manages user database.
https://legal.hubspot.com/privacy-policy

Please note that third parties (including advertising networks and web traffic analysis services) may also use Trackers over which we have no control. These are likely to be analytical/performance or targeting Trackers.

AI and Trackers

Certain AMP features are powered by AI tools that use trackers to analyze user inputs and behavior. These trackers help deliver tailored responses and improve service functionality. See our [Privacy Policy] for more details on how AI-powered features process your Personal Data.

5. How to Manage Your Tracker Preferences

Your Consent and Preferences

When the use of Trackers requires your consent, you can provide or withdraw that consent by adjusting your preferences through the privacy choices panel available on useamp.com.

For any third-party Trackers, you can manage your preferences using their specific opt-out links (where provided), by consulting their privacy policies, or by contacting the third party directly.

Controlling Trackers via Your Device Settings

You can also manage or delete Trackers, including cookies, through your browser settings:

See which Trackers are set on your device.
Block Trackers.
Clear Trackers from your browser.

For mobile apps, you can manage certain categories of Trackers by adjusting your device's advertising or tracking settings.

Opting Out of Interest-Based Advertising

You can also opt out of interest-based advertising through industry initiatives such as:

The Digital Advertising Alliance also offers an application called AppChoices to help control interest-based advertising on mobile apps.

6. Consequences of Denying Trackers

You are free to decide whether or not to allow the use of Trackers. However, please note that Trackers help useamp.com provide a better experience and advanced functionalities. If you choose to block the use of Trackers, we may be unable to provide certain features.

7. Owner and Data Controller

Data Protection Officer
Addition Apps Pte Ltd
(UEN 202142308H)
90 Eu Tong Sen Street #03-02
Singapore 059811
[email protected]

Since we cannot fully control the use of third-party Trackers, any specific references to them in this document are indicative. For complete and up-to-date information, please consult the privacy policies of the respective third-party services listed.

If you have any further questions about our use of tracking technologies, please contact us.

8. Your Rights

You have the right to control how your data is collected and used via cookies and trackers. For more information about your legal rights under applicable privacy laws, please consult our Privacy Policy.

9. Governing Law and Dispute Resolution

The governing law and dispute resolution provisions applicable to this Cookie Policy are set forth in our Terms of Service. All disputes arising in connection with this policy shall be handled in accordance with the arbitration and jurisdiction provisions stated therein.

Data Processing Agreement

Last Updated: [1] September 2025

This Data Processing Agreement and its Annexes (“DPA”) is incorporated into and part of the Terms of Service ("TOS") (as defined below) between the Controller and Processor (collectively, the "Parties"). This DPA reflects the parties' rights and obligations with respect to Personal Data processed as part of the Services (all as defined below). In the event of a conflict between the terms of this DPA and the TOS with respect to the subject matter herein, the terms of this DPA govern. Any prior data protection agreements between the Parties are superseded and replaced by this DPA in their entirety. All capitalized terms not defined in this DPA will have the meaning given to them in the TOS.

1. Definitions. For the purposes of this DPA, the following terms shall have the meanings specified below:

"Breach Event" means any incident where security is compromised, resulting in unintentional or illegal destruction, misplacement, modification, or unauthorized sharing or access to Personal Data that has been transmitted, stored, or otherwise processed.
"Controller” means the customer who is accessing and using the Services.
"Data Privacy Laws" means all applicable data protection and privacy laws, regulations, codes, and regulatory requirements relating to the collection, use, disclosure, or other processing of Personal Data, as applicable to either party or the Services. This includes, without limitation, EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), the Singapore Personal Data Protection Act of 2012 (PDPA), and other applicable laws.
"Data Subject" refers to the identified or identifiable natural person whose Personal Data is processed.
"Personal Data" refers to any information that is tied to an identified or identifiable natural person (Data Subject) that is protected as personal data, personal information, or personally identifiable information under applicable Data Privacy Laws.
"Personnel" refers to the employees or other individuals who are in a contractual relationship with the Processor, including employees or other individuals who are in a contractual relationship with the Sub-Processor.
"Processing" means actions performed by the Processor on the Personal Data whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Processor" means the specific legal entity within the AMP Group that provides the Services to the Controller under the TOS. A list of AMP Group legal entities that may act as Processor is set out in Schedule 4. The entity identified in the applicable TOS or service-specific documentation shall be deemed the Processor for the purposes of this DPA.
"Services" means any products or services provided by the Processor pursuant to the TOS, including the Apps.
"Subprocessor" or "Subcontractor" refers to any third party appointed by the Processor to assist in fulfilling its obligations in providing Services to the Controller.

2. Purpose. The purpose of this DPA is to define the conditions under which the Processor shall process Personal Data on behalf of the Controller.

3. Compliance with Laws. The Processor warrants that any Processing activities performed on behalf of the Controller will be conducted in accordance with all applicable Data Privacy Laws. The Processor must notify the Controller if it is no longer able to meet its obligations under applicable Data Privacy Laws.

The Controller has sole responsibility for the quality and accuracy of the Personal Data and how it acquired such data. The Controller is also responsible for complying with transparency and consent requirements for the collection, use, and transfer of the Personal Data under applicable Data Privacy Laws.

4. Ownership of Data. All Personal Data processed by the Processor in performing the Services shall remain the property of the Controller.

5. Duration of Processing. Processing obligations under this DPA will run until the end of the Processor's provision of Services to the Controller.

6. Types of Data. The Processor will process the categories of Personal Data provided by the Controller as set forth in Schedule 1.

7. Instructions for Processing. The Processor shall only process Personal Data in accordance with this DPA, including specific instructions set forth in Schedule 2, except where otherwise required by applicable law (and in such a case, shall inform the Controller of that legal requirement before processing, unless applicable law prevents it from doing so on important grounds of public interest). The Processor shall immediately inform the Controller if any instruction relating to the Personal Data infringes or may infringe any Data Privacy Laws.

AI Processing Notice

Where the Services include features powered by artificial intelligence (AI), such as chat-based assistants or automated content generation, the Processor shall ensure that all such processing is conducted in compliance with the obligations set forth in this DPA. The Processor shall not use Personal Data for AI model training unless explicitly instructed by the Controller.

8. Data Subject's Rights. The Processor shall promptly notify the Controller of any requests from a Data Subject to exercise their rights under applicable Data Privacy Laws and shall assist the Controller in responding to a Data Subject's request as provided in the processing instructions, Schedule 2.

9. Data Protection Impact Assessments. The Processor shall assist the Controller in performing data protection impact assessments. At the Controller's request, the Processor shall provide all necessary information the Controller needs to meet their data protection assessment obligations, including but not limited to information about data transmittal, data storage, methods of processing, encryption, and data destruction.

10. Confidentiality. Both Parties agree to maintain the confidentiality of Personal Data and not to disclose such data except as expressly permitted under the terms of this Agreement. The Processor shall ensure that all personnel authorized to process Personal Data are subject to binding confidentiality obligations.

11. Liability. The Parties agree to indemnify one another against any claims, including but not limited to damages and fines, arising out of their respective breaches of this Agreement. Each Party’s liability shall be determined in accordance with applicable Data Privacy Laws, including any obligations to indemnify for administrative fines or data subject claims arising from their respective breaches of such laws, subject to the limitations of liability under the TOS.

12. Data Security. The Processor shall, at all times, implement and maintain appropriate technical and organizational security measures to ensure a level of security appropriate to the risk to protect the Personal Data against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access. Such measures shall be at least equivalent to the technical and organizational measures set out in Schedule 3.

13. Breach Notification. The Processor shall notify the Controller without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of a Breach Event. The Processor will provide the Controller with all information reasonably available to assist the Controller in assessing the breach and in complying with its notification obligations under applicable Data Privacy Laws.

14. Limitations on Use. The Processor shall not use or authorize the use of the Personal Data for any purpose other than those outlined in this Agreement or for purposes other than performing its obligations under the TOS.

15. Subcontractor Requirements. The Processor may engage Subprocessors to process Personal Data on its behalf, provided that: (a) each Subprocessor is subject to obligations equivalent to those set out in this DPA, in accordance with applicable Data Privacy Laws; (b) the Processor remains fully liable for the acts and omissions of its Subprocessors in the performance of their data processing obligations; and (c) the Processor shall notify the Controller in advance of any intended changes concerning the addition or replacement of Subprocessors, thereby giving the Controller the opportunity to object on reasonable grounds.

16. International Data Transfers. The Processor shall not transfer Personal Data to a country or territory outside the European Economic Area, the United Kingdom, Singapore, or other jurisdictions recognized by the relevant data protection authority as providing an adequate level of protection, unless such transfer is made in compliance with applicable Data Privacy Laws. Appropriate safeguards may include the use of Standard Contractual Clauses, legally enforceable obligations, or other lawful transfer mechanisms recognized under those laws. For transfers from Singapore, the Processor shall ensure, in accordance with Section 26 of the Singapore PDPA, that the recipient provides a standard of protection for Personal Data comparable to that under the PDPA.

17. Destruction or Return of Data. The Processor agrees to, at the Controller's choice, securely delete or return the Personal Data within 30 days upon the Controller's request at any time during the TOS term or upon termination or expiration of the TOS except to the extent that storage of any such data is required by applicable law (and, if so, the Processor shall inform the Controller of any such requirement and shall securely delete such data as soon as it is permitted to do so under applicable law). For further details on AMP’s data retention practices, including specific timelines and lawful bases for retention, please refer to our Privacy Policy.

18. Audits and Compliance. The Processor shall permit the Controller, or an independent auditor appointed by the Controller, to conduct audits or inspections with reasonable notice during regular business hours to ensure compliance with the terms of this DPA, and applicable Data Privacy Laws. The scope of the audit shall be limited by the Parties to the systems, procedures, and documentation relevant to the processing of Personal Data. The Processor agrees to provide the Controller with all necessary cooperation, access, and support to conduct such audits. The Parties shall consider the findings of any such audit confidential information subject to the terms of this agreement.

19. Recordkeeping Obligations. The Processor shall maintain records of processing activities carried out on behalf of the Controller as required under applicable Data Privacy Laws. Such records shall be made available to the Controller upon request within a reasonable period.

Schedule 1.

The types of Personal Data processed under the DPA and the categories of Data Subjects are as follows:

Categories of Personal Data:

Contact details (e.g., names, email addresses)
Technical identifiers (e.g., IP address, device ID)
Usage and analytics data (e.g., clickstream, app interactions)
Transaction data (e.g., order and payment history)
Location or demographic data (e.g., language, country)

Categories of Data Subjects:

End users of the AMP application or website
Customers or clients of the Controller
Employees or contractors of the Controller (if applicable)

Schedule 2.

Specific Processing Instructions:

The Processor shall:

Process Personal Data only as necessary to provide the Services described in the TOS
Assist the Controller in responding to Data Subject requests as required by applicable Data Privacy Laws
Refrain from using Personal Data for its own purposes
Limit access to Personal Data to authorized personnel only
Implement appropriate security measures as set out in Schedule 3
Notify the Controller of any Breach Event in accordance with Clause 13

Schedule 3.

Minimum Technical and Organizational Security Measures.

The Processor shall implement appropriate measures to ensure the confidentiality, integrity, availability, and resilience of Personal Data. These measures include, at a minimum:

Encryption of data in transit and at rest
Role-based access controls and authentication mechanisms
Regular vulnerability and patch management
Secure data backup and recovery processes
Monitoring and logging of access and use

Schedule 4

AMP Group Entities:

Product	Contact Details
Website	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Lifetimely	Lifetimely Oy (Registration No. 3107222-6) c/o Bird & Bird Asianajotoimisto Mannerheimintie 8 00100 Helsinki, Finland [email protected]
Back in Stock	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Bundles	Hel-SG Pte Ltd (UEN 202437434M) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Upsell	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Slide Cart	AppHQ Pte Ltd (UEN 202132149D) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]
Australia Post Shipping	Addition Apps Pte Ltd (UEN 202142308H) 90 Eu Tong Sen Street #03-02 Singapore 059811 [email protected]

Lifetimely

Discover Lifetimely

Profit and Loss

CAC and LTV

Customer Behavior and Cohorts

Attribution

Custom Dashboards and Metrics

Actionable Product Performance Insights

Revenue Acceleration

Capture Demand in the Moment

Increase AOV and Revenue

Enhance your Site to Sell More

Increase Units Per Transaction

High Converting Checkout

Ultimate Post Purchase Experience

Resources

AMP Legal

Terms of Service

Privacy Policy

Cookie Policy

Data Processing Agreement

Lifetimely

Compare Lifetimely

Upsell

Compare Upsell

Back in Stock

Customers

Resources

Company