Winvision Consultants Inc.,operating as Amp Reviews ("Amp Reviews," "we," "us," or "our") operates the website ampreviews.io (the "Site") and provides reputation-management and marketing services, including integration with clients' customer-relationship-management (CRM) systems to request online reviews on their behalf (collectively, the "Services").
We respect your privacy and are committed to protecting Personal Information (defined below). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard the information we receive from (i) visitors to the Site; (ii) businesses that subscribe to our Services ("Clients"); and (iii) the end customers of our Clients whose information Clients upload to our platform solely for the purpose of soliciting reviews ("End-Customers"). It also describes the rights and choices available to you with respect to your Personal Information.
Trust is the cornerstone of our relationship. We will never sell, lease, or otherwise exploit Client or End-Customer data, and we will access or process such data only to deliver the Services or as otherwise required by law.
1. Scope & Key Definitions
Personal Information means any information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable natural person.
Controller means the entity that determines the purposes and means of processing Personal Information. For most data relating to the End-Customers that a Client uploads to our platform, the Client is the Controller and Amp Reviews acts solely as the Processor/Service Provider.
Processor / Service Provider means an entity that processes Personal Information on behalf of, and at the direction of, the Controller.
2. Information We Collect
2.1 From Site Visitors
Technical data such as IP address, browser type, operating system, and referring URLs (collected automatically via cookies and similar technologies).
Information you voluntarily provide via forms, chats, email, or phone (e.g., name, business name, email, phone, message content). Our onboarding call form collects your information for the purpose of booking and reminding you of your appointment.
Credentials required to integrate with third-party platforms (e.g., CRM API keys).
Any other information you choose to provide.
2.3 From End-Customers
Contact details (e.g., name, email address, phone number) and transaction context (e.g., service date) for the purpose of sending review requests on the Client’s behalf.
3. How We Use Information
We use Personal Information only for legitimate and limited purposes, including to:
Provide & Maintain the Services – create accounts; integrate with Client CRMs; send review invitations; track, analyze, and report review metrics.
Secure & Improve the Services – monitor usage, detect fraud or abuse, perform debugging, develop new features, and enhance user experience.
Communicate with You – respond to inquiries, send service-related notices, and (with your consent) marketing communications.
Comply with Legal Obligations – satisfy tax, accounting, court orders, or regulatory requirements.
3.1 Strict Prohibition on Secondary Use
We do not:
Sell, rent, disclose or trade Personal Information to third parties.
Use End-Customer data for any purpose other than delivering review requests and related Services as instructed by the Client.
Use Personal Information to build proprietary marketing lists or train unrelated AI models.
3.2 Marketing Communications Consent
With your express consent, we may use your contact information to send you newsletters, promotional materials, product updates, and other marketing communications. You may withdraw your consent at any time by clicking “unsubscribe” in our emails or replying STOP to any SMS messages. Consent is not required to use our core Services.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
4. Legal Bases for Processing (EEA/UK Residents)
Where the GDPR or UK GDPR applies, our legal bases include:
Contractual Necessity – to perform our contract with you (Article 6(1)(b)).
Legitimate Interests – to operate and improve our Services in ways that do not override your privacy rights (Article 6(1)(f)).
Consent – for optional marketing communications or cookie placement where required (Article 6(1)(a)).
Legal Obligation – to comply with applicable law (Article 6(1)(c)).
5. Sharing & Disclosure
We disclose Personal Information only:
To Authorized Personnel – Employees, contractors, and agents who have a legitimate need to access the data and are bound by confidentiality obligations.
To Sub-Processors / Service Providers – Third-party vendors (e.g., email/SMS gateways, hosting providers) that process data on our behalf under written agreements requiring at least the same level of data protection we provide. A current list of sub-processors is available upon request.
For Legal Reasons – Where required by law, subpoena, or court order, or to enforce our terms, prevent harm, or protect rights, property, or safety.
With Client Direction – We may share End-Customer data back to the originating Client or as that Client otherwise instructs.
We do not sell or “share” Personal Information for cross-context behavioral advertising within the meaning of the California Consumer Privacy Act (CCPA).
6. Data Security
We maintain industry-standard technical and organizational measures to safeguard Personal Information, including:
Encryption of data in transit (TLS 1.2+) and at rest.
Role-based access controls (RBAC) and multi-factor authentication for production systems.
Regular penetration testing, vulnerability scanning, and security audits.
Employee training on data-protection and confidentiality obligations.
In the unlikely event of a data breach affecting Personal Information, we will notify affected parties and regulators as required by applicable law.
7. Data Retention & Deletion
We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Upon termination of a Client’s subscription or upon written request, we will securely delete Client and End-Customer data within 30 days, unless retention is legally required.
8. International Data Transfers
We may transfer and store Personal Information in countries other than where it was collected (including Canada, the United States, and EU member states). Where we do so, we rely on lawful transfer mechanisms such as Standard Contractual Clauses, adequacy decisions, or binding corporate rules, and we implement supplemental safeguards where necessary.
9. Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
Access the Personal Information we hold about you.
Request correction or deletion of your Personal Information.
Object to or restrict processing of your Personal Information.
Receive an electronic copy of your Personal Information (data portability).
Withdraw consent at any time (without affecting prior processing).
Lodge a complaint with your local supervisory authority.
To exercise any of these rights, please email [email protected] with your request. We will respond within the timeframe required by applicable law.
10. Children’s Privacy
The Services are not directed to individuals under the age of 16, and we do not knowingly collect Personal Information from them. If we learn that an individual under 16 has provided Personal Information, we will promptly delete it.
11. Cookies & Similar Technologies
We use first-party and third-party cookies, pixel tags, and similar technologies to:
Enable core Site functionality and secure access.
Remember your preferences.
Analyze Site traffic and performance.
You can control cookies through your browser settings. Disabling cookies may affect Site functionality.
12. External Links
Our Site may contain links to third-party websites. We are not responsible for their privacy practices or content. Please review the privacy policies of any third-party sites you visit.
We may serve Clients who operate in regulated industries, such as dental offices, med spas, or other health-related services. However, we are not a covered entity under HIPAA, and we do not request, store, or process Protected Health Information (PHI) as defined by HIPAA. Clients are solely responsible for ensuring that any data they submit to us does not include PHI, unless a separate Business Associate Agreement (BAA) is in place.
14. Canadian Compliance (Quebec / Bill 64)
For users and Clients based in Quebec, Canada, we comply with applicable privacy laws, including the Act Respecting the Protection of Personal Information in the Private Sector as amended by Bill 64 (Law 25). As required:
We appoint a privacy officer who can be contacted at [email protected].
Consent is obtained where required for data collection and marketing.
Individuals may request access, correction, or deletion of their personal information.
Breach notifications will be made in accordance with local law.
15. Changes to This Policy
We may update this Privacy Policy periodically. The “Effective Date” at the top indicates when the latest changes became effective. Material changes will be announced via the Site or direct communication so you may review them before they take effect.
16. Contact Us
If you have questions, concerns, or complaints regarding this Privacy Policy or our data-handling practices, please contact us:
