[bracketed placeholder] with confirmed values before publishing.
Privacy Notice
1. Who we are
The Amity Tools platform (“Amity Tools”, the internal tools published under amity.tools) is
operated by [Amity legal entity name] (“Amity”, “we”, “us”), [registered address].
For any privacy question or to exercise your rights, contact our Data Protection Officer: [dpo@amity.co].
2. Scope
This notice applies to the Amity Tools platform and the internal tools offered through it. Individual tools may process data differently; where relevant, tool-specific processing is described in Section 4. It covers personal data processed when an internal Amity user signs in to use a tool, and when anyone interacts with content produced by a tool (for example, clicking a short link or scanning a QR code).
3. Common data we process
3.1 Account & sign-in (internal users)
Authentication is handled via Amity’s SSO (Google Workspace / SAML). We process your name, email address, and a user identifier to create your account, attribute your activity, and manage access and sharing within each tool.
3.2 Usage & diagnostics
We process limited technical data needed to operate the tools securely and reliably (for example, request metadata and error logs). We apply data minimization throughout.
4. Tool-specific processing
4.1 a·bit — link & QR service
When you click a short link or scan a QR code, we record the following to give link owners aggregate audience analytics:
| Data | Detail | Note |
|---|---|---|
| Approximate location | Country and city | Derived at our CDN edge; we do not store your IP address |
| Device type | Mobile / tablet / desktop | |
| Referrer | The page you came from, if provided | |
| Browser/app family | e.g. “Mozilla”, “curl” | User-Agent reduced to a family; not the full string |
| Source | QR scan or direct link | |
| Timestamp | Date/time of the click/scan |
We deliberately do not collect or store raw IP addresses or full device fingerprints, so most of this data is not directly identifiable. Link owners see aggregated analytics only.
5. Legal basis
- Analytics & operation of the tools: our legitimate interest in providing and improving internal tools, balanced against your rights (GDPR Art. 6(1)(f)) / the corresponding lawful basis under Thailand’s PDPA.
- Internal accounts: necessary to provide the internal tools to Amity personnel.
6. How long we keep it
- Raw event data (e.g. a·bit click/scan events): automatically deleted after 90 days.
- Aggregated data (e.g. daily totals): retained while the related content exists.
- Account data: retained while your Amity account is active.
7. Who we share it with
- Amazon Web Services (AWS) and Cloudflare — hosting/CDN providers, under their respective DPAs and Standard Contractual Clauses.
- We do not sell personal data.
8. Where it is processed
Application data is stored and processed in AWS Asia Pacific (Singapore), ap-southeast-1.
Cross-border transfers rely on appropriate safeguards (DPAs + Standard Contractual Clauses). Content delivery
and edge processing may occur globally, but data at rest remains in the region above.
9. Your rights
Subject to applicable law (GDPR / UK GDPR / Thailand PDPA), you may request to access, correct, delete, restrict, or object to our processing, and where relevant, data portability. To exercise any right, contact [dpo@amity.co]. You may also complain to your supervisory authority (Thailand: the PDPC; EU/UK: your national data protection authority).
10. Security
We apply least-privilege access, encryption in transit, and data minimization by design.
11. Changes
We may update this notice; the “Last updated” date reflects the latest version.