Compliance

GDPR Compliance

Amygdala is built in Europe and committed to GDPR. Here is a plain-language overview of how we handle personal data and what rights you have.

Built in Europe

Amygdala is operated by Amygdala B.V. (soon to be established), registered in the Netherlands. Our infrastructure runs within the EEA. GDPR is not an afterthought for us: it is the baseline we designed around.

Only public data

Our Authority Index is built entirely from publicly available information. We do not scrape private messages, access non-public profiles, or combine public data with sensitive categories.

Clear legal basis

We process account holder data on the basis of contract. We process indexed person data on the basis of legitimate interest, which we have carefully assessed and documented.

Security by design

All data is encrypted in transit and at rest. Access is restricted by role. We conduct regular security reviews and maintain an incident response process.

Who we are

Amygdala is operated by Amygdala B.V. (soon to be established), a company registered in the Netherlands. We are a data controller under GDPR for the personal data we collect from account holders, and we act as both controller and processor in different contexts for indexed person data.

What personal data we process

Account holders: email address, name, organization details, usage logs, and billing information (payment processing is handled by Stripe). We collect this to provide the service.

Indexed persons: publicly available information such as names, social handles, biographical data, and areas of expertise found across public platforms. We use this to compute authority scores.

Our legal basis for processing

  • Contract: processing your account data is necessary to deliver the service you signed up for.
  • Legitimate interest: indexing publicly available information to compute authority scores. We have conducted a Legitimate Interest Assessment (LIA) to confirm this does not override the rights and freedoms of individuals.
  • Legal obligation: retaining certain records (e.g. financial data) as required by Dutch law.

Your rights as an indexed person

Even if you have never created an Amygdala account, you may have a profile in our index based on your public online presence. Under GDPR you have the right to:

  • Access your profile data
  • Correct inaccurate information
  • Request erasure of your profile
  • Object to processing on legitimate interest grounds

To exercise any of these rights, email joran.cornelisse@gmail.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.

Your rights as an account holder

In addition to the rights above, account holders can also request portability of their account data and close their account at any time. Account closure triggers deletion of personal data, subject to legal retention requirements.

Data transfers

Amygdala is hosted within the EEA. Where we use sub-processors outside the EEA (for example for email delivery), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

For API customers

If you are an EU-based business using the Amygdala API, you are a data controller in your own right. We act as your data processor for any personal data you request via the API. A Data Processing Agreement (DPA) is available for you to review and execute. See our DPA page for details.

Supervisory authority

If you are not satisfied with how we handle your data or your rights request, you have the right to lodge a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens
autoriteitpersoonsgegevens.nl

Contact

For any privacy or GDPR-related questions, contact us at joran.cornelisse@gmail.com. For the full details of our data practices, see our Privacy Policy.