Legal

Privacy Policy

Last updated: 30 March 2026

Amygdala ("we", "us", "our") is operated by Amygdala B.V. (soon to be established), a company registered in the Netherlands. We take your privacy seriously and are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy explains what personal data we collect, why, and what rights you have.

1. Who this policy applies to

This policy applies to two groups of people:

  • Account holders — people who register for and use the Amygdala platform.
  • Indexed persons — individuals whose publicly available online presence is included in our Authority Index.

2. Data we collect about account holders

When you create an account and use Amygdala, we may collect:

  • Email address and name (at registration)
  • Authentication data (passwords are stored as secure hashes)
  • Usage data (API calls, searches, timestamps)
  • Billing information (processed by Stripe — we do not store raw card data)
  • Organization name and member details
  • Communications you send us (e.g. via the contact form)

Legal basis: Performance of a contract (providing the service to you) and our legitimate interest in operating and improving the platform.

3. Data we collect about indexed persons

Amygdala builds authority profiles using publicly available data from platforms such as X (Twitter), LinkedIn, YouTube, GitHub, and others. This may include names, handles, biographical information, areas of expertise, and public content.

Legal basis: Legitimate interest. We process this data to provide an objective, publicly verifiable measure of online authority. We only process data that individuals have made publicly available. We do not combine this with private data, track physical location, or create profiles of a sensitive or private nature.

If you are an indexed person and wish to exercise your rights, see Section 8.

4. How we use your data

  • To provide and maintain the Amygdala service
  • To process payments and manage your account
  • To respond to support requests
  • To send transactional emails (e.g. email confirmation, billing receipts)
  • To detect and prevent fraud or abuse
  • To improve our models and data quality

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

5. Data sharing

We share personal data only where necessary:

  • Stripe — payment processing. Stripe acts as an independent data controller for payment data.
  • Infrastructure providers — cloud hosting and database services. These providers act as data processors under our instruction.
  • Legal obligations — we may disclose data if required by law or to protect the rights and safety of our users.

We do not share data with any third parties for marketing or profiling purposes.

6. International transfers

Amygdala is hosted and operated within the European Economic Area (EEA). Where we use sub-processors outside the EEA, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

7. Data retention

  • Account data is retained for as long as your account is active, plus a reasonable period after deletion to comply with legal obligations.
  • Usage logs are retained for up to 12 months.
  • Billing records are retained for 7 years in accordance with Dutch financial regulations.
  • Indexed person data is refreshed periodically and removed upon a valid erasure request.

8. Your rights

Under GDPR, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (the "right to be forgotten").
  • Restriction — ask us to limit how we process your data.
  • Objection — object to processing based on legitimate interest.
  • Portability — receive your data in a machine-readable format.

To exercise any of these rights, email us at joran.cornelisse@gmail.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Cookies

Amygdala uses only strictly necessary cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. These include encryption in transit (TLS), encrypted storage, access controls, and regular security reviews.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "last updated" date at the top. Continued use of Amygdala after changes are posted constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights, contact us at joran.cornelisse@gmail.com or via our contact form.