AmpRegs AI
Log in

Legal

Last updated: 7 May 2026. Governed by the laws of England and Wales.

1. Who We Are

AmpRegs AI ("we", "us", "our") is the controller of personal data processed in connection with your account and your use of the AmpRegs AI platform (the "Platform"). This Privacy Policy explains how we collect, use, store, share and protect personal data in compliance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Personal Data We Collect

  • Account data: name, company name, email, phone, postal address, password hash, scheme registration numbers (NICEIC, NAPIT, MCS etc.).
  • Subscription and billing data: plan, billing status, renewal date, partial card data and tokens held by our payment processor.
  • Branding data: uploaded logos, colours and typography preferences.
  • Certificate content: client and site information, installation particulars, inspection and test results, observations, photographs, signatures.
  • Client database: contact details of your customers stored by you within the Platform.
  • Voice recordings: audio captured for voice-to-text transcription.
  • Geo-location data: only when you actively use the address-lookup feature, and at the precision you allow.
  • Device and usage data: IP address, device type, operating system, browser, log data, error reports and analytics events.
  • Support data: the content of any tickets, screenshots and correspondence you submit.

3. Lawful Bases for Processing

We process personal data on one or more of the following bases:

  • Contract: to provide the Platform you have subscribed to.
  • Legitimate interests: to operate, secure, improve and market our services.
  • Legal obligation: for tax, accounting, fraud prevention and regulatory purposes.
  • Consent: for optional features such as geo-location, marketing emails and certain cookies. Consent may be withdrawn at any time.

4. Your Role as a Data Controller

Where you upload personal data about your own clients, customers, employees or third parties (for example, in client records, certificates or photographs), you are the data controller for that data and we act as your processor. You are responsible for ensuring you have a lawful basis to collect and upload that data, for providing the data subjects with appropriate privacy information, and for handling any data subject requests relating to that data. You agree that this Privacy Policy, together with the Terms and Conditions, forms the data processing agreement between us for the purposes of Article 28 UK GDPR.

5. How We Use Personal Data

  • To create and administer your account and provide the Platform;
  • To process payments, billing and subscription management;
  • To enable AI features such as observation suggestions, voice-to-text and photo analysis;
  • To synchronise offline data with our cloud;
  • To provide customer support and respond to enquiries;
  • To send service notifications, security alerts and (where lawful) marketing;
  • To monitor, secure, debug and improve the Platform;
  • To comply with legal, regulatory and tax obligations;
  • To establish, exercise or defend legal claims.

6. Sharing and Disclosure

We do not sell personal data. We may share personal data with carefully selected processors:

  • Cloud hosting and database providers;
  • Payment processors;
  • Email and notification providers;
  • AI model providers (for processing prompts, voice and image content);
  • Mapping and address-lookup providers;
  • Analytics, error-monitoring and security providers;
  • Professional advisers, regulators and law-enforcement bodies where legally required.

All processors are bound by written agreements imposing UK GDPR-compliant obligations.

7. International Transfers

Some of our processors are based outside the United Kingdom. Where personal data is transferred internationally we rely on UK adequacy regulations, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum, together with appropriate supplementary measures.

8. Data Retention

We retain personal data for as long as necessary to provide the Platform, comply with legal obligations and resolve disputes. Certificate and client records are retained for the life of your account and for a reasonable period thereafter to support your professional record- keeping obligations (typically a minimum of six years). You may export and delete your data at any time from within the Platform.

9. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS) and at rest, role-based access controls, row-level database security, audit logging, secure offline storage on your device, secret management and regular vulnerability review. No system can be guaranteed completely secure; you must keep your credentials confidential and notify us immediately of any suspected compromise.

10. Your Rights

Subject to UK GDPR, you have rights to:

  • Access your personal data;
  • Request rectification of inaccurate data;
  • Request erasure ("right to be forgotten") in certain circumstances;
  • Restrict or object to certain processing;
  • Data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with the Information Commissioner's Office (ICO) — ico.org.uk.

11. Cookies and Similar Technologies

We use strictly necessary cookies and local storage to provide the Platform (including authentication and offline sync), and limited analytics cookies subject to your consent where required by PECR.

12. Children

The Platform is intended for professional users only and is not directed at children under 18.

13. Changes

We may update this Privacy Policy from time to time. The latest version is always available within the Platform.

14. Contact

For any privacy enquiry or to exercise your rights, contact us via the Support section of the Platform.