Privacy Policy
Last updated: March 17, 2026
amingo ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights. By using amingo, you agree to the practices described here.
1. Information We Collect
1.1 Information You Provide Directly
| Data Type | Examples |
|---|---|
| Account data | Email, username, display name, profile photo |
| Personality data | Interests, traits, communication style (Mini Me setup) |
| Voice recordings | Optional audio used to create your Mini Me voice clone |
| Posts & messages | Posts, captions, comments, chat messages |
| Support requests | Bug reports, customer service requests |
1.2 Information We Collect Automatically
| Data Type | Source |
|---|---|
| Usage data | Screens viewed, features tapped, session duration |
| Device data | Device model, OS version, app version, language, time zone |
| Network data | IP address, connection type |
| Crash & performance data | Sentry / Firebase Crashlytics |
| Analytics events | Amplitude / Mixpanel (anonymized) |
1.3 Information From Third Parties
- Sign in with Apple: user identifier and email (no password)
- Sign in with Google: user identifier and email (no password)
- We do not purchase or import data from data brokers
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and operate amingo | Account data, content, usage | Contractual necessity |
| Create and run your Mini Me | Personality data, messages, voice data | Contractual necessity + Consent |
| Send push notifications | Device token, account data | Legitimate interest + Consent |
| Prevent abuse and enforce policies | Usage data, content, device data | Legitimate interest |
| Improve the product and fix bugs | Usage data, crash data | Legitimate interest |
| Comply with legal obligations | Account data, content | Legal obligation |
We do NOT:
- Sell your data to advertisers, data brokers, or any third party
- Use your personal data to train AI models that benefit other users
- Share your voice recordings with any other user or third party
3. Voice Data and Biometric Information — Special Notice
This section requires your explicit, separate consent during onboarding.
Voice recordings submitted to create a Mini Me voice clone are considered biometric data under applicable laws including the Illinois Biometric Information Privacy Act (BIPA), Texas CUBI, and Washington My Health My Data Act.
We handle voice data as follows:
- Used solely to generate your personal Mini Me voice profile
- Stored with AES-256 encryption at rest and TLS 1.3 in transit
- Never shared with other users, third parties, or used to train any shared AI model
- Not used to circumvent biometric authentication on any system
- Permanently deleted within 30 days of account deletion, or immediately upon your request in Settings → Mini Me → Delete Voice
You must provide a separate, affirmative, written consent before submitting any voice recordings. You may withdraw this consent at any time by deleting your voice data; withdrawal does not affect prior lawful processing.
Retention by state:
- Illinois users: voice data is retained only for the duration stated at time of consent, and deleted within 3 years or when the purpose is fulfilled, whichever is earlier (BIPA § 15(a))
- Texas users: retained no longer than 1 year from collection or 3 years from last interaction, whichever is earlier
4. Mini Me Data
Your Mini Me is trained on data you voluntarily provide. This data:
- Powers only your personal Mini Me — not shared with other users
- Is not used to train any general or shared AI model
- Is not visible to other users (they see outputs, not your training data)
- Can be reset or deleted at any time: Settings → Mini Me → Reset
5. Data Sharing
We share data only in these limited circumstances:
| Recipient | Data Shared | Purpose |
|---|---|---|
| AWS / Google Cloud | All data | Hosting and infrastructure (DPA in place) |
| Amplitude or Mixpanel | Anonymized usage events | Analytics |
| Sentry or Firebase Crashlytics | Crash logs, device info | Error monitoring |
| Apple APNs / Google FCM | Device push tokens | Push notifications |
| Law enforcement | As legally required | Legal obligation |
All service providers are contractually prohibited from using your data for their own purposes.
Business Transfers: If amingo is acquired or merged, we will notify you before your data transfers to a different policy. You may request deletion before the transfer.
6. Your Rights
6.1 All Users
| Right | How to Exercise |
|---|---|
| Access your data | Settings → Privacy → Export My Data |
| Delete your account and all data | Settings → Account → Delete Account |
| Correct your profile | Settings → Edit Profile |
| Delete voice data only | Settings → Mini Me → Delete Voice |
| Withdraw Mini Me consent | Settings → Mini Me → Reset |
6.2 EU / EEA Users (GDPR)
In addition to the above:
- Data portability: receive your data in machine-readable format (JSON/CSV)
- Restriction of processing: request we limit processing in certain circumstances
- Object to processing: based on legitimate interest
- Lodge a complaint: with your national Data Protection Authority
Contact: privacy@amingo.app — we respond within 30 days.
6.3 California Users (CCPA / CPRA)
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt out of "sale" or "sharing" of personal information (we do not sell or share data for cross-context behavioral advertising)
- Limit use of sensitive personal information (including voice recordings)
- Non-discrimination for exercising your rights
Submit requests: privacy@amingo.app or via the in-app data request form.
6.4 Illinois Users (BIPA)
You have the right to:
- Know what biometric data we collect and how long we retain it
- Prohibit the sale or profit from your biometric data (we do not sell biometric data)
- Sue in Illinois state court for BIPA violations
7. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until deletion + 30 days for backup purge |
| Posts, comments, messages | Until deleted by user, or account deletion |
| Voice recordings | Until deleted by user, or account deletion |
| Illinois biometric data | Shorter of: stated purpose fulfilled, 3 years, or user deletion |
| Analytics events | 24 months; anonymized after 6 months |
| Crash logs | 90 days |
| Legal / compliance records | As required by applicable law |
8. Data Security
- In transit: TLS 1.3
- At rest: AES-256 encryption for all sensitive data
- Access controls: Least-privilege; employee access logged and audited
- Third-party audits: Periodic security reviews
- Incident response: GDPR breach notification within 72 hours; US state law notifications as required
If you believe your account has been compromised: support@amingo.app
9. Third-Party SDKs
Our app includes third-party code that may independently collect data. Each SDK has its own privacy practices:
| SDK | Purpose |
|---|---|
| Firebase / Crashlytics | Crash monitoring |
| Amplitude | Usage analytics |
| Sentry | Error monitoring |
| Apple APNs | iOS push notifications |
| Google FCM | Android push notifications |
We are responsible for ensuring all SDKs we integrate comply with applicable privacy law. All SDKs are required to provide Privacy Manifest files (iOS) as per Apple's requirements.
10. Children's Privacy
amingo is not intended for users under 17. We do not knowingly collect personal information from anyone under 13. If we discover an account was created by a user under 13, we will:
- Immediately suspend the account
- Delete all personal data associated with the account within 30 days
- Notify a parent or guardian if we have contact information
If you believe a minor has created an account: privacy@amingo.app
11. International Data Transfers
amingo operates from the United States. Data from EU/EEA users is transferred under Standard Contractual Clauses (SCCs) approved by the European Commission. Data from UK users is transferred under the UK International Data Transfer Agreement (IDTA).
12. Sensitive Information Warning
When using amingo, you may interact with your Mini Me or other users in ways that involve sharing personal details. We strongly advise you not to share sensitive personal information such as:
- Government ID numbers, Social Security numbers, or financial account details
- Health, medical, or mental health information beyond what you voluntarily choose to share
- Information about third parties who have not consented to use of amingo
amingo does not require any of the above to operate. If you choose to include sensitive information in your Mini Me setup or conversations, it is processed as described in this Policy, but doing so is entirely at your own discretion.
12a. Crisis and Safety Response
amingo's systems are designed to recognize expressions of distress, self-harm, or crisis in conversations (including Mini Me interactions). If such content is detected:
- Your Mini Me may pause and display safety resources
- You may be shown contact information for crisis support services (e.g., 988 Suicide & Crisis Lifeline in the US)
- In cases of credible, imminent threat to life, we may contact relevant emergency services
This processing is done to protect your safety and the safety of others, and constitutes a legitimate interest under applicable privacy law.
12b. Do Not Track
amingo does not respond to "Do Not Track" browser signals. For choices about data use, see Section 6 (Your Rights).
13. Changes to This Policy
For material changes, we will notify you via in-app notification or email at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance.
14. Contact Us
| Contact Type | |
|---|---|
| Privacy questions | privacy@amingo.app |
| Data deletion requests | privacy@amingo.app |
| DMCA copyright notices | dmca@amingo.app |
Last updated: March 17, 2026