amberlinePrivacy Policy
Last updated: 21 February 2026
Amberline ("we", "us", "our") is a certificate and expiry date tracking service. This policy explains how we collect, use, and protect your personal data when you use our service at www.amberline.app.
This policy should be reviewed by a qualified solicitor before relying on it as your legal privacy notice.
1. Data Controller
Amberline is the data controller for the personal data described in this policy. You can contact us at hello@amberline.app.
2. Data We Collect
Account data
- Name and email address — provided when you register.
Certificate data
- Certificate names, holder names (people or properties), expiry dates, categories, and optional notes.
- Optional document uploads (photos or scans of certificates).
Technical data
- IP address, browser type, and device information — collected automatically for security and rate limiting.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the certificate tracking service | Performance of contract (Art. 6(1)(b)) |
| Send expiry reminder emails | Performance of contract (Art. 6(1)(b)) |
| Send account emails (verification, password reset) | Performance of contract (Art. 6(1)(b)) |
| Protect against abuse and maintain security | Legitimate interest (Art. 6(1)(f)) |
4. Data Retention
- Account and certificate data: Retained while your account is active. Deleted when you delete your account.
- Reminder history: Deleted when the associated certificate is deleted or your account is deleted.
- Server logs: Retained for up to 30 days for security purposes.
5. Sub-processors
We share your data with the following third-party services, all of which process data on our behalf:
| Service | Purpose | Location |
|---|---|---|
| Hetzner | Server hosting and database | Germany (EU) |
| Resend | Sending reminder and account emails | United States |
Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).
6. Your Rights (GDPR)
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data ("right to be forgotten") — you can delete your account from the Settings page
- Port your data to another service
- Object to processing based on legitimate interest
- Restrict processing in certain circumstances
To exercise any of these rights, email us at hello@amberline.app. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
7. Cookies
We use only essential cookies required to keep you signed in. See our Cookie Policy for details.
8. Children
Amberline is not directed at children under 16. We do not knowingly collect personal data from children.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on the service.
10. Contact
For any questions about this privacy policy or your personal data, contact us at hello@amberline.app.