Privacy Policy

This Privacy Policy applies to information processed through:

• The Amafi Simple web application
• Related APIs and backend services
• Customer support and account communications

We collect information in the following categories.

A. Account and Profile Information

• Name, work email, role/title
• Company or organization information
• Account credentials and authentication metadata

B. Platform Usage and Business Data

• Buyer and seller criteria you submit
• Project details, matching preferences, industry selections
• Messages and collaboration content exchanged on the platform
• Documents and files uploaded to the platform

C. Integration and Connection Data

• OAuth integration tokens and related metadata (for enabled integrations)
• Service connection status and sync metadata

D. Technical and Log Data

• Device/browser information
• IP address and timestamps
• Application logs, errors, and performance telemetry

We use personal information to:

• Provide, operate, and maintain the platform
• Create and improve matching results
• Enable messaging, document workflows, and collaboration features
• Authenticate users and secure accounts
• Monitor performance, troubleshoot issues, and prevent abuse
• Communicate service updates, support responses, and important notices
• Comply with legal obligations and enforce platform policies

Under the PDPO, we use personal data for the purpose(s) for which it was collected or directly related purposes, unless consent is obtained or otherwise permitted by law.

Hong Kong (PDPO)

We are committed to handling personal data in a manner consistent with the PDPO Data Protection Principles, including:

• Purpose and collection limitation
• Accuracy and retention controls
• Use limitation
• Security safeguards
• Openness and transparency
• Data access and correction rights

Australia (Privacy Act + APPs)

For Australian personal information, we aim to comply with applicable APP obligations, including:

• Open and transparent management of personal information
• Use and disclosure controls
• Data quality and security
• Access and correction rights

We do not sell personal information.

We may disclose personal information to:

• Service providers and infrastructure partners (hosting, storage, analytics, security)
• Integration providers you authorize
• Professional advisors (legal, audit, compliance)
• Regulators, law enforcement, courts, or authorities where legally required

We require recipients to process data under confidentiality and security obligations.

Your information may be processed in jurisdictions outside Hong Kong or Australia.

Where cross-border transfers occur, we apply reasonable contractual, organizational, and technical safeguards appropriate to the sensitivity of the data and applicable legal requirements.

We retain personal information only as long as reasonably necessary for:

• Service delivery and account management
• Legitimate business operations and audit trails
• Legal, contractual, tax, and regulatory obligations

We take steps to de-identify or securely delete information when it is no longer required.

We use administrative, technical, and organizational safeguards designed to protect personal information, including:

• Access controls and least-privilege permissions
• Encryption in transit and, where applicable, at rest
• Monitoring and logging for suspicious activity
• Segregation of production access and credential controls

No system is guaranteed to be fully secure. Users should protect credentials and notify us promptly if they suspect unauthorized access.

We do not send direct marketing communications without an appropriate legal basis.

Where required by applicable law (including Hong Kong direct marketing requirements and Australian electronic marketing requirements), we will seek required consent and provide opt-out/unsubscribe options.

Depending on your jurisdiction and legal requirements, you may have rights to:

• Request access to personal information
• Request correction of inaccurate personal information
• Request deletion where appropriate
• Object to or restrict certain processing (where applicable)
• Withdraw consent where processing is consent-based

Hong Kong

You may submit a data access request or data correction request under the PDPO.

Australia

You may request access to and correction of personal information under the Privacy Act and APPs.

To exercise rights, contact us using the details below. We may need to verify your identity before processing requests.

We may use cookies or similar technologies for:

• Authentication and session management
• Security and fraud prevention
• Analytics and platform performance

You can manage cookie settings through your browser where supported.

Where the Australian Notifiable Data Breaches scheme applies, we will assess eligible data breaches and provide notifications as required by law.

Our services are intended for business users and are not directed to children.

We may update this Privacy Policy from time to time. We will update the “Last Updated” date and provide additional notice where required by law.

For privacy questions or requests, contact:

• Email: info@amafi.ai
• Address: Unit B, 22F Ford Glory Plaza 37-39 Wing Hong St Cheung Sha Wan Hong Kong

If you use Amafi Simple through an organization, that organization may also act as a controller/employer-side decision maker for certain data and can assist with requests.