← Back to HomeLast Updated: 1/15/2026

Privacy Policy

We respect your privacy and are committed to protecting your personal information

Effective Date: 1/15/2026

1. Introduction

At SECURE NEW HORIZONS SRL (operating as amgres.com), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

Legal Basis for Data Collection - No Consent Required

We collect and process security data under GDPR Article 6(1)(f) - Legitimate Interest. This legal basis explicitly permits data processing without consent when necessary for the legitimate interests of the data controller, provided these interests are not overridden by the rights of individuals.

GDPR-Recognized Legitimate Interests for Security:

  • Preventing fraud and security incidents
  • Network and information security
  • Protecting against malicious or criminal activity
  • Ensuring system integrity and availability

By accessing and using this website, you acknowledge that we collect certain security data as described below. This data collection is necessary and proportionate to protect our infrastructure and our users from cyber attacks. This data is used internally and is NOT shared with third-party tracking or analytics platforms.

Our Privacy Commitment

We do NOT use Google Analytics or any third-party tracking tools. We collect only the minimum information necessary to provide our services. Your privacy is our priority.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • First and last name
  • Username
  • Email address
  • Password (encrypted and hashed)

2.2 Address Information

For service delivery and billing purposes, we collect:

  • Street address
  • City, state/region, country
  • Postal code

2.3 Business Information (Optional)

If you provide business information, we collect:

  • Company name
  • Business type
  • VAT/Tax identification number
  • Business address

2.4 Project Information

During service delivery, we collect:

  • Project requirements and specifications
  • Design preferences and assets
  • Content and data you provide for the application
  • Communications regarding the project

2.5 Payment Information

We collect payment information necessary to process transactions. Payment card data is processed securely through third-party payment processors (such as Stripe) and is NOT stored on our servers. We only retain:

  • Transaction IDs
  • Payment dates and amounts
  • Last 4 digits of card numbers (for reference)

2.6 Security and Analytics Information

Critical Security Information

In the context of mitigating cyber attacks including DDoS attacks, XSS (Cross-Site Scripting) attacks, CSRF (Cross-Site Request Forgery) attacks, SQL injection, brute force attempts, and social engineering attacks, we collect certain technical and behavioral information.

We automatically collect certain information for security purposes, which may include:

  • IP address and geographic location data
  • Browser information and user agent details
  • Pages accessed and navigation patterns
  • Session identifiers and authentication tokens
  • Request timestamps and access times
  • Referring URLs and traffic sources
  • Request data and interaction patterns
  • Device and system information

Security Necessity & Legitimate Interest Analysis

Under GDPR Article 6(1)(f), we have assessed that our legitimate interest in protecting our systems and users outweighs any potential impact on your privacy because:

  • Necessity: This data is essential to detect and prevent attacks in real-time
  • Proportionality: We collect only the minimum data needed for security purposes
  • Transparency: We clearly inform you about what data we collect and why
  • No Alternative: Security monitoring cannot be effective without this data
  • User Benefit: Protecting our infrastructure directly protects your data and access

This data collection enables us to:

  • Protect our infrastructure from DDoS attacks and service disruptions
  • Prevent unauthorized access and brute force attacks against user accounts
  • Detect and block malicious scripts (XSS) and injection attempts (SQL, CSRF)
  • Prevent forged requests that could compromise user accounts
  • Identify and block automated bots, scrapers, and malicious crawlers
  • Investigate security incidents affecting user accounts upon request

Important: If we did not collect this data, we would be unable to detect or prevent attacks, potentially leaving our users vulnerable and our services unavailable.

Your Privacy is Protected

We DO NOT:

  • Sell your data to third parties under any circumstances
  • Share your data with advertisers or marketing companies
  • Use this data for targeted advertising or marketing purposes
  • Track your browsing behavior across other websites
  • Read or analyze user data for non-security, non-operational purposes
  • Share data with third-party analytics platforms (no Google Analytics, no Facebook Pixel, etc.)

Data Access: Access to this security data is strictly limited to the website owner for security monitoring and incident response. The only other access is by our infrastructure provider (Vultr) as required for server operation and security.

If we detect illicit activity: We may temporarily or permanently block your IP address to protect our services and other users. This is a standard security measure used by all responsible website operators.

If you suspect account issues: You may contact us at contact@amgres.com, and we can review security logs to identify any suspicious activity affecting your account (e.g., unauthorized login attempts, unusual access patterns).

3. Cookies and Tracking

Functional Cookies Only

We use ONLY essential, functional cookies necessary for our website and services to work. We do NOT use tracking cookies, analytics cookies, or advertising cookies.

3.1 Cookies We Use

Session Cookies

Purpose: Maintain your logged-in state and track your navigation across our website pages to improve user experience

Data Stored: Session ID, user authentication state, pages visited, IP address, user agent

Duration: Session (deleted when you close your browser)

Necessary: Yes - required for authentication and website functionality

Access/Refresh Token Cookies

Purpose: Securely maintain authentication without requiring frequent logins

Duration: Access tokens: 15 minutes, Refresh tokens: 7 days

Necessary: Yes - required for secure authentication

CSRF Token Cookies

Purpose: Protect against Cross-Site Request Forgery attacks

Duration: Session

Necessary: Yes - required for security

3.2 What We Don't Use

We explicitly DO NOT use:

  • Google Analytics or any analytics platforms
  • Third-party tracking cookies
  • Advertising cookies or pixels
  • Social media tracking pixels
  • Behavioral tracking technologies
  • Fingerprinting techniques

4. How We Use Your Information

We use collected information solely for the following purposes:

4.1 Service Delivery

  • Developing and delivering your mobile application and/or backend services
  • Communicating with you about your project
  • Providing customer support
  • Managing hosting and maintenance services

4.2 Billing and Payments

  • Processing payments and invoices
  • Managing subscriptions
  • Detecting and preventing fraud

4.3 Legal Obligations

  • Complying with applicable laws and regulations
  • Responding to legal requests
  • Protecting our rights and property

4.4 Service Improvement

  • Understanding how our services are used (without individual tracking)
  • Improving service quality and performance
  • Developing new features

Important: We will NEVER sell, rent, or share your personal information with third parties for marketing purposes.

5. Information Sharing and Disclosure

We share your information only in the following limited circumstances:

5.1 Service Providers

We may share information with third-party service providers who perform services on our behalf:

  • Payment Processors: Stripe or similar services for payment processing
  • Hosting Providers: Cloud infrastructure providers for hosting services
  • Email Services: For sending transactional emails (account confirmations, project updates)

These providers are contractually obligated to protect your data and use it only for the specified purposes.

5.2 Legal Requirements

We may disclose information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Government requests
  • Protecting rights, safety, or property

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

5.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Measures

  • SSL/TLS encryption for data in transit
  • Encrypted storage for sensitive data
  • Password hashing using industry-standard algorithms
  • Regular security updates and patches
  • Firewall protection
  • Access controls and authentication

6.2 Administrative Measures

  • Limited employee access to personal data (need-to-know basis)
  • Regular security training
  • Data backup procedures
  • Incident response protocols

6.3 Your Responsibility

You are responsible for:

  • Maintaining the confidentiality of your password
  • Logging out of your account when finished
  • Notifying us of any unauthorized access

Note: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

7.1 Active Accounts

We retain your personal information as long as your account is active or as needed to provide services to you.

7.2 Inactive Accounts

If your account is inactive for more than 2 years, we may delete your account and associated data after providing notice to your registered email address.

7.3 Legal and Business Requirements

We may retain certain information for longer periods if required by:

  • Legal obligations (tax records, contracts)
  • Dispute resolution
  • Fraud prevention
  • Backup systems (typically 30-90 days)

7.4 Application Data

For Server Only and Amber plans, we retain application and database data as long as you maintain an active subscription. Upon cancellation, data is retained for 30 days to allow for service restoration, then permanently deleted unless otherwise requested.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Request a copy of your personal information
  • Receive your data in a structured, commonly used format

8.2 Correction

  • Update or correct inaccurate information
  • Complete incomplete information

8.3 Deletion

  • Request deletion of your personal information
  • Note: Some information may be retained for legal or business purposes

8.4 Restriction and Objection

  • Restrict how we process your data
  • Object to certain processing activities

8.5 Exercising Your Rights

To exercise any of these rights, please contact us at contact@amgres.com. We will respond to your request within 30 days.

You may also access and update much of your information directly through your account dashboard.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as soon as possible.

If you believe we have collected information from a child under 18, please contact us immediately at contact@amgres.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer your information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses
  • Data processing agreements
  • Compliance with applicable data protection regulations

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email to your registered email address
  • Display a prominent notice on our website

Your continued use of our services after such modifications constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company Information

SECURE NEW HORIZONS SRL

Registered in Romania

Website

amgres.com

Contact Email

contact@amgres.com

Response Time

We aim to respond to all privacy inquiries within 30 days

Your privacy matters to us. Read our commitment to protecting your data.

View Terms of Service →