← Back to tetrik.ai

Privacy Policy

Status note. AmPhi Labs B.V. is currently being incorporated under Dutch law. Until KvK registration completes, the founders act personally and jointly with the company-in-formation as joint controllers. Registered office: Singel 542, 1017AZ Amsterdam, Netherlands. KvK and VAT numbers will be added here within 10 working days of incorporation.


1. Who we are and what this notice covers

This Privacy Policy explains how AmPhi Labs B.V. i.o. ("AmPhi Labs", "we", "us") processes personal data when you:

a. visit tetrik.ai or any subdomain; b. submit a research survey hosted by us; c. join our early-adopter waiting list or pilot programme; d. correspond with us by email; or e. use the Tetrik service as an authorised user of a pilot customer.

It is written to meet Regulation (EU) 2016/679 (GDPR), the Dutch implementing law Uitvoeringswet AVG (UAVG), the UK GDPR and Data Protection Act 2018, and the Swiss Federal Act on Data Protection (revFADP, 2023).

If you only want the short version: we collect as little as we can, we never sell your data, you can withdraw consent at any time, and you can email hello@tetrik.ai to exercise any of your rights.


2. The personal data we process and why

# Purpose Categories of data Legal basis (GDPR Art. 6) Retention
1 Operate the website (security, load balancing, fraud prevention) IP address, user-agent, request timestamps, page paths Art. 6(1)(f) — legitimate interest in a secure, functioning site Server logs deleted after 30 days
2 Run the research surveys (void-space, packaging operations, PPWR readiness, etc.) Survey answers, company type, company size, country, role, optional email Art. 6(1)(a) — explicit consent Identifiable answers deleted 24 months after submission, or earlier on request. Aggregated/anonymised statistics may be kept indefinitely.
3 Maintain the early-adopter / pilot waiting list and contact you about access Name, business email, company, country Art. 6(1)(a) — consent (you ticked the box) Until you unsubscribe or 24 months of inactivity, whichever comes first
4 Send product newsletters and early-adopter updates Email, engagement metrics (opens, clicks) Art. 6(1)(a) — consent Until you unsubscribe
5 Provide the Tetrik service to a pilot customer Authorised-user name, business email, account log-in events, in-app actions Art. 6(1)(b) — performance of the pilot agreement with your employer Duration of the pilot + 12 months, then deleted or anonymised
6 Process customer-uploaded SKU and order data for box-size optimisation Product dimensions, weights, order line items; no consumer personal data is required Art. 6(1)(b) — we act as processor for the pilot customer under a DPA Per the DPA — typically 30 days after pilot ends
7 Comply with legal obligations (accounting, tax, lawful requests) Whatever the obligation requires Art. 6(1)(c) — legal obligation Dutch statutory periods (commercial books: 7 years)
8 Defend or bring legal claims Correspondence, contracts, logs Art. 6(1)(f) — legitimate interest Up to the relevant Dutch limitation period (max 20 years for some claims)

We do not process special categories of personal data (Art. 9 GDPR), and we do not carry out automated decision-making with legal or similarly significant effects on you (Art. 22 GDPR).


3. Where the data lives — sub-processors

We host and process personal data with the following sub-processors. The current list is maintained at tetrik.ai/legal/sub-processors and you will be notified of material changes.

Sub-processor Function Location of processing Safeguards
Netlify, Inc. Website hosting, form delivery, CDN, basic analytics EU edge + US Standard Contractual Clauses (EU 2021/914), EU-US Data Privacy Framework
Google Ireland Ltd. / Google LLC (Workspace, Sheets, Apps Script, Gmail) Survey response capture, internal email, document storage EU primary, US fallback SCCs, EU-US DPF
Google LLC (Gmail / Workspace) Transactional email + early-adopter outreach (via Gmail) EU primary, US fallback SCCs / EU-US DPF

We will publish a final, confirmed sub-processor list before the pilot opens. If a new sub-processor processes personal data, we update the list at least 30 days before they go live so you can object.


4. International transfers

Where data leaves the EEA / UK / Switzerland — for example to a US sub-processor — we rely on one or more of:

A copy of the relevant SCCs is available on request at hello@tetrik.ai.


5. Your rights

Under the GDPR/UK GDPR/FADP, you have the right to:

To exercise any right, email hello@tetrik.ai. We respond within one month as required by Art. 12(3) GDPR. We may ask for proportionate proof of identity if your request is unclear.


6. Survey participants — opt-in and opt-out in plain English

You only enter a Tetrik research survey by clicking through to it yourself. Inside the survey:

  1. Email is optional. Surveys are answerable without giving us any contact details. If you skip the email field, your responses cannot be tied back to you.
  2. Explicit consent. If you do provide an email, you must tick the GDPR consent box before submitting. The box is not pre-ticked (consent must be a clear affirmative act — Art. 4(11) GDPR).
  3. Opt-out at any time. Email hello@tetrik.ai with the subject "SURVEY OPT-OUT" and your email address. We will delete your identifiable response within 14 days and confirm in writing. Aggregated statistics that no longer identify you may be retained.
  4. Withdrawal does not affect lawfulness of processing before withdrawal.

We do not enrich survey responses with third-party data, we do not share them with advertisers, and we do not sell them. Aggregated, anonymised insights may be published in white papers and presentations.


7. Cookies and similar technologies

See our separate Cookie Policy at tetrik.ai/legal/cookies. Short version: we use one strictly-necessary cookie for the consent banner itself; everything else (analytics, embedded media) loads only after you actively consent.


8. Security

We apply commercially reasonable technical and organisational measures, including TLS 1.2+ in transit, encryption at rest in our sub-processors' default configurations, least-privilege access, single-sign-on with two-factor authentication for the team, and quarterly access reviews. No system is perfectly secure; if a personal-data breach occurs that is likely to result in a risk to your rights and freedoms we will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR) and you without undue delay if the risk is high (Art. 34 GDPR).


9. Children

The Tetrik service is a B2B tool. We do not knowingly process personal data of anyone under 16. If you believe we have, contact us and we will delete it.


10. Changes to this policy

We will publish any material change at tetrik.ai/legal/privacy at least 14 days before it takes effect, and notify pilot customers and waiting-list subscribers by email.


11. Contact

AmPhi Labs B.V. i.o. Email: hello@tetrik.ai Postal: Singel 542, 1017AZ Amsterdam, Netherlands KvK: in progress · VAT: in progress

If you are unable to resolve a concern with us, you may contact your local supervisory authority: