Privacy Policy

Ama Collective, Inc. ("Ama," "we," "our," or "us") operates amacollective.co and related services (the "Platform"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.

We take privacy seriously. Ama collects sensitive information — including names, addresses, dietary needs, medical preferences, and payment details — and we are committed to handling it responsibly and transparently.

By using the Platform, you agree to the practices described in this Policy. If you do not agree, please do not use the Platform.

We collect information you provide directly, information generated through your use of the Platform, and information from third-party services.

Account & Identity Information When you create an account, we collect your name, email address, and password (hashed — we never store plaintext passwords). Practitioners additionally provide professional credentials, license information, and verification documents.

Registry Information When you build a registry, we collect your responses to the Ama questionnaire, including your values, parenting philosophy, birth preferences, feeding intentions, and lifestyle information. This information is used to generate your personalized registry and is associated with your account.

Meal Train & Help Calendar Information When you create or participate in a meal train or help calendar, we collect: recipient name, delivery address, apartment and gate codes, contact name and phone number, household size, food allergies and dietary restrictions, favorite foods and restaurants, delivery preferences, and organizer email and name. This information is shared with supporters who sign up to participate — only those you approve or whose access you enable.

Payment Information We do not store your payment card information. All payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. We receive and store only a Stripe customer ID and transaction records (amount, date, status). For practitioners and registrants receiving payouts, we may collect bank account information through Stripe Connect — this is governed by Stripe's privacy policy.

Device & Usage Information We automatically collect IP address, browser type, device identifiers, pages visited, time on page, and referral URLs. This data is used for security, fraud prevention, and improving the Platform.

AI Interaction Data When you interact with the Ama AI questionnaire or chatbot, your messages are processed by Anthropic, Inc. via their Claude API. We do not use your conversations to train AI models. Conversation content is retained in your session and may be stored to provide continuity of service.

Practitioner Credential Information Practitioners who list on the Platform may provide license numbers, NPI numbers, insurance panel information, and professional certifications. ⚠️ Important: We do not collect or transmit patient Protected Health Information (PHI) as defined by HIPAA. If any feature of the Platform were to create a practitioner-patient relationship involving PHI, that feature will be governed by a separate HIPAA-compliant data handling agreement. We recommend practitioners consult their own legal counsel regarding their obligations.

We use the information we collect to:

We do not sell your personal information. We do not use your personal information for cross-context behavioral advertising without your explicit consent.

We share your information only as described below.

With Other Users (Your Direction) Registry information you mark as public is visible to anyone with your registry link. Meal train recipient details are shared with supporters who sign up. You control who can see your registry and meal train through the privacy settings on each.

With Service Providers We use the following third-party processors who may access your data only to perform services on our behalf:

All processors are contractually required to protect your information and may not use it for their own purposes.

For Legal Reasons We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Ama, our users, or the public.

Business Transfers If Ama is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. You will be notified before your information is subject to a different privacy policy.

Certain information we collect is sensitive and warrants additional care:

Health-Adjacent Data Dietary restrictions, food allergies, birth preferences, and feeding intentions are collected to personalize your experience and coordinate meal support. This information is not used for any health treatment purpose and is not considered Protected Health Information (PHI) under HIPAA.

Practitioner Insurance Information We may collect information about what insurance a practitioner accepts. ⚠️ Legal note for practitioners: If you provide insurance billing information or NPI data that would be used in insurance claims or referrals, consult your attorney and malpractice insurer regarding HIPAA Business Associate Agreements and anti-kickback statute compliance. Ama does not act as a covered entity or business associate under HIPAA for services currently offered.

Minor's Information Our Platform is not directed at children under 13. We do not knowingly collect personal information from children. Baby registries and meal trains are set up by adults on behalf of their families.

We implement technical and organizational measures to protect your personal information:

Despite these measures, no system is perfectly secure. If you believe your account has been compromised, contact us immediately at privacy@amacollective.co.

In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

You may request deletion of your account and personal data at any time (see Section 8).

Depending on where you live, you may have the following rights:

Right to Access You may request a copy of the personal information we hold about you.

Right to Correction You may request that we correct inaccurate information. Most information can be updated directly in your account settings.

Right to Deletion You may request deletion of your personal information. We will honor this request subject to legal retention requirements (e.g., payment records). To request deletion, email privacy@amacollective.co.

Right to Portability You may request your data in a structured, machine-readable format.

California Residents (CCPA/CPRA) You have the right to know what personal information we collect and how it is used, the right to opt out of the sale or sharing of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights. To submit a request, email privacy@amacollective.co.

How to Exercise Your Rights Email privacy@amacollective.co with "Privacy Request" in the subject line. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

We use session cookies and local storage to keep you logged in and remember your preferences. We do not use third-party advertising cookies or tracking pixels.

Currently we use: • Supabase authentication cookies (required for login) • Local storage for registry customization preferences (theme, cover photo) • Google Analytics (GA4) — anonymized usage analytics via a first-party script. No advertising features are enabled. See Google's Privacy Policy for details. • Vercel Analytics — cookieless, anonymized page view tracking built into our hosting platform.

We do not use Meta Pixel, TikTok Pixel, or any advertising or retargeting tracking services.

We may update this Privacy Policy as our services evolve or as required by law. We will notify you of material changes by email or by displaying a prominent notice on the Platform. Your continued use of the Platform after any change constitutes acceptance of the updated Policy.

For privacy questions, requests, or concerns:

Email: privacy@amacollective.co Ama Collective, Inc.

If you are in the EU/UK and believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.