← Back to home

Privacy Policy

Effective Date: June 1, 2026

AmplLab | www.ampllab.com

Prosodiq | www.prosodiq.com

Operated by Billion Point Private Limited

CIN: U62011KA2026PTC213855

Flat No. 201, Ambalipura Residency, Sarjapur Road,

HSR Layout, Bangalore South, Bengaluru, Karnataka – 560102, India

Effective Date: June 1, 2026

Version: 1.0

This Privacy Policy (the Policy) is published by Billion Point Private Limited, a company incorporated under the Companies Act, 2013 (CIN: U62011KA2026PTC213855), having its registered office at Flat No. 201, Ambalipura Residency, Sarjapur Road, HSR Layout, Bangalore South, Bengaluru, Karnataka – 560102, India, operating the AmplLab platform (www.ampllab.com) for enterprise clients and the Prosodiq contributor platform (www.prosodiq.com) for voice contributors (collectively, the Platforms). Throughout this Policy, the Company, we, our, or us refers to Billion Point Private Limited.

This Policy explains how the Company collects, uses, processes, stores, discloses, and protects personal data - including biometric voice data and voice clone data - across both Platforms, for users in India, the United States, and all other jurisdictions in which the Platforms operate. It is designed to comply with the Digital Personal Data Protection Act, 2023 (India), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Illinois Biometric Information Privacy Act (BIPA), and all other applicable US state and federal privacy laws.

For privacy-related inquiries, data rights requests, and grievances, contact: data@ampllab.com.

1. SCOPE AND APPLICATION

This Policy applies to:

This Policy does not apply to third-party websites linked from our Platforms. We are not responsible for the privacy practices of those third-party sites.

2. IDENTITY OF THE DATA FIDUCIARY / DATA CONTROLLER

For the purposes of the Digital Personal Data Protection Act, 2023 (India) and applicable US state privacy laws, Billion Point Private Limited is the Data Fiduciary and Data Controller in respect of all personal data collected through the AmplLab and Prosodiq platforms.

Data Fiduciary / Controller: Billion Point Private Limited (AmplLab / Prosodiq)

CIN: U62011KA2026PTC213855

Registered Office: Flat No. 201, Ambalipura Residency, Sarjapur Road, HSR Layout, Bangalore South, Bengaluru, Karnataka – 560102, India

US Operations: AmplLab Inc. (Delaware) - in formation. Upon incorporation, AmplLab Inc. will act as Data Controller for US-based data subjects

Grievance Officer / Privacy Contact: data@ampllab.com

CCPA / CPRA Contact: data@ampllab.com

BIPA Contact: data@ampllab.com

3. PERSONAL DATA WE COLLECT

3.1 AmplLab Platform (www.ampllab.com) - Enterprise Clients and Visitors

(a) Identity and Contact Information. Full name, work email address, phone number, job title, company name, and country of incorporation, provided through contact forms, access request forms, or account registration.

(b) Account Credentials. Username and securely hashed password where account registration is required.

(c) Billing and Payment Information. Company billing address, purchase order details, and payment processing data handled through Stripe. The Company does not store raw card numbers; Stripe processes payment data in compliance with PCI-DSS standards.

(d) Communications. Email correspondence, support requests, and other communications directed to us.

(e) Automatically Collected Technical Data. IP address, browser type and version, operating system, referring URLs, pages visited, session duration, and cookie data, collected through standard server logs and Google Analytics.

3.2 Prosodiq Platform (www.prosodiq.com) - Voice Contributors

(a) Identity and Onboarding Information. Full legal name, email address, date of birth, nationality, and country of residence, collected at registration.

(b) Know Your Customer (KYC) Documentation. Government-issued identification, selfie or identity verification images, address proof, and PAN card or equivalent tax identification. KYC data is processed and stored exclusively through Gloroots.

(c) Biometric Data - Voice Recordings and Voice Clone Data. Voice samples and audio recordings captured through the Prosodiq web application constitute Biometric Data and Voice Clone Source Data. This includes: (i) raw voice recordings submitted during Job sessions; (ii) acoustic feature data extracted from recordings (voice prints, tonal signatures, prosodic patterns); (iii) Synthetic Voice Models - AI-generated near-exact replicas of the contributor's voice engineered for commercial text-to-speech (TTS), speech-to-speech (STS), and voice cloning applications; and (iv) any other voice clone data derived from the contributor's recordings. Collection of this data requires and is subject to your explicit prior consent under Clause 6 of this Policy and the Voice Contributor Agreement.

(d) Recording Metadata. Session identifiers, recording timestamps, device type, recording environment classification, language tags, signal-to-noise ratio scores, and anonymised speaker UUIDs.

(e) Compensation and Payment Information. Bank account or payment method details required to disburse contributor compensation, processed through Gloroots.

(f) Consent Records. Electronically timestamped Consent Log entries recording IP address, device fingerprint, consent version, and exact timestamp of each acceptance.

3.3 Information We Do Not Collect

The Company does not collect: (i) personal data of individuals under 18 years of age - the Prosodiq platform enforces a hard age gate; (ii) special category data beyond biometric voice data for which explicit consent has been obtained; or (iii) data relating to criminal convictions or offences.

4. HOW WE USE PERSONAL DATA

4.1 AmplLab Platform - Enterprise Clients

(a) To respond to dataset access requests, licensing enquiries, and customer support communications.

(b) To negotiate, execute, and administer Dataset License Agreements, Master Services Agreements, and Order Forms.

(c) To process Licence Fee payments through Stripe and to issue tax-compliant invoices.

(d) To improve and develop the AmplLab platform and dataset catalogue.

(e) To send service-related communications including agreement updates and delivery notifications.

(f) To comply with legal obligations including tax reporting, audit requirements, and regulatory compliance in India and the United States.

4.2 Prosodiq Platform - Voice Contributors

(a) To create and manage contributor accounts, including verifying eligibility and age.

(b) To conduct KYC verification through Gloroots for identity authentication and fraud prevention.

(c) To process voice recordings submitted as Deliverables in response to Job assignments.

(d) To engineer, validate, annotate, and package voice recordings into commercial-grade datasets for licensing to enterprise clients in the artificial intelligence and speech technology industries.

(e) To create near-exact Voice Clones and Synthetic Voice Models derived from contributor recordings for commercial licensing as text-to-speech engines, speech-to-speech systems, and AI voice products, as explicitly consented to under the Voice Contributor Agreement.

(f) To sublicence Voice Clones and Synthetic Voice Models to enterprise clients who may integrate them into commercial products, virtual assistants, branded voice applications, and AI platforms, as explicitly consented to under the Voice Contributor Agreement.

(g) To calculate, process, and disburse contributor compensation through Gloroots.

(h) To maintain Consent Log records as legally required evidence of biometric and voice clone consent.

(i) To conduct quality assurance including automated signal-to-noise ratio analysis and human-in-the-loop transcript validation.

(j) To comply with legal obligations including DPDP Act 2023, BIPA, applicable US state biometric laws, and tax reporting requirements.

5. LEGAL BASIS FOR PROCESSING

(a) Consent (DPDP Act 2023 - India). For the collection and processing of Biometric Data, Voice Clone Data, and Synthetic Voice Model creation from contributors on the Prosodiq platform, the Company relies on the contributor's free, prior, informed, and explicit consent given through the platform's clickwrap consent mechanism and the Voice Contributor Agreement.

(b) Consent (BIPA and US State Biometric Laws). For contributors physically located in the United States, the Company relies on written informed consent obtained before biometric capture, in compliance with the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington My Health MY Data Act, and other applicable state biometric statutes. Consent is captured through the Prosodiq platform's clickwrap system and the Supplemental US Notice in the Voice Contributor Agreement.

(c) Performance of a Contract. For processing necessary to perform obligations under the Voice Contributor Agreement and under Enterprise Dataset License Agreements.

(d) Legitimate Business Purposes. For platform security, fraud prevention, product improvement, and internal analytics as permitted under applicable law.

(e) Compliance with Legal Obligations. For processing required to meet tax, regulatory, and audit obligations under Indian and US law.

6. BIOMETRIC DATA AND VOICE CLONE DATA - SPECIAL HANDLING NOTICE

STATUTORY NOTICE PURSUANT TO SECTION 5 OF THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 (INDIA), THE ILLINOIS BIOMETRIC INFORMATION PRIVACY ACT (BIPA, 740 ILCS 14), AND APPLICABLE US STATE BIOMETRIC STATUTES

Data Fiduciary / Controller: Billion Point Private Limited (AmplLab / Prosodiq)

Classification of Data: Biometric Data and Voice Clone Data - including voice prints, acoustic signatures, near-exact voice clone models, and synthetic voice models

Specified Purpose: Engineering of voice and voice clone datasets for AI model training; creation of near-exact Synthetic Voice Models (text-to-speech and speech-to-speech systems); and global commercial licensing of datasets and voice clone models to enterprise clients

Downstream Commercial Use: Voice Clone Data and Synthetic Voice Models may be licensed to enterprise clients for use in commercial AI products, virtual assistants, branded voice applications, and consumer-facing voice platforms globally, including in the United States

Cross-Border Transfer: Biometric and Voice Clone Data may be transferred to enterprise clients in the United States, European Union, United Kingdom, and other jurisdictions

Retention: Voice recordings and Voice Clone Data are retained perpetually for the duration of applicable Dataset licences. Identity and KYC records are retained only as required by law

Consent Withdrawal: Contact data@ampllab.com. Withdrawal is without prejudice to processing already completed or IP rights previously assigned under the Voice Contributor Agreement

Grievance Officer: data@ampllab.com

The Company implements the following specific safeguards for Biometric and Voice Clone Data:

(a) Data Segregation. Contributor KYC data and payment information are stored exclusively through Gloroots and are never co-mingled with raw voice recording files or Voice Clone Data. Raw audio files and Voice Clone Data are stored only under randomised system-generated Speaker UUIDs with no linkage to the contributor's real name within the audio pipeline.

(b) Anonymisation Before Delivery. No dataset package delivered to enterprise clients contains contributor names, contact information, KYC data, or government-issued identification. All data is delivered under anonymised speaker identifiers only.

(c) Azure Central India Storage. Voice recordings, Voice Clone Data, and processed dataset artifacts are stored in Microsoft Azure Blob Storage, Central India region. This is the Company's primary object storage environment.

(d) BIPA Written Policy (Illinois). Pursuant to 740 ILCS 14/15(b), the Company maintains the following written policy regarding biometric identifier and biometric information retention and destruction: (i) Biometric identifiers (voice prints) collected from contributors are used solely for the purpose of creating AI speech datasets, voice clones, and synthetic voice models for commercial dataset licensing as described in this Policy and the Voice Contributor Agreement; (ii) Contributor identity and KYC records are managed through Gloroots and retained only for the period required for verification, compensation, tax, and audit obligations; (iii) Voice recordings incorporated into commercial Datasets are retained perpetually in accordance with the applicable Dataset Licence Agreement; (iv) Voice recordings not incorporated into commercial Datasets will be deleted within ninety (90) days of account closure; (v) Biometric identifiers collected from contributors shall not be sold, leased, traded, or profited from, except as part of the commercial dataset licensing model explicitly described in this Policy and the Voice Contributor Agreement, to which contributors have given explicit written consent.

(e) ELVIS Act Compliance (Tennessee). For contributors physically located in Tennessee, the Company obtains express written authorisation pursuant to the Tennessee Ensuring Likeness Voice and Image Security Act (Tenn. Code Ann. Section 47-25-1101 et seq.) through the Voice Contributor Agreement before using any contributor's voice in AI-generated content or voice clone applications.

(f) Texas CUBI Compliance. For contributors physically located in Texas, the Company provides this notice before capturing voice prints as biometric identifiers pursuant to the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code Chapter 503). The purpose and intended use of the biometric identifiers is as set out in this Policy.

(g) FTC Act Compliance. The Company ensures that the collection, use, and commercial licensing of Voice Clone Data complies with Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in connection with AI-generated voice content. The Company's enterprise Dataset License Agreements contractually prohibit downstream misuse of Voice Clone Data for deceptive, fraudulent, or non-consensual purposes.

7. DATA STORAGE, RETENTION, AND SECURITY

7.1 Storage Infrastructure

(a) Voice recordings, Voice Clone Data, processed dataset artifacts, and associated Metadata are stored in Microsoft Azure Blob Storage, Central India region.

(b) KYC documentation, contributor identity records, and payment information are processed and stored through Gloroots in accordance with Gloroots' data residency and security terms.

(c) Website analytics data is processed through Google Analytics (anonymised usage data only).

(d) Payment processing for enterprise clients is handled through Stripe (PCI-DSS compliant).

7.2 Data Retention

(a) Enterprise Client Data. Retained for the duration of the commercial relationship and a minimum of seven (7) years thereafter to satisfy statutory audit and tax obligations.

(b) Contributor Account Data. Retained for the duration of the active account. Upon account closure, personal data deleted within ninety (90) days subject to legal retention requirements.

(c) KYC and Payment Records. Retained through Gloroots only for the period required to satisfy verification, payout, tax, and statutory audit obligations.

(d) Voice Recordings and Voice Clone Data. Incorporated recordings and derived Voice Clone Models are retained for the duration of the applicable Dataset licence, which may be perpetual, consistent with the terms of the Voice Contributor Agreement. Consent Log records are retained indefinitely as legal evidence.

(e) Website Analytics Data. Anonymised data retained for a maximum of twenty-six (26) months.

7.3 Security Measures

The Company implements appropriate technical and organisational security measures including:

8. DATA SHARING AND DISCLOSURE

The Company does not sell, rent, or trade personal data for monetary consideration. We share personal data only in the following circumstances:

(a) Enterprise Clients - Anonymised Datasets and Voice Clone Models. Voice recordings and Voice Clone Data incorporated into commercial Datasets are shared with enterprise clients in anonymised form only, under Dataset Licence Agreements that prohibit re-identification and misuse. No directly identifying contributor information is included in any dataset delivery. Enterprise clients may integrate licensed Voice Clone Models into their own commercial AI products, virtual assistants, and branded voice platforms, subject to the Prohibited Use restrictions in their Dataset Licence Agreement.

(b) Subprocessors. We share personal data with the following third-party service providers:

1. Gloroots - contributor KYC verification, identity management, and compensation disbursement.

2. Microsoft Azure - cloud infrastructure and object storage for voice recordings, Voice Clone Data, and dataset artifacts (Central India region).

3. Stripe - payment processing for enterprise client Licence Fee payments (PCI-DSS compliant).

4. Google Analytics - anonymised website usage analytics for www.ampllab.com and www.prosodiq.com.

(c) Legal Obligations. We may disclose personal data to competent authorities, courts, or regulatory bodies where required by applicable law, including in response to a valid court order, subpoena, regulatory investigation, or law enforcement request, in any applicable jurisdiction including India and the United States.

(d) Business Transfers. In the event of a merger, acquisition, or sale of all or substantially all of the Company's assets, personal data may be transferred to the acquirer subject to equivalent data protection standards.

(e) AmplLab Inc. (USA). Upon the incorporation of AmplLab Inc. (Delaware), the Company may transfer data associated with US and international engagements to AmplLab Inc. as part of the planned corporate restructuring, with prior notice and appropriate safeguards.

(f) CCPA - No Sale of Personal Information. The Company does not sell personal information as defined under the California Consumer Privacy Act (Cal. Civ. Code Section 1798.100 et seq.). The commercial licensing of anonymised Voice Clone Datasets to enterprise clients under Dataset Licence Agreements does not constitute a sale of personal information under CCPA/CPRA, as the data delivered is fully anonymised and contributor identities are not disclosed to enterprise clients.

9. PRIVACY RIGHTS OF US RESIDENTS

The Company respects and honours the privacy rights of individuals residing in the United States. The following rights are available to US residents under applicable state privacy laws including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Connecticut Data Privacy Act (CTDPA), and the Texas Data Privacy and Security Act (TDPSA).

9.1 California Residents - CCPA / CPRA Rights

NOTICE - APPLICABLE TO USERS IN THE UNITED STATES

(a) Right to Know. You have the right to request that the Company disclose to you: (i) the categories of personal information collected about you; (ii) the categories of sources from which personal information is collected; (iii) the business or commercial purpose for collecting personal information; (iv) the categories of third parties to whom personal information is disclosed; and (v) the specific pieces of personal information collected about you.

(b) Right to Delete. You have the right to request deletion of personal information the Company has collected about you, subject to certain exceptions permitted by law, including where retention is required to complete a transaction, detect security incidents, comply with legal obligations, or for certain research purposes.

(c) Right to Correct. You have the right to request correction of inaccurate personal information the Company maintains about you.

(d) Right to Opt-Out of Sale or Sharing. The Company does not sell personal information. The Company does not share personal information for cross-context behavioural advertising. If this practice changes, California residents will be provided a clear and conspicuous 'Do Not Sell or Share My Personal Information' mechanism on the relevant Platform.

(e) Right to Limit Use of Sensitive Personal Information. Voice prints and voice clone data constitute Sensitive Personal Information under CPRA. You have the right to direct the Company to limit the use of your voice print and Voice Clone Data to uses reasonably necessary to perform the services requested. You exercised this right at the point of giving explicit consent under the Voice Contributor Agreement; the Company uses voice print data only for the purposes described in that Agreement and in this Policy.

(f) Right to Non-Discrimination. The Company will not discriminate against you for exercising any of your CCPA/CPRA rights. Exercising your rights will not result in denial of services, different prices, or different quality of service, except as permitted by law.

(g) Authorised Agent. You may designate an authorised agent to submit CCPA requests on your behalf. The Company will require written proof of the agent's authorisation and may verify your identity directly.

(h) CalOPPA - Do Not Track. The Company's platforms do not currently respond to browser-level Do Not Track (DNT) signals, as there is no uniform industry standard for DNT compliance. California residents may opt out of Google Analytics data collection by using the Google Analytics Opt-Out Browser Add-On available at https://tools.google.com/dlpage/gaoptout.

9.2 Colorado, Virginia, Connecticut, and Texas Residents

NOTICE - APPLICABLE TO USERS IN THE UNITED STATES

(a) Right of Access. You have the right to confirm whether the Company is processing your personal data and to access such data.

(b) Right to Correct. You have the right to correct inaccuracies in your personal data.

(c) Right to Delete. You have the right to request deletion of personal data you have provided to the Company, subject to legal retention obligations.

(d) Right to Data Portability. You have the right to obtain a copy of your personal data in a portable, technically feasible format.

(e) Right to Opt Out of Targeted Advertising. The Company does not engage in targeted advertising as defined under applicable state law.

(f) Right to Opt Out of Sale of Personal Data. The Company does not sell personal data as defined under applicable state law.

(g) Right to Appeal. If the Company declines to act on your request, you have the right to appeal. To initiate an appeal, send an email to data@ampllab.com with the subject line 'Privacy Request Appeal' and a description of your original request and the outcome. We will respond within the period required by applicable state law.

9.3 Exercising Your US Privacy Rights

To exercise any of the rights described in this Clause 9, please submit a request to data@ampllab.com with: (i) your full name; (ii) the Platform on which you have an account (AmplLab or Prosodiq); (iii) your state of residence; and (iv) a clear description of the right you wish to exercise. We will verify your identity before processing your request and will respond within the timelines required by applicable law (45 days for CCPA/CPRA requests, extendable by a further 45 days where reasonably necessary).

10. PRIVACY RIGHTS OF INDIAN AND GLOBAL USERS

Subject to the Digital Personal Data Protection Act, 2023 (India) and applicable law, Indian and global users (Data Principals) have the following rights:

(a) Right of Access. You may request confirmation of whether the Company processes your personal data and receive a summary of the data processed.

(b) Right of Correction and Completion. You may request correction of inaccurate personal data and completion of incomplete data.

(c) Right of Erasure. You may request deletion of your personal data where: (i) the purpose for which it was collected has been fulfilled; (ii) you withdraw consent; or (iii) processing is in violation of applicable law. This right is subject to the limitations in the Voice Contributor Agreement regarding recordings already incorporated into licensed Datasets and IP rights already assigned.

(d) Right to Withdraw Consent. For processing based on consent, you may withdraw consent at any time by contacting data@ampllab.com. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

(e) Right to Grievance Redressal. You may have your grievances addressed by the Company within the timelines prescribed by the DPDP Act 2023. Contact data@ampllab.com.

(f) Right to Nominate. In accordance with the DPDP Act 2023, you may nominate an individual to exercise these rights on your behalf in the event of your death or incapacity.

11. CROSS-BORDER DATA TRANSFERS

(a) The Company is incorporated in India but operates globally. Personal data, including Voice Clone Data and Biometric Data, may be transferred to and processed in countries outside India, including the United States, the European Union, and the United Kingdom.

(b) Transfers to the United States. Where Voice Clone Data and dataset artifacts are transferred to US-based enterprise clients, such transfers are governed by Dataset Licence Agreements that impose contractual obligations prohibiting re-identification, misuse, and Prohibited Uses including deepfake creation, identity fraud, and unauthorised voice cloning applications.

(c) DPDP Act 2023 Compliance. Cross-border transfers are conducted in compliance with the cross-border transfer provisions of the DPDP Act 2023 as notified by the Government of India, including through contractual safeguards with international recipients.

(d) Standard Contractual Safeguards. For transfers to jurisdictions without an adequacy determination, the Company implements contractual data protection clauses and imposes equivalent data protection obligations on recipients.

12. COOKIES AND TRACKING TECHNOLOGIES

(a) The Company uses cookies and similar tracking technologies on www.ampllab.com and www.prosodiq.com for the following purposes: (i) essential cookies necessary for platform functionality including session management and login authentication; (ii) analytics cookies (Google Analytics) to understand platform usage and improve user experience; and (iii) preference cookies to remember your settings.

(b) The Company does not use third-party advertising cookies, retargeting cookies, or cross-context behavioural advertising technologies on the Platforms. The Company does not permit advertisers to collect data through the Platforms.

(c) CalOPPA Disclosure. The Company's platforms do not currently honour browser-level Do Not Track (DNT) signals. California residents may use the Google Analytics Opt-Out Browser Add-On to prevent Google Analytics tracking.

(d) You may manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

13. CHILDREN'S PRIVACY

The AmplLab and Prosodiq platforms are not directed to, and do not knowingly collect personal data from, individuals under the age of 18. The Prosodiq platform implements a hard age gate at registration blocking individuals under 18 from creating an account. In accordance with the Children's Online Privacy Protection Act (COPPA), the Company does not knowingly collect personal information from children under 13 in the United States. If you believe we have inadvertently collected data from a minor, please contact data@ampllab.com immediately and we will delete it promptly.

14. GRIEVANCE REDRESSAL

Grievance Officer: Designated Officer, Billion Point Private Limited

Email: data@ampllab.com

Response Timeline: Acknowledgement within 48 hours; resolution within the timelines prescribed by applicable law

CCPA / CPRA Requests: Response within 45 days (extendable by 45 days where necessary)

DPDP Act Requests: Resolution within timelines prescribed by the Data Protection Board of India

If you are not satisfied with the resolution of your grievance, you may approach the Data Protection Board of India (once constituted), the California Privacy Protection Agency (for CCPA/CPRA matters), or such other regulatory authority as may be applicable in your jurisdiction.

15. CHANGES TO THIS POLICY

The Company may update this Privacy Policy to reflect changes in data processing practices, applicable law, or platform features. When we make material changes, we will: (i) post the updated Policy on www.ampllab.com and www.prosodiq.com with an updated effective date; (ii) notify registered enterprise clients and contributors by email where required by applicable law; and (iii) where changes affect the processing of Biometric Data or Voice Clone Data, obtain fresh consent from contributors where required under BIPA or the DPDP Act 2023.

16. CONTACT US

Company: Billion Point Private Limited

CIN: U62011KA2026PTC213855

Email: data@ampllab.com

Registered Address: Flat No. 201, Ambalipura Residency, Sarjapur Road, HSR Layout, Bangalore South, Bengaluru, Karnataka – 560102, India

AmplLab Website: www.ampllab.com

Prosodiq Website: www.prosodiq.com

End of Privacy Policy

Billion Point Private Limited | data@ampllab.com