Last updated: 24 May 2026
Overview
Amby (“we”, “us”) operates a marketplace for discovering event services and sending non-binding booking inquiries in Poland. This policy describes what personal data we process, why, and what choices you have.
By using Amby you acknowledge this policy. If you do not agree, please do not use the service.
Data controller
The data controller for personal data processed through Amby is the operator of the Amby platform. For privacy requests, contact us at amby.spaces@gmail.com.
Data we collect
Account data: email, name, phone (optional), password hash, provider settings, and verification timestamps when you confirm contact details.
Inquiry and messaging data: event dates, messages, price offers, and status of inquiries between customers and providers.
Listing data: service descriptions, prices, addresses, and images you submit as a provider.
Technical data: session identifiers (cookie evb_uid), server logs, and basic usage needed to operate and secure the service.
If you sign in with a third-party provider (e.g. Google), we receive profile information allowed by that provider according to your consent there.
How we use data
To create and secure your account, authenticate sessions, and let you switch between customer and provider workspaces.
To route inquiries, show calendars and availability, and display conversation history to the parties involved.
To moderate listings, verify provider identity when required, and prevent abuse.
To send optional verification codes (email/SMS) when configured, and inquiry notifications.
To comply with law, enforce our Terms, and improve reliability of the platform.
Legal bases (EEA users)
We process data on the basis of contract performance (providing the service you request), legitimate interests (security, fraud prevention, improving the platform), and consent where required (e.g. optional marketing if we introduce it). You may withdraw consent without affecting prior processing.
Where we rely on legitimate interests, you may object as described under Your rights.
Sharing
Inquiry content is visible to the customer and the provider (and their organization) involved in that inquiry. Public listings are visible to anyone browsing the catalog.
We use infrastructure providers (hosting, database, email/SMS delivery) who process data on our instructions. We do not sell your personal data.
We may disclose data if required by law or to protect rights, safety, and integrity of users and the service.
Retention
We keep account data while your account is active. When you delete your account, we scrub personal identifiers from your profile, end sessions, and remove or deactivate listings as described on our Data deletion page.
Inquiry records may be kept for a limited time after account closure so the other party can reference past conversations; inactive inquiries may be removed automatically according to our retention rules.
Server logs and backups are kept only as long as needed for operations and security.
Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, and to lodge a complaint with a supervisory authority.
You can delete your account in Account settings or follow the steps on our Data deletion page. For other requests, email amby.spaces@gmail.com from the address linked to your account.
Security
We use technical and organizational measures appropriate to the risk, including encrypted transport (HTTPS), hashed passwords, and access controls on production systems. No method of transmission or storage is 100% secure.
Children
Amby is not directed at children under 16. We do not knowingly collect data from children. Contact us if you believe a child has provided personal data.
Changes
We may update this policy. We will post the new version on this page with an updated date. Continued use after changes means you accept the revised policy.
Contact
Questions about privacy: amby.spaces@gmail.com