Embedy
← Back to Home

GDPR Compliance

Last updated: July 9, 2026

At Embedy, we are deeply committed to protecting the privacy and security of our users' data. This page outlines our commitment to the General Data Protection Regulation (GDPR) and how we ensure compliance.

1. Data Minimization

We only collect the minimum amount of personal data necessary to provide our service. When you create an account, we store your name and email address. The Google Reviews displayed via our widgets are public data fetched from the Google API.

2. Data Processing and Storage

Because Embedy is a self-hosted solution, the primary data controller and processor is the administrator of the server where Embedy is installed. We design our software to empower you to be GDPR compliant by keeping all data local to your server.

3. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions. You can delete your account and all associated data directly from your dashboard.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you.

4. Third-Party Services

Embedy does not sell, rent, or share your personal data with third-party advertisers. We use the Google Places API strictly for fetching business reviews, which is subject to Google's own Privacy Policy and Terms of Service.

5. Security Measures

We implement robust security measures, including password hashing (bcrypt), prepared SQL statements to prevent injections, and strict session management to protect your data against unauthorized access, alteration, or destruction.

6. Contact the Data Protection Officer

If you have any questions about our GDPR compliance, the data we hold on you, or if you would like to exercise one of your data protection rights, please do not hesitate to contact us at [email protected].