Last updated: July 9, 2026
At Embedy, we are deeply committed to protecting the privacy and security of our users' data. This page outlines our commitment to the General Data Protection Regulation (GDPR) and how we ensure compliance.
We only collect the minimum amount of personal data necessary to provide our service. When you create an account, we store your name and email address. The Google Reviews displayed via our widgets are public data fetched from the Google API.
Because Embedy is a self-hosted solution, the primary data controller and processor is the administrator of the server where Embedy is installed. We design our software to empower you to be GDPR compliant by keeping all data local to your server.
If you are a resident of the European Economic Area (EEA), you have the following data protection rights:
Embedy does not sell, rent, or share your personal data with third-party advertisers. We use the Google Places API strictly for fetching business reviews, which is subject to Google's own Privacy Policy and Terms of Service.
We implement robust security measures, including password hashing (bcrypt), prepared SQL statements to prevent injections, and strict session management to protect your data against unauthorized access, alteration, or destruction.
If you have any questions about our GDPR compliance, the data we hold on you, or if you would like to exercise one of your data protection rights, please do not hesitate to contact us at [email protected].