Privacy Policy
Last updated · 2026-05-19
This policy describes what data Ambasada collects about you, why, and what your rights are. We try to be plain about it.
What we collect
We collect only what you give us directly:
- Membership applications at /get-started: your name, email, phone (optional), role, company, what you’re building, motivation, and any links you share. Stored in our database.
- Contact form at /contact: your name, email, subject and message.
- Member account & profile: when you sign in to the member area we keep an account tied to your email, plus the profile you give us (the application above, anything you edit later, and an optional photo).
- Membership activity: a digital membership card (Apple/Google Wallet) issued for you, your points, tier and badges, event check-ins and RSVPs, and partner-perk redemptions. We use this to run the loyalty programme and see who attends.
- Newsletter signups: your email address.
- Technical metadata: a hashed IP address and your browser’s user-agent, used only to prevent spam and abuse.
We do notuse third-party tracking pixels, advertising cookies, or cross-site analytics. If you visit but don’t submit anything, we have nothing about you beyond standard server logs.
Why we collect it
- To review your application and respond to your message.
- To run your membership: issue your card, track points and attendance, and apply partner perks.
- To send you the newsletter you signed up for.
- To protect the site from spam and abuse.
Who sees it
The data lives in a Supabase project we own and operate, hosted in the EU. Only the Ambasada team (currently three people) has access.
Sub-processors
- Supabase - database & file storage (EU region).
- Vercel - site hosting.
- Resend - email delivery for transactional notifications and the newsletter. Mail is sent from Resend's EU (Ireland) region; account logs and analytics are stored in the US under standard contractual clauses.
- Ambasada Wallets API - our own service that issues and updates your Apple/Google Wallet membership card; in turn it relays card updates to Apple and Google push services.
- Luma - event ticketing, only if you RSVP to one of our events.
How long we keep it
- Applications & contact messages: 24 months, then deleted.
- Member accounts & activity: while your membership is active and for 24 months after it ends, then deleted or anonymised. Ask us any time to delete it sooner.
- Newsletter subscribers: until you unsubscribe.
Your rights
Under GDPR you can:
- Ask us what data we hold about you.
- Ask us to correct or delete it.
- Ask us to export it.
- Withdraw consent at any time.
Email [email protected]with subject “privacy”. We respond within 30 days, usually faster.
Cookies
We use a single essential cookie to keep you signed in (members and admins). We don’t use marketing or analytics cookies on this site.
Changes
If this policy changes materially, we’ll update the date above and notify newsletter subscribers.