Privacy Policy

Last updated: April 2026

1. Data Controller

ABY Platform ("ABY," "we," "us") is the data controller responsible for your personal data. If you have questions about how your data is handled, contact us at privacy@abyplatform.com.

2. Information We Collect

We collect the following categories of personal data:

  • Contact information name, email address, company name, and message content when you use our contact form.
  • Account data email, name, and role when you create an account on our platform.
  • Usage data anonymized analytics collected through privacy-focused web analytics (no cookies, no personally identifiable information tracked).
  • Device and log data IP address, browser type, and access timestamps collected automatically when you visit our website or use the platform.

3. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract performance to provide and operate the Service you have signed up for.
  • Consent when you voluntarily submit information via our contact form or opt into communications. You may withdraw consent at any time.
  • Legitimate interest to improve our platform, ensure security, and communicate relevant service updates.
  • Legal obligation to comply with applicable laws, regulations, or legal processes.

4. How We Use Your Information

We use your information to respond to inquiries, provide and operate our services, improve our platform, ensure security, and send relevant communications about ABY. We will never sell your personal information to third parties.

5. Data Sharing

We may share data with trusted service providers who help us operate our platform (e.g., cloud hosting, email delivery). These providers are contractually bound to protect your data and may only process it on our behalf.

We do not sell, rent, or trade your personal information. We may disclose data if required by law, regulation, or valid legal process.

6. International Data Transfers

Our infrastructure is hosted in the United States. If you are located outside the United States (including the European Economic Area), your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable, to protect your data in accordance with GDPR requirements.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy. Contact form submissions are retained for up to 24 months. Account data is retained for the duration of your subscription and for 30 days after account closure. Anonymized analytics data may be retained indefinitely. You may request earlier deletion at any time.

8. Data Security

All data is encrypted in transit (TLS) and at rest. Our infrastructure is hosted on enterprise-grade cloud services with industry-standard security controls. We are pursuing SOC 2 Type II compliance. While no system is 100% secure, we take commercially reasonable measures to protect your data.

9. Cookies

Our marketing website does not use cookies. Our web analytics service is privacy-friendly and does not require cookie consent. The ABY application may use strictly necessary session cookies for authentication — these do not track you across websites.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access request a copy of the personal data we hold about you.
  • Rectification request correction of inaccurate or incomplete data.
  • Erasure request deletion of your personal data ("right to be forgotten").
  • Data portability request your data in a structured, machine-readable format.
  • Restrict processing request that we limit how we use your data.
  • Object to processing object to processing based on legitimate interest.
  • Withdraw consent withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@abyplatform.com. We will respond within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

12. Children's Privacy

Our Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

13. Supervisory Authority

If you are located in the European Economic Area and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

14. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact Us

If you have questions about this privacy policy, please email us at privacy@abyplatform.com.