Last updated: April 25, 2026
At Space Ads, we take your privacy seriously. This policy outlines how we collect, use, and protect your personal information in compliance with GDPR, CCPA/CPRA, and applicable data protection laws.
If you are a California or US resident, you have specific privacy rights under state law. Please see the US Privacy Rights and California-Specific Rights sections below.
Do Not Sell or Share: We do not sell your personal information for money. However, we share data with advertising partners (Google, Meta) for targeted advertising. You can opt out via our Cookie Preferences.
Section 1
Your personal data is processed by Space Ads spółka z o. o. with its registered office in Warsaw (address: ul. Plac Bankowy 2, 00-095 Warsaw, Poland; registration: District Court for the capital city of Warsaw in Warsaw, company/reg. no.: 1011955; tax ID number: PL 5252938464; share capital: PLN 10 000; the "Controller") in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; the "GDPR") and with other applicable data protection laws.
Section 2
The Controller has not appointed a data protection officer; You, as the Data Subject, may contact the Controller in matters relating to the processing of your Personal Data and in order to exercise the rights provided for in the GDPR or other applicable provisions of the law on the protection of personal data at the following e-mail address: partners@spaceads.agency (the "Point of Contact").
Section 3 - Data We Collect
The processing carried out by the Controller may involve certain data, the provision of which is necessary for:
communication by way of a contact form (processed via our secure API hosted on Vercel Serverless Functions; data includes: first and last name, e-mail address, company name, website URL, message content);
scheduling consultation meetings via our self-hosted booking system (name, email address, optionally website URL and message, time zone — selected automatically). The booking system runs on Vercel (USA) and Neon (USA) infrastructure; data is processed in accordance with this Privacy Policy. Meetings take place via Google Meet (Google Workspace);
preparation and conclusion of an agreement for consultations, audits or other services provided by the Controller (first and last name, physical and email address, telephone number, tax ID number, company information);
analytics and website usage via Google Analytics 4 and Microsoft Clarity (IP address, browser type, device information, pages visited, time spent on pages, referring website, session recordings, heatmap data);
targeted advertising (cookie identifiers, ad interaction data, conversion data).
as well as other information relating to You as an identified or identifiable natural person ("Personal Data") that you decide to disclose, transfer or otherwise freely and knowingly make available to the Controller.
Section 4 - Legal Basis
As a general rule, your Personal Data will be processed on the basis of consent (Article 6.1.a GDPR), contract (Article 6.1.b GDPR), legal obligation (Article 6.1.c GDPR), or legitimate interests (Article 6.1.f GDPR).
Section 5 - Consent
If the legal basis for processing is consent (Article 6.1.a of the GDPR), the Controller will ensure that Your consent to processing is freely given, specific, informed, and unambiguous. You have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Section 6 - Contract & Legal Obligations
If the legal basis for processing is a contract (Article 6.1.b of the GDPR), the Controller will process your Personal Data to the extent necessary for the performance of a contract to which You are a party, or in order to take steps at Your request prior to entering into a contract. The processing of your Personal Data may also take place in order to comply with legal obligations incumbent on the Controller, resulting in particular from tax and accounting regulations (Article 6.1.c of the GDPR).
Section 7 - Legitimate Interests
The Controller may process your Personal Data for the purpose of direct marketing, fraud prevention, system security, and defense against possible claims (Article 6.1.f of the GDPR). Our legitimate interests include maintaining the security and integrity of our systems and improving our services.
Section 8
The Controller may use external service providers and their resources to conduct activities that involve your Personal Data. Your Personal Data may be disclosed to:
Hosting & Infrastructure
Vercel Inc. (AWS edge network), Neon Inc. (PostgreSQL)
Analytics
Google Analytics 4, Microsoft Clarity
Advertising Platforms
Google Ads, Meta (Facebook) Ads
Scheduling, Newsletter, Lead Magnets
Self-hosted forms platform (forms.spaceads.agency · Vercel + Neon), Google Meet (Google Workspace), Amazon SES (email delivery)
Newsletter — Combined Marketing Consent
Newsletter delivery, welcome sequences, lead magnets, and event reminders are covered by a single marketing consent (GDPR art. 6(1)(a) + equivalent EU/PL provisions). Consents are versioned (consent_text_version) for accountability.
Section 9
The above-mentioned recipients represent the current service providers with whom the Controller shares Personal Data. The Controller will provide the most up-to-date list of recipients at your request, submitted by e-mail to the Point of Contact.
Section 10
Your Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, through our use of service providers such as Vercel Inc., Google (Analytics, Ads, Calendar), Meta, and Microsoft (Clarity). The rest of the infrastructure processing your data is hosted within the EEA: our database in Neon (Frankfurt, Germany, eu-central-1) and outbound email in Amazon SES (Dublin, Ireland, eu-west-1).
These transfers are protected by appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission;
EU-U.S. Data Privacy Framework certification (where applicable);
Other appropriate safeguards as required by applicable data protection laws.
You may obtain a copy of the safeguards in place by contacting us at partners@spaceads.agency.
Section 11
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods include:
Contact Form Submissions
2 years or until the inquiry is resolved, whichever is longer
Client Contracts & Service Data
5 years after contract termination (for tax and legal compliance purposes)
Analytics & Marketing Data
Up to 24 months (as set in Google Analytics 4 and advertising platforms)
Cookie Consent Records
Up to 12 months, then re-requested
After the retention period expires, we will securely delete or anonymize your Personal Data, unless a longer retention period is required or permitted by law.
Section 12
If you are located in the EU/EEA, you have the following rights under the GDPR:
Right of Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate data
Right to Erasure
Request deletion of your data
Right to Data Portability
Receive data in portable format
Right to Restriction
Limit how we process your data
Right to Object
Object to certain processing
Section 13 - Response Time
The Controller will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
Section 14 - How to Exercise Your Rights
To exercise any of these rights, please contact us at partners@spaceads.agency.
Section 15 - Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, work, or where an alleged infringement of the GDPR occurred. In Poland, the supervisory authority is the President of the Personal Data Protection Office (UODO).
Section 16
If you are a resident of certain U.S. states (including Virginia, Colorado, Connecticut, Utah, and Montana), you may have additional privacy rights under state law, including:
Right to confirm whether we process your personal data and access that data
Right to correct inaccuracies in your personal data
Right to delete your personal data
Right to obtain a copy of your personal data in a portable format
Right to opt out of targeted advertising, sale of personal data, and profiling
Section 17 - Exercising Your Rights
To exercise these rights, please email partners@spaceads.agency. We will respond within 45 days of receipt of your request. You may appeal our decision by contacting us at the same email address.
Section 18 - Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights under state law.
Section 19 - Your California Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know
Request disclosure of personal data collected, used, disclosed, or sold
Right to Delete
Request deletion of personal data
Right to Correct
Request correction of inaccurate personal data
Right to Portability
Receive a copy of your data in portable format
Right to Opt-Out
Opt out of sale/sharing of personal data
Right to Limit
Limit use of sensitive personal data
Section 20 - Categories of Personal Information
We collect and process the following categories of personal information:
• Identifiers: Name, email address, IP address, cookie identifiers
• Commercial Information: Products/services purchased or considered
• Internet Activity: Browsing history, search history, interaction with our website
• Professional Information: Company name, job title, business contact information
Section 21 - Sale and Sharing of Personal Information
We do not sell your personal information for monetary consideration. However, we do "share" personal information with advertising partners (Google, Meta) for cross-context behavioral advertising, which may be considered a "sale" under California law.
Categories shared: Identifiers (cookie IDs, IP addresses), Internet Activity (browsing behavior, ad interactions)
Section 22 - How to Opt-Out of Sale/Sharing
To opt out of the sharing of your personal information for targeted advertising purposes, you can:
• Use our Cookie Preferences tool (available in the footer)
• Disable analytics and advertising cookies in the cookie banner
• Email us at partners@spaceads.agency
Section 23 - Response Time & Verification
We will respond to your request within 45 days. We may request information to verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf by providing written authorization.
Section 24 - Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge different prices, provide a different level of service, or suggest you will receive a different price or level of service.
Section 25 - California Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.
Section 26
We implement appropriate technical and organizational security measures to protect your Personal Data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
Encryption
Data encryption in transit (SSL/TLS) and at rest
Access Controls
Strict authentication and authorization mechanisms
Secure Infrastructure
Enterprise-grade hosting with Vercel Edge Network
Regular Monitoring
Continuous security monitoring and audits
Section 27 - Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by law. Notification will be provided via email and/or a prominent notice on our website.
Section 33
Our services are intended for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.
If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete such information as soon as possible. If you believe we have collected information from a child under 18, please contact us at partners@spaceads.agency.
Section 34
We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. However, our advertising partners (Google, Meta) may use automated systems for ad targeting and optimization on their platforms, subject to their own privacy policies.
Section 35
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this policy indicates when it was last revised. If we make material changes that significantly affect how we process your personal data, we will notify you by posting a prominent notice on our website or by sending you an email (if we have your email address). We encourage you to review this policy periodically.
If you have any questions about this Privacy Policy, how we handle your personal data, or wish to exercise your privacy rights, please don't hesitate to contact us.
We use cookies to enhance your experience, analyze site traffic, and for marketing purposes. Space Ads does not collect PII or sensitive data. Choose your preferences below. Learn more