Privacy Policy
Last updated: April 26, 2026
1. GENERAL PROVISIONS
1.1. We respect your privacy and are committed to protecting your personal information. This Privacy Policy provides you with information about how we process your personal information. You will also learn about your rights and how applicable laws protect you and your personal information. Please read this Privacy Policy carefully before using our Services.
1.2. The controller of your personal data is Bridges Business Club Sp. z o.o., a company incorporated under the laws of Poland, with its registered office at Al. Tadeusza Rejtana 53A/203, 35-326 Rzeszów, Poland, registered in the Polish Court Register (Krajowy Rejestr Sądowy / KRS) under number 0001027243, represented by President Oleksandr Mahun (hereinafter — the "Company").
1.3. For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at: office@bridges.community
1.4. This Privacy Policy (hereinafter — the "Policy") sets out the procedure for collecting, storing, processing, using and disclosing the User's personal data when using the Mobile Application "Bridges: let's build together" and the related website https://www.bridges.community.
1.5. By registering in the Mobile Application, the User confirms that they have read and accepted this Policy. Use of the Mobile Application without acceptance of this Policy is not possible.
1.6. The Company may amend this Policy from time to time. The current version is always published in the Mobile Application and at https://www.bridges.community/general-5-2. Material changes will be communicated to Users in advance through the Mobile Application or by email. Continued use of the Mobile Application after the changes take effect constitutes acceptance of the updated Policy.
1.7. Definitions used in this Policy:
- Company / Controller — Bridges Business Club Sp. z o.o.
- Mobile Application — the application "Bridges: let's build together" available for download in Apple App Store (for iOS devices) and Google Play Store (for Android devices).
- User — any adult, legally capable individual who has registered in the Mobile Application.
- Personal data — any information relating to an identified or identifiable natural person, as defined in Article 4(1) of the GDPR.
- GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).
- CCPA/CPRA — California Consumer Privacy Act, as amended by the California Privacy Rights Act.
2. WHAT PERSONAL DATA WE COLLECT
2.1. Data you provide during registration (only email is mandatory):
- Email address (required)
- First and last name
- Date of birth
- Phone number
- Profile photo
- Company logo and company address (without geolocation)
- Any other information you voluntarily provide in your profile or company page
2.2. Data we collect automatically when you use the Mobile Application:
- Device information: operating system version, device brand and model, unique device identifiers, mobile network name, language settings, browser type and version, available video and audio formats
- Login data: IP address, time zone, date of registration, date of last password change, date of last successful login
- Usage data: actions performed within the Mobile Application, features used, errors encountered
2.3. Communications data. When you use the chat function in the Mobile Application, the content of your messages is stored on our servers and is technically accessible to the Company. We are working on introducing end-to-end encrypted (E2EE) chats, which, once released, will not be technically accessible to the Company. Until E2EE chats become generally available, please be aware that chat content may be reviewed in limited circumstances (see Section 4).
2.4. Special categories of data. We do not intentionally process special categories of personal data within the meaning of Article 9 GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). If you choose to upload such data voluntarily (e.g. in chat or profile), you do so at your own risk and provide explicit consent for its processing within the Mobile Application.
3. PURPOSES AND LEGAL BASES OF PROCESSING
3.1. We process your personal data for the following purposes and on the following legal bases (Article 6(1) GDPR):
(1) To provide you with access to the Mobile Application and its features (registration, authentication, profiles, chats, business requests, library) — Performance of a contract (Art. 6(1)(b) GDPR)
(2) To verify your identity and confirm the accuracy of provided data — Performance of a contract (Art. 6(1)(b) GDPR)
(3) To provide customer and technical support — Performance of a contract (Art. 6(1)(b) GDPR)
(4) To analyze usage, detect bugs, and improve the Mobile Application — Legitimate interest (Art. 6(1)(f) GDPR)
(5) To prevent fraud, abuse, spam, and security incidents — Legitimate interest (Art. 6(1)(f) GDPR)
(6) To comply with legal obligations (tax, accounting, responses to lawful requests from authorities) — Legal obligation (Art. 6(1)(c) GDPR)
(7) To establish, exercise, or defend legal claims — Legitimate interest (Art. 6(1)(f) GDPR)
3.2. We do not currently send marketing communications. If we decide to do so in the future, we will request your explicit prior consent (opt-in), and you will be able to withdraw it at any time.
3.3. No automated decision-making with legal effect. Although we use automated tools to detect spam and fraud (which may result in temporary account restrictions), any decision that significantly affects you (e.g. permanent account closure) is reviewed by a human member of our team.
4. PROCESSING TO ENSURE THE SECURITY OF THE SERVICE
4.1. We use device identifiers, login data, and IP addresses to administer and protect the Mobile Application — including diagnostics, testing, fraud prevention, IT systems maintenance, and incident response.
4.2. Chat content review. Chats in the Mobile Application are not currently end-to-end encrypted (see Section 2.3). To prevent abuse, spam, and offensive content, automated systems may scan chat content. Manual review of chat content by our security team occurs only in limited circumstances — for example, when there is a reasonable suspicion of a serious violation of law or these terms, or in response to a lawful request from authorities. Access is restricted to a minimum number of authorized personnel.
4.3. Fraud detection. We use automated algorithms to identify suspicious activity (e.g. mass account creation, spam patterns). Accounts flagged with high confidence may be temporarily blocked pending human review. If you believe your account was blocked unfairly, please contact us at office@bridges.community.
5. WHO WE SHARE YOUR DATA WITH
5.1. We do NOT sell your personal data and do not share it with third parties for their own marketing purposes.
5.2. We share your personal data only with the following categories of recipients:
- Service providers (data processors) acting on our behalf under written contracts that comply with Article 28 GDPR, including providers of cloud hosting, chat infrastructure, email and notification delivery, analytics, and error-monitoring services
- Authorities and law enforcement, when required by applicable law or in response to a valid legal request
- Legal, accounting, and audit advisors bound by professional confidentiality
- Acquirers or successors in case of a merger, acquisition, or reorganization (with prior notice to Users)
5.3. A current list of our key sub-processors is available upon request at office@bridges.community.
5.4. International data transfers. In some cases, your personal data may be processed by service providers based in countries outside the European Economic Area. We work only with providers who offer adequate data protection guarantees consistent with GDPR requirements.
6. DATA RETENTION
6.1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account data — for the entire duration of your registration in the Mobile Application
- After you request account deletion — your personal data is deleted within 7 (seven) days. The 7-day period reflects the time needed to remove data from daily backups
- Anti-fraud and security logs — up to 30 days after account deletion
- Data retained for legal obligations (e.g. tax, accounting, claims) — for the period required by applicable law (typically up to 5 years for accounting documents under Polish law)
- Anonymized statistical data — may be retained indefinitely as it no longer identifies you
6.2. After the retention periods expire, your personal data is permanently and irreversibly deleted.
7. YOUR RIGHTS UNDER GDPR
7.1. As a data subject, you have the following rights:
- Right of access (Art. 15 GDPR) — to obtain confirmation of whether we process your data and to receive a copy
- Right to rectification (Art. 16) — to have inaccurate data corrected
- Right to erasure / "right to be forgotten" (Art. 17) — to request deletion of your data
- Right to restriction of processing (Art. 18) — to limit how we use your data in certain situations
- Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format
- Right to object (Art. 21) — to object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) — at any time, where processing is based on consent
- Right to lodge a complaint with a supervisory authority — in Poland: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw, www.uodo.gov.pl. You may also contact your local supervisory authority in your EU country of residence.
7.2. How to exercise your rights. You can:
- Use the "Delete Account" option within the Mobile Application to immediately initiate account deletion, OR
- Send a request to office@bridges.community
We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, with prior notice.
8. RIGHTS OF CALIFORNIA RESIDENTS (CCPA / CPRA)
8.1. If you are a California resident, in addition to GDPR rights (where applicable), you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to know what personal information we collect, use, and disclose
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information — note: we do not sell or share personal information as defined under CCPA/CPRA
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising your privacy rights
8.2. To exercise these rights, contact us at office@bridges.community. We will verify your identity before processing your request.
9. COOKIES AND SIMILAR TECHNOLOGIES
9.1. The Mobile Application itself does not use browser cookies. However, our website at https://www.bridges.community uses cookies to:
- Manage user sessions
- Remember language and display preferences
- Conduct anonymized analytics
9.2. You can disable cookies in your browser settings. Disabling essential cookies may affect website functionality.
9.3. The Mobile Application may use similar device-level technologies (e.g. local storage, device identifiers) for authentication and session management. These do not collect data for advertising purposes.
10. DATA SECURITY
10.1. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, or disclosure, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data at rest where technically feasible
- Access controls and authentication for our staff
- Regular security audits and monitoring
- Incident response procedures
10.2. Account security is shared responsibility. You are responsible for keeping your login credentials confidential. Notify us immediately at office@bridges.community if you suspect unauthorized access to your account.
10.3. Data breach notification. In case of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority in accordance with Articles 33–34 GDPR.
11. CHILDREN'S PRIVACY
11.1. The Mobile Application is intended for adults (18+) only. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a minor without verified parental consent, we will delete it without undue delay.
12. CHANGES TO THIS POLICY
12.1. We may update this Privacy Policy from time to time. Material changes will be communicated through the Mobile Application or by email at least 14 days before they take effect. The "Last updated" date at the top of this Policy indicates when it was most recently revised.
13. GOVERNING LAW AND DISPUTE RESOLUTION
13.1. This Privacy Policy is governed by the laws of the Republic of Poland and the General Data Protection Regulation (EU) 2016/679.
13.2. Any disputes arising from this Privacy Policy shall be resolved by the courts competent for the registered office of the Company in Rzeszów, Poland.
13.3. Nothing in this section limits the rights of EU consumers to bring proceedings before the courts of their country of residence, or to lodge a complaint with their local data protection supervisory authority, where such rights are guaranteed by mandatory law.
14. CONTACT
For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data:
Bridges Business Club Sp. z o.o.
Al. Tadeusza Rejtana 53A/203
35-326 Rzeszów, Poland
Email: office@bridges.community
This Privacy Policy applies to the User from the moment of registration in the "Bridges: let's build together" Mobile Application and remains valid for as long as we hold any personal data about the User.