Skip to main content

Privacy Policy

Last updated: April 6, 2026

1. Introduction

Feedback Guardian ("we," "us," or "our") is committed to protecting the privacy of our users and the individuals who provide feedback through our platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data.

This policy applies to our website, dashboard, API, public feedback forms, and any related services (collectively, "the Service").

2. Information We Collect

2.1 Account Information (Business Users)

When you create a Feedback Guardian account, we collect your email address, password (stored as a secure hash — we never store plaintext passwords), company name, and billing information (processed and stored by Stripe; we do not store full credit card numbers).

2.2 Feedback Data (End Users)

When someone submits feedback through a Feedback Guardian form, we collect the rating selected (a value from 1 to 5), an optional text comment, the timestamp of submission, and the feedback instance identifier (which feedback point the feedback relates to). We do not require or collect names, email addresses, phone numbers, or any personally identifiable information from feedback respondents. Feedback forms are fully anonymous by default.

2.3 Usage Data

We automatically collect standard server log data when you use the Service, which may include IP addresses, browser type and version, pages visited, and date and time of access. This data is used for security monitoring, performance optimization, and debugging.

When QR code scan tracking is active, we record an anonymous hashed fingerprint derived from the visitor's IP address and browser information, along with a timestamp, to count unique visitors. No personal information, IP addresses, or device identifiers are stored. This data is used solely to display scan counts and conversion rates to business account holders.

2.4 Uploaded Content

Business users on eligible plans may upload brand logos to customize their feedback forms. These files are stored in secure cloud storage and displayed only on the user's feedback forms, QR code PDFs, and email templates.

3. How We Use Your Information

We use the information we collect to provide, operate, and maintain the Service, process subscriptions and payments, send transactional emails (welcome emails, alert notifications, payment confirmations, password reset links), display analytics and reports to account holders, enforce plan limits and feature access, improve the Service's performance and reliability, and comply with legal obligations.

We do not sell your data. We do not use feedback data for advertising. We do not use Customer Data to train machine learning models.

4. Third-Party Services

We use the following third-party services to operate Feedback Guardian:

Supabase — Database hosting, user authentication, and file storage. Data is stored in secure PostgreSQL databases with row-level security. Supabase Privacy Policy

Stripe — Payment processing. Stripe handles all credit card data directly and is PCI-DSS Level 1 certified. We never receive or store full card numbers. Stripe Privacy Policy

Resend — Transactional email delivery. Used to send alert notifications, welcome emails, and account-related communications. Resend Privacy Policy

We do not share Customer Data with any other third parties except as required by law.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for database storage
  • Row-level security (RLS) policies ensuring users can only access their own organization's data
  • Secure password hashing (bcrypt) for all stored credentials
  • JWT-based session management with expiring tokens
  • Webhook signature verification for payment processing
  • Service role separation between public and administrative database access

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

Active accounts: We retain your data for as long as your account is active and you maintain a valid subscription.

Canceled accounts: After cancellation, we retain your data for 30 days to allow reactivation. After this period, Customer Data may be permanently deleted.

Feedback data: Feedback responses are retained for the lifetime of the associated feedback instance. Account administrators can export data in CSV format at any time and may request deletion of specific feedback data.

Server logs: Standard access logs are retained for up to 90 days for security and debugging purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data ("right to be forgotten")
  • Data portability — Request your data in a machine-readable format (CSV export is available in-app)
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing of your data for certain purposes

To exercise any of these rights, contact us at support@feedbackguardian.com. We will respond to requests within 30 days.

8. Cookies and Tracking

Feedback Guardian uses essential cookies for authentication and session management. We do not use third-party advertising cookies, tracking pixels, or analytics services that profile users across websites. Public feedback forms do not set any cookies on respondents' devices.

9. Children's Privacy

The Feedback Guardian dashboard and account management are intended for users aged 18 and over. We do not knowingly collect account information from children. If feedback forms are deployed in locations where minors may respond, the business deploying the form is responsible for compliance with applicable children's privacy laws (such as COPPA). Since our feedback forms do not collect personally identifiable information, anonymous ratings and comments from minors do not typically trigger these requirements.

10. International Data Transfers

Customer Data is stored and processed in the United States. If you are accessing the Service from outside the United States, you consent to the transfer of your data to the US. We rely on standard contractual clauses and our third-party providers' compliance frameworks for lawful international data transfers.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

12. European Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal basis for processing your data is the performance of a contract (providing the Service you signed up for) and our legitimate interests in operating and improving the Service. You have additional rights under the GDPR as described in Section 7 above. Our data protection contact is reachable at support@feedbackguardian.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through an in-app announcement at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@feedbackguardian.com.