Privacy policy

Should I worry about anything?

Here are some things you should be aware of as a Feedleback customer:

  • IP address logging is disabled on the servers we use. When someone visits your site or submits feedback, we do not store their IP address in our databases or logs. We do not log or store our customers' IP addresses either.

With that out of the way, there are two pieces of data that Feedleback collects that might contain personally identifiable information (PII) or sensitive information:

  • When someone submits feedback, they can leave a comment. We have no control over what people write, so the comments might contain PII or even sensitive information. Read Deletion of data for how you can get rid of it.
  • Feedleback stores the URL where people submit feedback. This includes everything from the protocol (that's the "https" in the URL) to the fragment (that's the # part at the end). If your site's URLs contain PII or sensitive information, that will be sent to Feedleback if someone submits feedback. In a future update, you'll be able to override the URL if this is a concern to you.

Finally, you should be aware of how our Google Tag Manager integration works:

  • Feedleback has an optional Google Tag Manager (GTM) integration that can be used to send data to Google Analytics or other services. By our design, the data available to GTM via the Data Layer does not include the comment, only the yes/no vote and the URL where the feedback was left.

Data retention

Here's what we store about people who sign up for Feedleback (that's probably you):

  • Your e-mail address
  • The date and time your account was created
  • The sites you have access to in Feedleback

Here's what we store about people who submit feedback:

  • Whether they voted yes or no
  • The comment they wrote
  • The URL where they submitted feedback
  • The date and time when the feedback was submitted

We do not store IP addresses anywhere.

Deletion of data

If you delete feedback, we flag it as deleted, and delete it permanently from our databases after one day.

Sites that you flag as deleted are also deleted permanently after one day, along with any feedback associated with that site.

If you delete your account, we flag it as deleted, along with any sites (and associated feedback) and delete it permanently after one day.

Note: If you delete your account, and your sites have multiple users, those sites are not deleted. In this case you have two options:

  1. First, delete each site. They will be flagged as deleted and deleted permanently after one day.
  2. Or, remove all other users than yourself from your sites. Then delete your account.

Our servers are backed up. If you delete something, a copy may still exist in our backups. The backups are at most 12 weeks old.

Auto-deleting comments

In your site's settings, you can specify if you want to delete comments after a specified amount of days. If you enable this setting, Feedleback will permanently delete the comment (while leaving the yes/no vote and the URL intact) after it expires.

Cookies

Our cookie policy is split into two parts:

  1. First, we explain how cookies are used on feedleback.com
  2. Secondly, we explain how we don't use cookies when you implement the feedback form script on your site

Cookies on feedleback.com

We do not have any tracking scripts (Google Analytics, Facebook Pixel, etc) on feedleback.com. The cookies we use are for security and your convience (like not having to log in every time you load a page):

XSRF-TOKEN
Protects against Cross-Site Request Forgery. It's kind of like a secret password we give you, and every time you submit a form on you have to tell us what the password is. The secret password changes all the time, but because it's in a cookie you don't have to worry about it.
feedleback_session
Remembers who you are after you log in.
remember_web_XXX
Used to keep track of how long your login should last before you have to login again.

Cookies on our customers' domains

If you implement the feedback form script on your site, your users will not get any extra cookies. Not when the script is loaded, and not when your users submit feedback.

In more technical terms, the feedback form script is loaded from a cookieless domain (Amazon CloudFront), and the script itself does not set any cookies when it runs.


Updated