Privacy Policy

Last Updated: February 4, 2026
Effective Date: February 4, 2026

1. Introduction

SimpleFeedback ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Email address
• Password (encrypted)
• Name (optional)
• Profile information

Survey Content:

• Survey questions and configurations
• Survey responses submitted by respondents
• Comments and feedback text
• Custom branding settings

Payment Information:

• We do not store credit card numbers
• Payment processing is handled by Stripe
• Billing address and tax information

2.2 Information Collected Automatically

Usage Data:

• IP address (for rate limiting and security)
• Browser type and version
• Operating system
• Device information
• Pages visited and features used
• Time spent on the Service
• Referrer URLs

Survey Response Data:

• Ratings (1-5 stars)
• Comments and text responses
• Country code (derived from IP for analytics)
• Timestamp of submission
• Session identifiers (for deduplication)

2.3 Information from Third Parties

Authentication: We use Supabase Auth for user authentication.

Payment Processing: Stripe collects payment-related information as described in their privacy policy.

3. How We Use Your Information

3.1 To Provide and Maintain the Service

• Create and manage your account
• Host and display your surveys
• Process and store survey responses
• Generate analytics and reports
• Send transactional emails (account notifications, password resets)

3.2 To Improve the Service

• Analyze usage patterns
• Identify and fix bugs
• Develop new features
• Conduct research and analytics
• Monitor service performance

3.3 For Billing and Administration

• Process payments
• Manage subscriptions
• Send billing notifications
• Handle account-related inquiries
• Enforce our Terms of Service

3.4 For Security and Compliance

• Detect and prevent fraud
• Protect against abuse
• Comply with legal obligations
• Enforce our policies

4. Data Storage and Security

4.1 Data Storage

We use Supabase to store your data. Data is stored in secure data centers with industry-standard protections.

• Primary data storage: United States
• Backup storage: United States
• CDN edge locations: Global

4.2 Security Measures

We implement appropriate technical and organizational measures:

• Encryption in transit: TLS 1.2+ for all data transmission
• Encryption at rest: AES-256 encryption for stored data
• Access controls: Role-based access with principle of least privilege
• Authentication: Secure password hashing (bcrypt)
• Row Level Security (RLS): Database-level access controls
• Regular security audits: Ongoing monitoring and assessment

4.3 Data Retention

5. Third-Party Services

5.1 Stripe

We use Stripe for payment processing. Stripe collects and processes payment method information, billing address, and transaction history. Stripe's privacy practices are governed by their Privacy Policy.

5.2 Supabase

We use Supabase for database and authentication services. Supabase processes user account data, survey data, and authentication events. Supabase's privacy practices are governed by their Privacy Policy.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

These cookies are necessary for the Service to function:

• Session cookies for authentication
• Security cookies (CSRF protection)
• Preference cookies (theme, language)

6.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

7. Data Sharing and Disclosure

7.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties.

7.2 Service Providers

We share information with trusted service providers who assist us in operating the Service. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

7.3 Legal Requirements

We may disclose your information if required to comply with legal obligations, respond to lawful requests from public authorities, protect our rights, privacy, safety, or property, prevent or investigate illegal activities, or enforce our Terms of Service.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) with service providers and data processing agreements.

9. Your Rights and Choices

9.1 Access and Portability

You have the right to access the personal information we hold about you and request a copy of your data in a portable format.

9.2 Correction

You can update your account information at any time through your account settings. You may also request that we correct inaccurate information.

9.3 Deletion

You have the right to request deletion of your personal information. To delete your account and data, use the account deletion feature in settings or contact us at simplerfeedback@gmail.com.

9.4 Exercising Your Rights

To exercise your rights, contact us at simplerfeedback@gmail.com. We will respond within 30 days.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided personal information, please contact us immediately at simplerfeedback@gmail.com.

11. California Privacy Rights (CCPA)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Right to Non-Discrimination: Exercise rights without discrimination

To exercise your CCPA rights, contact us at simplerfeedback@gmail.com.

12. Canadian Privacy Rights (PIPEDA)

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users. Canadian users have rights including access, correction, and deletion of their personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email and post a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: simplerfeedback@gmail.com

15. Jurisdiction-Specific Information

United States

For US users, this Privacy Policy complies with applicable federal and state privacy laws.

European Union (GDPR)

For EU users, we comply with GDPR. Our legal basis for processing is:

• Article 6(1)(b): Contract performance
• Article 6(1)(c): Legal obligation
• Article 6(1)(f): Legitimate interests
• Article 6(1)(a): Consent (where applicable)

United Kingdom

For UK users, we comply with UK GDPR and the Data Protection Act 2018.

Australia

For Australian users, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).