Privacy Policy
Last Updated: December 10, 2025
At SmartFeedback.net, we take your privacy seriously. This policy explains how we handle data for both our direct users ("Merchants") and their end-customers, ensuring compliance with global standards including the GDPR (Europe) and CCPA/CPRA (California).
1. Information We Collect
We collect data in two distinct categories based on your relationship with our service:
A. From Merchants (You)
- Account Information: Name, email address, business name, and business configuration details (sector, logo, survey preferences).
- Payment Information: Processed securely by our payment processor, Stripe. We do not store full credit card details on our servers; we only retain a secure token for subscription management.
- Technical Logs: IP address, browser type, and timestamps for security monitoring, debugging, and fraud prevention.
B. From End-Customers (Your Clients)
- Feedback Content: Ratings, reviews, and text comments submitted via the feedback forms.
- Contact Information: Email addresses, only if voluntarily provided by the end-customer for follow-up purposes, or uploaded by the Merchant for feedback requests.
- Metadata: Submission timestamp and client time zone to ensure accurate reporting.
2. Role of Data Controller vs. Processor
To ensure clarity regarding legal responsibilities:
- For Merchant Data: SmartFeedback.net acts as the Data Controller. We determine how your account data is used to provide the service.
- For End-Customer Data: The Merchant is the Data Controller, and SmartFeedback.net acts as the Data Processor. We process this data solely on your instructions to collect reviews, generate reports, and facilitate communication. You retain ownership of this data.
3. How We Use Your Data
We use the collected data strictly for the following purposes:
- Service Provision: To create surveys, collect responses, and display them in your dashboard.
- Analytics & Reporting: To generate AI-powered summaries and statistical reports for Merchants.
- Security & Maintenance: To prevent fraud, troubleshoot technical issues, and ensure the integrity of the platform.
- Communication: To send transactional emails (account validation, password reset, subscription notices) to Merchants.
Strict No-Sale Policy: We do NOT sell, trade, or rent personal identification information of Merchants or End-Customers to third parties for advertising or marketing purposes.
4. Data Sharing & Service Providers
We share data only with trusted third-party service providers ("Sub-processors") necessary to operate our service. These providers are bound by strict confidentiality agreements and Data Processing Agreements (DPAs):
- Hostinger (Hosting): Secure storage of site data and databases. Contact Hostinger.
- Stripe (Payments): Secure processing of financial transactions. Stripe Privacy Policy.
- Groq (Artificial Intelligence): Processing of text and image inputs to generate survey questions and feedback summaries. Groq Privacy Policy.
- Google (Authentication): Used only if you choose to sign in via Google. Google Sign-In Info.
5. Data Retention & Deletion
We adhere to data minimization principles. Below is a summary of our retention periods:
| Data Category | Retention Period |
|---|---|
| Active Account Data | Duration of account activity |
| Deleted Account Data | 90 days after deletion (grace period) |
| End-Customer Feedback | Purged after 3 years of merchant inactivity |
| Billing Information | 5 to 10 years (legal obligation) |
6. Security Measures
We implement robust security measures to protect your data, including:
- Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS).
- Password Hashing: User passwords are hashed using strong algorithms (bcrypt) before storage.
- Access Control: Strict internal access controls ensure only authorized personnel can access system data for maintenance purposes.
7. Cookies & Tracking
We use essential cookies and local storage solely for:
- Authentication: Keeping you logged in to your dashboard.
- Security: CSRF (Cross-Site Request Forgery) protection tokens.
- Functionality: Preventing duplicate survey submissions from the same device.
We do not use third-party tracking pixels or cookies for advertising purposes in the current version of the Service.
8. Your Rights (GDPR & CCPA/CPRA)
Whether you are located in the European Economic Area (GDPR) or California (CCPA/CPRA), you have specific rights regarding your personal data:
- Right to Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can correct inaccurate or incomplete data directly via your dashboard or by contacting us.
- Right to Deletion ("Right to be Forgotten"): You may request the full deletion of your account and all associated data.
- Right to Opt-Out: You can unsubscribe from non-essential emails at any time.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To exercise these rights, you can contact us via:
- Email: contact@smartfeedback.net
- Our online form: Contact Us
9. International Data Transfers
Some data processing may occur outside the European Union via our service providers (Hostinger, Stripe, Groq, Google Sign-In). We ensure that such transfers are protected by appropriate technical and contractual safeguards, such as Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.
For any questions regarding the location or protection of your data during these transfers, please contact us at contact@smartfeedback.net.
10. US / California Privacy Notice
SmartFeedback respects the privacy of California residents and supplements this Policy to explain CCPA/CPRA rights. We do not currently sell or share personal data for advertising purposes; if this changes, a "Do Not Sell or Share My Personal Information" link will be added. California residents may request access, deletion, correction, or opt-out by contacting contact@smartfeedback.net or via our contact page. Requests will be verified reasonably and processed within applicable legal timeframes.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the latest revisions were made. We encourage you to review this policy periodically.