Privacy Policy

Feedzap ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data — whether you are a registered user of our dashboard or an end user submitting feedback through our widget on a third-party website.

Please read this policy carefully. By using the Service you acknowledge that you have read and understood this policy. If you do not agree, please stop using the Service.

Feedzap is the data controller for personal data collected when you register an account, use our dashboard, or interact with our website at www.feedzap.live.

For feedback data submitted through the Feedzap widget embedded on a third-party website, the website owner (our customer) is the data controller and Feedzap acts as a data processor on their behalf.

Contact: hi@feedzap.live

3.1 — Account & Dashboard Users

When you create an account or use the Feedzap dashboard we may collect:

• Email address (used for authentication and transactional emails)
• Name (optional, from your OAuth provider profile)
• Profile picture URL (from Google OAuth, if used)
• Password hash (for email/password accounts — we never store plain-text passwords)
• Billing information: payment method details are handled entirely by Razorpay; we store only a subscription status and plan tier
• Project settings, team member emails, and integration credentials (Slack webhook URLs, custom webhook endpoints)
• Usage data: number of feedback submissions per project, feature interactions

3.2 — Feedback Reporters (Widget Users)

When an end user submits feedback through the Feedzap widget embedded on a third-party site, the following data is captured and stored:

• Page URL and page title at time of submission
• Browser name, version, and user-agent string
• Operating system name and version
• Viewport width and height, and screen resolution
• A screenshot rendered client-side in the user's browser (no pixels leave the device until submission)
• The CSS selector of any element the user highlighted
• The text message the user typed
• Emoji reaction and category tags selected
• Timestamp of submission

The widget does not collect: names, email addresses, IP addresses, cookies, local storage values, or any data not explicitly listed above — unless a website owner configures the widget to pass additional metadata.

3.3 — Website Visitors

When you visit www.feedzap.live we collect standard server logs (IP address, browser, referring URL, pages visited, time of visit) for security and performance monitoring. We use Vercel Analytics for aggregate, privacy-preserving analytics that do not set cookies or track individuals across sites.

We use the data we collect to:

• Provide, maintain, and improve the Service
• Authenticate users and secure accounts
• Process payments and manage subscriptions via Razorpay
• Send transactional emails (e.g. magic link login, subscription receipts)
• Deliver feedback submissions to the correct project dashboard
• Fan out notifications to configured Slack channels and webhooks
• Detect and prevent abuse, fraud, and security threats
• Understand aggregate usage patterns to improve the product
• Respond to support requests

We do not sell your personal data. We do not use your data to serve third-party advertising. We do not use feedback content to train AI models without your explicit consent.

We use the following sub-processors to deliver the Service. Each operates under its own privacy policy and, where required, a Data Processing Agreement:

If you configure a Slack integration or a custom webhook, submissions will be forwarded to the endpoint you provide. You are responsible for ensuring those endpoints comply with applicable data protection laws.

All data is stored in Supabase (PostgreSQL) hosted on Amazon Web Services in the US East region. Screenshot images are stored in Supabase Storage (S3-compatible). Data in transit is encrypted using TLS 1.2+. Data at rest is encrypted by the storage provider.

Access to production data is restricted to authorised Feedzap personnel. Database access is protected by row-level security (RLS) policies that ensure users can only read and write data belonging to their own projects.

While we implement industry-standard safeguards, no system is 100% secure. If you believe your account has been compromised, contact us immediately at hi@feedzap.live.

We retain data for the following periods:

• Account data: retained for the lifetime of your account, plus 30 days after deletion to allow recovery
• Feedback submissions: retained indefinitely while your account is active; deleted within 30 days of account closure
• Payment records: retained for 7 years as required by financial regulations
• Server logs: retained for 90 days for security monitoring, then deleted

You may request earlier deletion of your personal data by emailing hi@feedzap.live. We will honour requests within 30 days subject to legal retention obligations.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: correct inaccurate or incomplete data
• Erasure: request deletion of your personal data (right to be forgotten)
• Portability: receive your data in a machine-readable format
• Restriction: ask us to pause processing of your data in certain circumstances
• Objection: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, email hi@feedzap.live with the subject line "Privacy Request". We will respond within 30 days. If you are in the EU/EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Feedzap uses a minimal number of cookies:

• Authentication session cookie: a secure, HTTP-only cookie set by Supabase to keep you logged in. Expires when you sign out or after 7 days of inactivity.
• No tracking cookies, advertising cookies, or third-party analytics cookies are set by Feedzap.

The Feedzap widget embedded on third-party sites does not set any cookies on Reporters' browsers.

The Service is not directed at children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it promptly.

Feedzap is operated from India and stores data primarily in the United States (via Supabase on AWS). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data may be transferred to and processed in countries that do not have the same data protection laws as your country.

Where required, such transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent safeguards.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify registered users via email at least 14 days before the changes take effect.

Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

For any privacy-related questions, data subject requests, or to request a Data Processing Agreement (DPA) for your organisation, please contact us:

See also our Terms of Service for the rules governing your use of the platform.