Legal

Privacy Policy

Template policy — review with counsel before production use.

Data we process

Reports your users submit (text, screenshots, video, and captured browser context), account data for your team, and billing metadata via Stripe. Media is stored in your configured object storage and served via short-lived signed URLs.

PII redaction

Descriptions, OCR text and transcripts are run through PII redaction before any AI processing. Integration tokens are encrypted at rest (AES-256-GCM).

Sub-processors

Object storage (S3/R2), Stripe (billing), and — only when you enable Full AI — your configured LLM provider. The default open AI path runs locally with no external calls.

Your rights (GDPR/CCPA)

Owners can export all organization data as JSON and erase a reporter’s data on request from Settings. Retention of media is configurable.

Security

Multi-tenant isolation with Postgres Row-Level Security, origin allow-listing, rate limiting, payload caps, and an audit trail on report actions.

Contact

Privacy questions: privacy@feedbackgraph.com.