Logo Logo
EN ▾
Sign In Sign Up

Privacy Policy

Effective date: May 21, 2026

This Privacy Policy explains how Feedback-Us ("Feedback-Us", "we", "us", "our") processes personal data through the website feedback-us.com and the Feedback-Us SaaS platform.

Feedback-Us helps businesses collect customer feedback through QR codes, web forms, dashboards, alerts, and AI-assisted summaries.

1. Who We Are

Feedback-Us is operated by PE A. Tarchanskyi, a private entrepreneur registered in Ukraine.

Paid subscriptions are processed by Paddle.com Market Limited as Merchant of Record. Paddle's business address appears on the checkout and on the invoice you receive.

An EU representative under GDPR Article 27 will be designated where legally required and identified in this Privacy Policy.

Contact: support@feedback-us.com

2. Our Role Under Data Protection Law

Feedback-Us may act in two different roles:

2.1 Feedback submitted through customer forms

When an end user submits feedback to a business using Feedback-Us, the business customer is the Data Controller and Feedback-Us is the Data Processor.

The business customer decides:

  • why feedback is collected;
  • what feedback form is used;
  • how feedback is reviewed and acted upon;
  • whether and how to contact the end user.

2.2 Feedback-Us account, website, billing, and service operations

For business account management, website operation, billing, security, service analytics, and support, Feedback-Us acts as an independent Data Controller.

3. Personal Data We Process

3.1 Feedback data

We may process:

  • rating;
  • feedback text;
  • optional email address;
  • submission date and time;
  • location or form point selected by the business customer;
  • related technical metadata.

End users should not submit sensitive personal data unless specifically required and lawfully configured by the business customer. Feedback-Us does not intentionally request sensitive personal data.

3.2 Business customer account data

We may process:

  • name;
  • email address;
  • organization name;
  • login and authentication data;
  • subscription status;
  • billing-related information;
  • dashboard settings;
  • locations and QR form configuration;
  • support communications.

Payments are processed by Paddle as Merchant of Record. Feedback-Us does not store full card details.

3.3 Technical and security data

We may process:

  • IP address;
  • browser and device information;
  • server logs;
  • error logs;
  • authentication logs;
  • security events.

3.4 Website visit analytics

Feedback-Us may use simple server-side logging to understand website traffic and campaign performance. This may include:

  • timestamp;
  • page URL;
  • referrer;
  • UTM parameters;
  • browser type;
  • approximate country or region;
  • anonymized or shortened IP address;
  • aggregated visit counts.

We do not use Google Analytics, advertising pixels, cross-site tracking cookies, or behavioral profiling for website visitors.

4. Purposes of Processing

We process personal data to:

  • provide the Feedback-Us service;
  • collect and deliver feedback to business customers;
  • analyze feedback using AI;
  • classify positive and negative feedback;
  • generate alerts, insights, and summaries;
  • send email notifications;
  • manage subscriptions and billing;
  • secure the platform;
  • prevent abuse and spam;
  • provide customer support;
  • improve website and service performance;
  • comply with legal obligations.

5. AI Analysis

Feedback-Us may use AI and large language model providers to analyze feedback.

AI may be used to:

  • detect sentiment;
  • summarize review trends;
  • identify urgent or negative feedback;
  • suggest possible business actions;
  • generate weekly summaries.

AI analysis is best-effort, automated, and may be inaccurate or incomplete.

Businesses are responsible for reviewing AI outputs before relying on them. Feedback-Us does not guarantee that AI classifications, summaries, or suggestions are correct.

6. Positive Reviews and External Platforms

Feedback-Us may suggest that an end user shares positive feedback on external platforms, such as Google or other public review platforms.

Feedback-Us does not control third-party platforms and does not guarantee that:

  • a review will be submitted;
  • a review will be accepted;
  • a review will be published;
  • a review will remain visible;
  • a rating or ranking will improve.

Third-party platforms apply their own terms, policies, and moderation rules.

7. Legal Bases for Processing

Where GDPR applies, we rely on the following legal bases:

7.1 Contract

To provide the service to business customers and manage accounts.

7.2 Legitimate interests

To secure the platform, prevent abuse, maintain logs, improve service performance, and operate limited server-side website analytics without tracking users across websites.

7.3 Consent

Where required, for optional information submitted by end users, optional communications, or non-essential technologies.

7.4 Legal obligation

To comply with applicable accounting, tax, security, and legal requirements.

8. Cookies, Local Storage, and Tracking

Feedback-Us does not use cross-site tracking.

We may use strictly necessary cookies, session storage, or local storage to:

  • keep users logged in;
  • maintain session security;
  • remember interface state;
  • prevent repeated feedback prompts;
  • prevent repeated share prompts;
  • protect forms from abuse.

These technologies are used only to make the service work properly.

We do not use Google Analytics, advertising cookies, retargeting pixels, or cross-site identifiers unless this Privacy Policy and our Cookie Policy are updated and legally required consent is obtained.

9. Server-Side Logging

We may use server-side logs to understand basic website performance and traffic sources.

We do not use these logs to track individuals across websites.

Where possible, IP addresses are anonymized, shortened, aggregated, or retained only for a limited period.

Server logs may be used for:

  • security;
  • debugging;
  • traffic counting;
  • referrer analysis;
  • UTM campaign analysis;
  • abuse prevention.

10. Subprocessors and Third-Party Providers

We may use trusted third-party providers, including:

  • hosting and infrastructure providers;
  • database and storage providers;
  • Paddle for payments and Merchant of Record services;
  • LLM providers for AI analysis;
  • email delivery providers;
  • Google OAuth for login;
  • error monitoring and security providers.

These providers process data only as needed to provide their services.

11. International Data Transfers

Feedback-Us may process data in Ukraine, the EU/EEA, the United States, Canada, or other countries where our providers operate.

Where GDPR applies and data is transferred outside the EU/EEA, we use appropriate safeguards where required, such as:

  • Standard Contractual Clauses;
  • data processing agreements;
  • transfer impact assessments where appropriate;
  • technical and organizational security measures.

12. Data Retention

We retain data only as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods:

  • feedback data: while the business customer account is active, unless deleted earlier;
  • business account data: while the account exists and for a reasonable period after closure;
  • billing and tax records: as required by applicable law;
  • security logs: usually 30 to 180 days;
  • anonymized or aggregated analytics: may be retained longer because it does not identify individuals;
  • support communications: as long as needed for support history and legal protection.

Business customers may request deletion of their account data unless retention is legally required.

13. End User Rights

Depending on applicable law, individuals may have rights to:

  • access personal data;
  • correct inaccurate data;
  • delete personal data;
  • restrict processing;
  • object to processing;
  • receive a copy of data;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a data protection authority.

For feedback submitted through a business customer's form, requests should normally be sent to that business customer because the business is the Data Controller.

Feedback-Us will reasonably assist business customers in responding to valid requests.

14. Security

We use appropriate technical and organizational measures to protect personal data, including:

  • encrypted connections;
  • access controls;
  • authentication protections;
  • logging and monitoring;
  • backups where appropriate;
  • least-privilege access;
  • internal confidentiality obligations.

No online service can guarantee absolute security.

15. User-Generated Content

Feedback submitted through Feedback-Us is user-generated content.

Feedback-Us is not responsible for the content, accuracy, legality, or consequences of feedback submitted by end users or managed by business customers.

Business customers are responsible for how they collect, review, publish, respond to, or otherwise use feedback.

16. Children

Feedback-Us is not intended for use by children under 16.

Business customers must not intentionally use Feedback-Us to collect personal data from children unless they have a valid legal basis and comply with applicable child privacy laws.

We do not knowingly collect personal information from children under the age of 13 in a manner inconsistent with the Children's Online Privacy Protection Act (COPPA).

17. Ukraine, USA, and Canada

Feedback-Us is designed with GDPR-first principles. Where applicable, we also aim to respect data protection requirements in Ukraine, the United States, and Canada. Specific rights may vary depending on the jurisdiction and the user's location.

17.1 Ukraine

You have the right to lodge a complaint with the Authorized Representative of the Verkhovna Rada of Ukraine for Human Rights (Ombudsperson), who serves as the supervisory authority for personal data protection in Ukraine. Contact: op.gov.ua.

17.2 USA — California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect about you, request deletion of your personal information, correct inaccurate personal information, and opt out of the sale or sharing of personal information for cross-context behavioral advertising.

We do not sell or share personal information for cross-context behavioral advertising.

To exercise your rights, contact us at support@feedback-us.com. We will not discriminate against you for exercising your CCPA rights.

17.3 Canada — including Quebec (PIPEDA / Law 25)

If you are a Canadian resident, you have the right to access and correct personal information we hold about you, and to withdraw consent where processing is based on consent.

Our designated Privacy Officer can be reached at support@feedback-us.com. If you have unresolved concerns, you may contact the Office of the Privacy Commissioner of Canada (priv.gc.ca). Quebec residents may also contact the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we will provide reasonable notice through the website, dashboard, or email.

19. Contact

For privacy questions, contact:

PE A. Tarchanskyi (Ukraine)

support@feedback-us.com

Feedback-Us

Home Pricing About Us Privacy Policy Terms of Service Refund Policy Acceptable Use Policy

Contact

support@feedback-us.com
Logo © 2026 Feedback-Us