Privacy Policy
How FeedSolve handles company, submitter, and website visitor data.
Privacy Policy
Effective Date: January 1, 2025
Last Updated: January 1, 2025
Company: Lumora Ventures PVT LTD
Service: FeedSolve (feedsolve.com)
1. Introduction
FeedSolve ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, service, and applications (collectively, the "Service").
We operate under the principle of privacy by design. This means:
- We collect only the minimum data necessary to provide the Service
- We do not sell your personal data to third parties
- We give you control over your data
- We comply with applicable data protection laws including GDPR, PDPA (Singapore), CCPA, and local privacy regulations in our target markets
2. Scope & Applicability
This Privacy Policy applies to:
- Company Users: Organizations who sign up for FeedSolve to collect feedback from stakeholders
- Submitters: Any person who submits feedback via a FeedSolve board without needing an account
- Website Visitors: Anyone visiting feedsolve.com or our marketing pages
Note: FeedSolve handles two different types of personal data:
- Company Data: Information about the organization using FeedSolve
- Submitter Data: Information submitted via feedback forms
This policy covers both types.
3. What Data We Collect
3.1 Data We Collect from Company Users
When you sign up for FeedSolve, we collect:
| Data Type | Source | Purpose |
|---|---|---|
| Email address | Registration | Authentication, account login, billing |
| Password (hashed) | Registration | Secure account authentication |
| Company name | Registration | Account identification |
| Company size (optional) | Registration | Product analytics |
| Industry (optional) | Registration | Segmentation for product improvements |
| Phone number (optional) | Billing | Contacting about account issues |
| Billing address | Stripe | Processing subscriptions |
| Payment method | Stripe | Charging subscription fees |
| IP address | Server logs | Security, abuse prevention |
| Browser/device info | Analytics | Product usage analytics |
| Login timestamps | Database | Security audits |
| Features used | Product analytics | Understanding product adoption |
Data Retention: Company user data is retained for the duration of your subscription plus 90 days after cancellation (for billing/tax compliance).
3.2 Data We Collect from Feedback Submitters
When someone submits feedback via a FeedSolve board:
| Data Type | Required? | Purpose |
|---|---|---|
| Feedback category | Yes | Categorizing submissions |
| Subject line | Yes | Identifying the issue |
| Description/comments | Yes | Understanding the feedback |
| Email address | Optional | Allowing company to reply; tracking updates |
| Phone number | Optional | Alternative contact method |
| Name | Optional | Personalizing responses |
| Additional attachments | Optional | Supporting the feedback |
| IP address | Automatic | Security, spam prevention |
| Timestamp | Automatic | Tracking submission time |
| Tracking code (#FSV-XXXX) | Automatic | Submitter tracking without login |
| Anonymous flag | User choice | Submitting feedback anonymously if selected |
Data Retention: Submission data is retained according to the company's retention policy (typically 1–3 years), then deleted. Submitters can request deletion of their data anytime.
3.3 Website & Analytics Data
When you visit feedsolve.com:
- Cookies: We use essential cookies for authentication, CSRF protection, and preferences
- Analytics: We use analytics tools (e.g., Google Analytics, Sentry for error tracking) to understand site usage and performance
- Tracking pixels: Minimal use for conversion tracking (optional, privacy-respecting)
- Log data: IP address, browser type, pages visited, referring URL, time spent
4. How We Use Your Data
4.1 Company User Data — Used For:
- Providing the Service (authentication, dashboard, reporting)
- Billing and subscription management via Stripe
- Sending service-related emails (password resets, billing notices, product updates)
- Security and fraud prevention
- Compliance with legal obligations
- Improving the product based on anonymous usage patterns
- Customer support via email or in-app messaging
We do not use company data for:
- Marketing to third parties
- Selling to data brokers
- Building profiles of your business practices (beyond what's needed for the Service)
4.2 Submitter Data — Used For:
- Delivering the feedback to the correct company
- Allowing the company to respond to the feedback
- Tracking submission status (via tracking code)
- Preventing spam and abuse
- Improving the feedback form experience
- Anonymizing data for aggregate analytics (e.g., "10% of feedback is about quality issues")
We do not use submitter data for:
- Marketing
- Profiling the submitter
- Sharing with third parties (except the company that owns the board, who you intentionally submitted to)
4.3 Website Visitor Data — Used For:
- Analytics (understanding traffic, page performance)
- Improving website experience
- Security and DDoS prevention
- Conversion tracking (if you enable it)
5. Who We Share Your Data With
5.1 Data You Intentionally Share
Company Feedback Dashboard: When you submit feedback, the company user who created that board can see:
- Your feedback content
- Your contact information (if provided)
- Your tracking code
- Your submission metadata (timestamp, category, etc.)
This is by design—you're intentionally providing feedback to that company.
5.2 Service Providers (Data Processors)
We use third-party services that process your data on our behalf:
| Service | Purpose | Data Type | Location |
|---|---|---|---|
| Firebase (Google) | Database, authentication, hosting | All company + submitter data | US (can be configured to EU) |
| Stripe | Payment processing | Billing data only | US/EU |
| Brevo (formerly Sendinblue) | Email notifications | Email addresses, notification content | EU (GDPR-compliant) |
| Google Analytics | Website analytics | Anonymous usage patterns | US |
| Sentry | Error tracking | Error logs (minimal PII) | US/EU options available |
All data processors sign Data Processing Agreements (DPAs) and comply with GDPR/PDPA.
5.3 Legal Obligations
We may disclose your data if required by law:
- Court orders or subpoenas
- Government requests (law enforcement)
- Protecting rights, privacy, or safety
- Enforcing our Terms of Service
We will notify you of such requests unless legally prohibited.
5.4 Business Transfers
If FeedSolve is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you and provide choices if feasible.
5.5 Aggregated/Anonymous Data
We may share anonymized, aggregated data publicly:
- "X% of feedback across all customers relates to product quality"
- Benchmark reports on resolution rates by industry
- Usage patterns (no individual company data)
This data cannot identify you or your organization.
6. Data Security
6.1 Technical Measures
We implement:
- HTTPS encryption for all data in transit
- AES-256 encryption for sensitive data at rest (passwords, payment info)
- Firebase Security Rules restricting database access to authorized users
- Two-factor authentication (2FA) support for company accounts
- Regular security audits and penetration testing
- Automated backups with encryption
- DDoS protection via Firebase/Cloudflare
6.2 Access Controls
- Only authorized employees access sensitive data
- All access is logged and monitored
- Employees sign NDAs
- Principle of least privilege (minimum access needed for role)
- Regular access reviews
6.3 Incident Response
If we discover a data breach:
- We will investigate immediately
- We will notify affected users within 72 hours (GDPR standard)
- We will cooperate with authorities
- We will document the breach and lessons learned
7. Your Privacy Rights & Choices
Depending on your location, you may have the right to:
7.1 Right to Access (GDPR/PDPA)
Request a copy of all personal data we hold about you.
How: Email privacy@feedsolve.com with subject "Data Access Request"
Timeline: 30 days
7.2 Right to Correction (GDPR/PDPA)
Request correction of inaccurate data.
How: Update your profile directly in-app, or email privacy@feedsolve.com
Timeline: 30 days
7.3 Right to Erasure (GDPR "Right to Be Forgotten")
Request deletion of your personal data (with exceptions for legal/tax compliance).
How: Email privacy@feedsolve.com with subject "Deletion Request"
Timeline: 30 days (some data may be retained for legal reasons)
7.4 Right to Restrict Processing (GDPR/PDPA)
Ask us to limit how we use your data.
How: Email privacy@feedsolve.com with details
Timeline: 30 days
7.5 Right to Data Portability (GDPR/PDPA)
Receive your data in a portable format (e.g., CSV, JSON).
How: Email privacy@feedsolve.com with subject "Data Portability Request"
Timeline: 30 days
7.6 Right to Withdraw Consent (GDPR/PDPA)
For data processed based on consent, you can withdraw anytime.
How: Email privacy@feedsolve.com or unsubscribe from emails
Timeline: Immediate
7.7 Right to Object (GDPR/PDPA)
Object to certain processing, such as marketing emails.
How: Use "unsubscribe" link in emails, or email privacy@feedsolve.com
Timeline: Immediate
7.8 California Resident Rights (CCPA)
If you're a California resident:
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt-out of the sale/sharing of personal information
- Right to non-discrimination for exercising rights
Note: FeedSolve does not "sell" personal information in the CCPA sense.
7.9 How to Exercise Rights
Email: privacy@feedsolve.com
Mail: Lumora Ventures PVT LTD, Sri Lanka
Response time: 30 days
We may request identification to verify you are the account holder.
8. Cookies & Tracking Technologies
8.1 Essential Cookies
These are required for the Service to function:
- Session authentication
- CSRF (cross-site request forgery) protection
- User preferences (language, theme)
Consent required: No (these are essential for functionality)
8.2 Analytics Cookies
Used to understand site performance and user behavior:
- Google Analytics (anonymous tracking)
- Sentry (error monitoring)
- Custom analytics (session duration, features used)
Consent required: Yes (we ask on first visit)
8.3 Third-Party Cookies
Stripe and other partners may set cookies for fraud prevention and payment processing.
8.4 Disabling Cookies
You can disable cookies in your browser settings, but some features of the Service may not work properly.
9. International Data Transfers
FeedSolve operates globally, and your data may be transferred to and processed in countries other than where you reside, including the United States.
9.1 GDPR Compliance
For EU/UK residents, we ensure transfers comply with GDPR through:
- Standard Contractual Clauses (SCCs) with service providers
- Firebase compliance with GDPR (EU data residency option available)
- Privacy Shield equivalents where applicable
9.2 Data Localization
If your jurisdiction requires data localization (e.g., India, UAE), we can configure Firebase to store data locally. Contact us for details.
10. Children's Privacy
FeedSolve is not intended for children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect data from children.
If we become aware a child has provided information, we will delete it immediately.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., competitors, integrations). We are not responsible for their privacy practices. Please review their privacy policies independently.
12. Data Retention Schedule
| Data Type | Retention Period | Reason |
|---|---|---|
| Company user account | Duration of subscription + 90 days | Billing, compliance |
| Feedback submissions | As set by company (default 1 year) | Business records |
| Payment records | 7 years | Tax/legal compliance |
| Server logs | 30 days | Security monitoring |
| Google Analytics | 26 months | Product improvement |
| Email records | 1 year (or as requested) | Support history |
| Error logs (Sentry) | 90 days | Debugging |
After retention periods, data is permanently deleted or anonymized.
13. Submitter Data Notes
Important for Submitters:
When you submit feedback:
- The company receiving your feedback will see your submission (that's the purpose)
- If you provide contact information, the company may use it to respond
- Your tracking code (#FSV-XXXX) does not require login—anyone with this code can track your feedback
- If you select "Anonymous," the company will not see your name or email (but they may infer your identity from submission content)
- You can request deletion anytime by emailing the company or contacting us
14. Contact Us
For privacy questions or requests:
Email: privacy@feedsolve.com
Mailing Address:
Lumora Ventures PVT LTD
Sri Lanka
Data Protection Officer: Available upon request
15. Policy Updates
We may update this Privacy Policy to reflect changes in practices, technology, legal requirements, or other factors.
Changes will be:
- Posted on this page with an updated "Last Updated" date
- Effective 30 days after posting
- Notified to users via email for material changes
Your continued use of FeedSolve after changes constitute acceptance of the updated policy.
16. Regional Addendums
16.1 GDPR (European Union/EEA)
- Your data is a "personal asset" under GDPR
- We are a "data controller" for company data; the company is a controller for submitter data
- You have all rights listed in Section 7
- Our legal basis for processing:
- Company data: Performance of contract
- Submitter data: Legitimate interest (feedback collection)
- Communication: Consent/legal obligation
16.2 PDPA (Singapore/Malaysia)
- We comply with PDPA's consent and accuracy requirements
- Data is not transferred outside ASEAN without consent
- You can request access, correction, and deletion
16.3 India (No Comprehensive Privacy Law; DPDP Act Upcoming)
- We follow DPDP Act's principles for data protection
- Data localizing options available
- You have access and correction rights
16.4 UAE (ADISA)
- We comply with UAE Data Protection Law
- QR code culture is respected; data collection is transparent
- Data is not shared with third parties without consent
16.5 Nigeria/Kenya (Upcoming Regulations)
- We comply with NITDA (Nigeria) and local regulations
- Data minimization principles followed
- Consent-based for non-essential processing
End of Privacy Policy
This Privacy Policy is effective as of January 1, 2025, and supersedes all prior versions.