Privacy Policy

Last Updated: October 19, 2025

Our Commitment to Privacy

We built The Feedback Agent with privacy as a core design principle. This policy explains exactly what data we collect, why we collect it, how we protect it, and importantly, what we don't collect.

We believe in radical transparency about data handling, especially when we claim to provide anonymity.

What We Collect

1. Email Addresses

How We Store Emails:

  • Recipient email: Stored in plain text (needed to send notifications)
  • Sender email (optional): Stored in plain text if provided (for tracking and response delivery)
  • Email hash: Cryptographic hash stored for privacy-preserving lookups

Why we need this: To notify recipients about feedback and deliver responses to senders.

Anonymity note: Recipient email addresses are NOT shared with senders. Sender email addresses (if provided) are NOT shared with recipients unless the sender explicitly chooses to respond.

2. Feedback Content

We store two versions of all feedback and responses:

  • Original content: Your exact words as submitted
  • Improved content: AI-enhanced version (only if you approve it)

Why we need this: To store and deliver feedback messages.

AI processing: All content is processed through AI for safety checks and optional improvement. See "AI Processing" section below.

3. Access Tokens

We generate unique, cryptographically secure tokens for:

  • Recipient access token: Used in the link to view and respond to feedback
  • Sender tracking token: Used in the link to track feedback status

Why we need this: To provide secure, password-free access to feedback without requiring accounts.

4. Timestamps

We record when:

  • Feedback was created
  • Feedback was first viewed by recipient
  • Response was created
  • Response was delivered to sender

Why we need this: To track feedback status and show senders when their feedback was viewed/responded to.

5. AI Processing Metadata

When content is processed by AI, we store:

  • Safety flags: Any content warnings identified (harassment, hate speech, etc.)
  • Constructiveness score: AI-assessed score from 0-10
  • AI model used: Name and version of the AI service
  • Processing cost: API cost in USD for transparency
  • User approval: Whether you reviewed and approved AI changes

Why we need this: For safety enforcement, quality monitoring, and cost tracking.

6. Technical Data (Temporary)

For abuse prevention, we temporarily store:

  • Rate limit data: Request counts by email hash or IP (stored in secure cache)
  • CAPTCHA verification: Verification tokens (validated and discarded)

Retention: Rate limit data expires automatically after 1 hour. CAPTCHA tokens are not stored.

7. Abuse Reports & Blocking (F-009)

Abuse Protection Data:

  • Sender visitor tokens: Stored with feedback for potential blocking
  • Sender IP addresses: Stored with feedback as fallback identifier
  • Abuse reports: Stored indefinitely for safety and accountability
  • Block list entries: Active blocks maintained until removed by staff or expiration

Why we need this: When recipients report abusive feedback, we need to identify and block the sender from sending future messages. This requires storing sender identifiers (visitor token from cookies, or IP address as fallback).

What we store in abuse reports:

  • Reported feedback ID and content
  • Recipient email and email hash
  • Sender visitor token (if available from cookie)
  • Sender IP address (if visitor token not available)
  • Optional reason provided by recipient
  • Report timestamp and status
  • Staff review notes (if reviewed)
  • Block level (sender-specific, full, or temporary) and expiration date

Staff access: Our staff can view abuse reports (including sender identifiers) for review and enforcement purposes. However, sender identifiers are never revealed to recipients.

Retention:

  • Abuse reports: Stored indefinitely or until recipient requests deletion
  • Sender visitor tokens in feedback: Stored as long as feedback exists
  • Sender IP addresses in feedback: Deleted after 90 days if no active block exists
  • Active blocks: Maintained until staff removes them, they expire, or recipient requests removal

Anonymity note: Blocked senders are NOT notified of blocks to protect recipient privacy and prevent retaliation. If you believe you have been blocked unfairly, you may appeal through our support channel.

8. Cookies

Cookie Usage:

  • Rate limiting cookie: Random identifier to enforce usage limits
  • Security: Industry-standard security protections applied
  • Expiration: Automatically deleted after 24 hours

Why we need this: To prevent abuse and ensure fair usage of the Service. The cookie helps us track request frequency without requiring accounts or permanently storing your information.

What we DON'T do with cookies:

  • Track your browsing across other websites
  • Build user profiles or behavioral data
  • Share cookie data with third parties
  • Use cookies for advertising or marketing

Control: You can disable cookies in your browser settings, but this may affect rate limiting functionality. The Service will fall back to IP-based rate limiting if cookies are disabled.

What We DON'T Collect

  • NO accounts or passwords - We don't require registration
  • NO tracking or analytics cookies - We don't use Google Analytics, tracking pixels, or similar tools. We only use a functional cookie for rate limiting (see Cookies section above)
  • Limited IP address storage - IP addresses are only stored with feedback for abuse prevention (deleted after 90 days if no active block) and temporarily in rate limiting (1 hour). We don't log IPs for tracking or analytics.
  • NO browser fingerprinting - We don't track device or browser details
  • NO third-party advertising - We don't share data with advertisers
  • NO social media tracking - We don't integrate with social platforms

AI Processing & Third Parties

AI Providers

We use third-party AI services to check content safety and optionally improve tone and clarity.

What they see: Your feedback or response content, but NOT your email address or identity.

Their policies: Our AI service providers have their own data retention and privacy policies. Contact us if you would like information about specific providers we use.

Email Delivery

We use a third-party email service provider to deliver notifications. They process:

  • Recipient email address
  • Email content (notification text and feedback preview)
  • Delivery metadata (timestamps, success/failure status)

Contact us if you would like information about our email service provider.

CAPTCHA Protection

We use a CAPTCHA service to prevent spam and abuse. This service may process:

  • Browser and device information
  • IP address (temporary)
  • Challenge responses

Contact us if you would like information about our CAPTCHA service provider.

How We Protect Your Data

Encryption in transit: All data is transmitted over encrypted connections
Encryption at rest: Database is encrypted by our cloud infrastructure provider
Access control: Feedback is only accessible via unique, unguessable tokens
Rate limiting: Prevents brute-force attacks and abuse
Content safety: AI checks all content for harmful material before delivery
No unnecessary retention: We only keep data needed for service functionality

Data Retention

Feedback and responses: Stored indefinitely until you request deletion. We need to retain this data so recipients can view feedback and senders can track responses at any time.

Rate limit data: Automatically expires after 1 hour.

Email audit logs: Stored for 90 days for debugging and compliance.

Abuse reports and blocks: Stored indefinitely or until recipient requests deletion. Sender IP addresses in feedback are deleted after 90 days if no active block exists.

Sender identity data: Visitor tokens stored with feedback indefinitely (for potential future blocking). IP addresses deleted after 90 days unless an active block exists.

Your Rights

You have the right to:

  • Access your data: Request a copy of feedback you sent or received
  • Delete your data: Request deletion of specific feedback or responses
  • Correct inaccuracies: Request corrections to stored information
  • Opt out: Stop using the service at any time (we don't have accounts to "close")

To exercise these rights, contact us at the email address below with your recipient or tracking token.

GDPR & CCPA Compliance

We respect privacy rights under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Legal Basis for Processing (GDPR)

  • Consent: You explicitly submit feedback, consenting to processing
  • Legitimate interest: We process data to provide the feedback service and ensure safety

California Residents (CCPA)

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.

You can request disclosure of data collected and deletion of your data by contacting us.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes by updating the "Last Updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us at:

[email protected]

Please include your feedback token(s) so we can help you effectively.