1. Introduction
Superfeedback OÜ ("we," "us," or "our") operates the SaaS platform Superfeedback (the "Service"), accessible at https://superfeedback.ai. We are committed to protecting the privacy of our business clients and their users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.
For the purposes of the General Data Protection Regulation (GDPR), Superfeedback OÜ is the Data Controller of your personal data.
2. Information We Collect
We collect information to provide our AI-driven feedback analysis service.
A. Information You Provide
- Account Data: When you register, we collect your Name and Email Address.
- Feedback Data: We process text and data you submit for analysis. This may include user feedback logs, tickets, or comments imported from integrations.
- Optional User Data: You or your end-users may voluntarily provide an email address associated with specific feedback items, though this is not required.
B. Information Collected Automatically
- Usage & Error Logs: We use Sentry to track application errors and performance. This may collect technical data such as your IP address, browser type, device information, and timestamps of errors to help us fix bugs.
- Integrations: If you connect third-party tools (e.g., Slack, Jira, GitHub), we receive information authorized by your settings in those services to enable the integration.
C. Payment Information
We do not store your credit card details. All billing is handled by our third-party processor, Stripe.
3. How We Use Your Information
We process your data for the following purposes:
- Service Delivery: To authenticate your account and provide the Superfeedback dashboard and AI analysis features.
- AI Processing: To analyze feedback sentiment and content using Large Language Models (LLMs).
- Communication: To send you technical notices, updates, security alerts, and support messages.
- Billing: To process subscriptions via Stripe.
- Marketing: To send newsletters or product updates (only if you have opted in).
- Improvement: To monitor the health of our infrastructure and fix software bugs.
4. Legal Basis for Processing (GDPR)
We process your Personal Data under the following legal bases:
- Performance of a Contract: Processing is necessary to provide the Superfeedback service you subscribed to.
- Legitimate Interests: For debugging (Sentry), security, and improving our AI models.
- Consent: For sending marketing newsletters (which you can withdraw at any time).
- Legal Obligation: To comply with tax and accounting laws in Estonia.
5. Data Sharing and Sub-Processors
We do not sell your data. We entrust your data to the following third-party service providers ("Sub-processors") to operate our Service:
| Provider | Purpose | Location |
|---|
| Render | Cloud Hosting & Infrastructure | United States (Oregon) |
| Google (Gemini) | AI / LLM Processing | Global / United States |
| Stripe | Payment Processing | United States |
| Sentry | Error Tracking & Monitoring | United States |
| Email Providers | Newsletters & Notifications | United States |
Note on Integrations: If you choose to integrate Slack, Jira, or GitHub, data will flow between Superfeedback and these platforms based on your configuration. We reserve the right to change these providers in the future. We will update this policy if significant changes occur.
6. International Data Transfers
Superfeedback OÜ is based in Estonia (EU), but our infrastructure (Render) and AI processors are located in the United States. By using our Service, you acknowledge that your data will be transferred to and processed in the United States.
We ensure these transfers comply with GDPR by relying on:
- Data Privacy Framework (DPF): Where the provider is certified (e.g., Google, Stripe).
- Standard Contractual Clauses (SCCs): Legal agreements approved by the European Commission ensuring your data remains protected to European standards.
7. Data Retention
We retain your personal information only as long as necessary to provide the Service or to comply with legal obligations (such as tax laws).
- Account Data: Retained while your account is active.
- Feedback Data: Retained according to your subscription status. You may delete feedback data via the dashboard.
- Backups: Deleted periodically in accordance with our disaster recovery policies.
8. Your Data Protection Rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Correct any inaccurate data.
- Delete ("Right to be Forgotten") your data, subject to legal retention requirements.
- Export your data in a structured format.
- Withdraw Consent for marketing emails at any time.
To exercise these rights, please contact [email protected].
9. Cookies
We use necessary cookies for authentication (to keep you logged in) and functional tracking technologies (like Sentry) to monitor system stability. You can instruct your browser to refuse all cookies, but some parts of our Service may not function properly without them.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page.
Contact Us
If you have questions about this Privacy Policy, please contact us at: