Skip to main content
FeedBlox

Privacy Policy

Last updated: April 30, 2026

FeedBlox (“FeedBlox,” “we,” “us,” or “our”) operates a hosted feedback collection platform and an embeddable widget that customers install on their own websites. This Privacy Policy explains what personal information we process, why, with whom we share it, how long we keep it, and the choices and rights available to you. We are based in Illinois, United States.

Scope

This policy applies to our marketing site, the FeedBlox dashboard, our APIs, and the JavaScript widget (collectively, the “Service”). When you use the widget on a customer’s website, that customer determines what fields to collect and is the “controller” or “business” for that submission; FeedBlox acts as the “processor” or “service provider” on the customer’s behalf and only handles that data per our agreement with the customer.

Information We Process

  • Account information. Email address, display name, hashed password and/or federated identifier (e.g., GitHub, Google, or GitLab subject ID), workspace and plan membership, and authentication metadata such as session identifiers and timestamps.
  • Site and widget configuration. Site names, origin URLs, widget placement and theme preferences, embed tokens, and domain-verification records you supply.
  • Feedback submissions. Sentiment or numeric rating, optional free-text comments, optional answers to a custom prompt you configure, and (where you enable them) screenshots or short recordings the visitor explicitly captures. We also store the page URL at submit time, the visitor user-agent string, and the submitter IP address for abuse prevention and security.
  • Element trail. A bounded, structural fingerprint of recent visitor interactions on the host page (for example clicks and focus) before submit. We store hashed signals such as tag, role, and path shape, not visible element text, form field values, or arbitrary attribute values. Interactions inside the widget panel are excluded.
  • Client debug bundle. When the embed script is present, we may attach a bounded debug context to a submission: recent browser console log, warn, and error lines; failed fetch or XHR requests (HTTP 4xx, 5xx, or network failure) with method and URL path (query strings removed); uncaught JavaScript errors; and optional key-value metadata the customer supplies through FeedBlox.setMetadata in their application. Console and error text may contain personal data if the host application logged it; customers control what they log and which metadata keys they set.
  • Technical and security logs. IP address, coarse geolocation derived from IP, user-agent string, request timestamps, and rate-limiting counters retained for security, abuse prevention, and debugging.
  • Communications. Messages you send us through support, sales, or contact forms, and records of those exchanges.

What We Do Not Collect

We do not knowingly collect biometric identifiers or biometric information as defined by the Illinois Biometric Information Privacy Act, 740 ILCS 14/ (“BIPA”). The widget does not perform face, fingerprint, voiceprint, retina, or hand-geometry scans. We also do not request or process genetic information governed by the Illinois Genetic Information Privacy Act, 410 ILCS 513/. The widget does not set tracking cookies on visitors, does not perform cross-site profiling, and does not record full session replay, request or response bodies for API calls, or query strings on captured network URLs. See Widget Data and GDPR for a customer-facing summary of embed behavior.

How We Use Information

  • To provide, operate, secure, and improve the Service and the widget.
  • To authenticate users, prevent fraud and abuse, and enforce our Terms and Acceptable Use Policy.
  • To communicate with you about your account, billing, security, and material product changes.
  • To comply with legal obligations and respond to lawful requests.

Where the EU/UK General Data Protection Regulation applies, our legal bases are: performance of a contract (account and Service delivery), legitimate interests (security, fraud prevention, product improvement, and anonymous aggregate load statistics for the embed), consent (where requested), and legal obligation.

Sharing and Subprocessors

We share personal information with vendors that help us run the Service: cloud hosting, managed databases, email delivery, error monitoring, and federated sign-in providers. Those vendors are bound by contract to use the data only to provide services to us. We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. We may disclose information to comply with law, enforce our agreements, or protect rights, safety, and property.

Retention

We keep account information while your workspace is active and for up to ninety (90) days after deletion to complete wind-down, resolve disputes, and meet legal obligations, after which it is removed from primary systems. Encrypted backups are rotated on a rolling cycle of up to thirty-five (35) days. Security logs are retained for up to twelve (12) months. Feedback submissions are retained until you or your workspace administrator deletes them or your workspace is closed.

Your Choices and Rights

You can update or delete account information from the dashboard, export your feedback data, and close your workspace at any time. Depending on where you live, you may have additional rights described below. To exercise a right, email privacy@feedblox.net from the address on file. We will respond within the timelines required by applicable law (generally forty-five (45) days).

Illinois Residents

Illinois law protects specific categories of information. As stated above, we do not collect biometric or genetic information. If you believe we have experienced a security incident affecting your unencrypted or unredacted personal information, we will notify you in the most expedient time possible and without unreasonable delay, consistent with the Illinois Personal Information Protection Act, 815 ILCS 530/.

California Residents

The California Consumer Privacy Act, as amended by the CPRA, gives California residents rights to know, delete, correct, and limit use of sensitive personal information, and to opt out of sale or sharing for cross-context behavioral advertising. We do not sell or share personal information in those senses. To exercise rights, contact us at the email above; we will verify the request using account credentials or other reasonable means and will not discriminate against you for exercising a right.

EEA, United Kingdom, and Switzerland

You may request access, rectification, erasure, restriction, portability, and objection to processing, and withdraw consent at any time without affecting prior processing. You may also lodge a complaint with your supervisory authority. Where personal data is transferred out of the EEA, UK, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum, where applicable) to provide appropriate safeguards.

Children

The Service is not directed to children under thirteen (13), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

Cookies and Similar Technologies

We use first-party cookies for sign-in, security (CSRF protection), and saving UI preferences. See our Cookie Policy for the full list and how to control them.

Security

We use administrative, technical, and physical safeguards designed to protect personal information. See our Security Overview. No system is perfectly secure, and we cannot guarantee absolute security.

Changes

We may update this policy from time to time. If changes are material, we will notify account owners by email or in-product notice at least thirty (30) days before they take effect, except where a shorter period is required by law.

Contact

FeedBlox - Privacy, Cook County, Illinois, USA. privacy@feedblox.net

All legal documents · Contact