Security & Privacy
Anonymous feedback only works if submitters trust you. Here's how we protect anonymity and secure your data at every layer.
Our Security Pledge
We're committed to protecting your data and your submitters' anonymity. No compromises.
Zero Knowledge
We never log IP addresses or track submitters on public feedback forms
Encrypted Always
All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Full Transparency
Open about what we collect, why we collect it, and how we use it
Anonymity Guarantees
How we ensure feedback submitters remain truly anonymous
What We DON'T Collect
- IP addresses on public feedback forms
- Browser fingerprints or device IDs
- Tracking cookies or pixels
- Location data or GPS coordinates
- Referrer URLs (where you came from)
- Session IDs that could identify submitters
What We DO Collect
- Feedback text and optional star rating
- Timestamp of submission (date/time only)
- Browser type (for compatibility, not tracking)
- Device type (mobile/desktop for UX)
- Language preference (for translations)
- Nothing that can identify individuals
Technical Implementation
We've architected our system to make re-identification technically impossible:
- • Feedback submissions go through an anonymization proxy that strips metadata
- • No correlation between submissions - each treated as independent
- • Database design prevents linking feedback to submitter identity
- • Even our engineers cannot reverse-engineer who submitted what
Data Security
Enterprise-grade protection for your data
Encryption
TLS 1.3 with perfect forward secrecy
AES-256 encryption for all stored data
Rotated regularly, stored in secure vaults
Infrastructure
SOC 2 Type II certified providers
Isolated, encrypted, daily backups
DDoS protection, firewall rules
Access Control
2FA required for team accounts
Role-based access control (RBAC)
All data access logged and monitored
Security Practices
Third-party security audits quarterly
Annual pen tests by certified firms
Automated daily scans for CVEs
Security patches applied within 24h
Documented plan, tested quarterly
Security awareness training for all staff
AI & Third-Party Services
How we handle data with external processors
AI Processing (OpenAI)
What we send: Feedback text only (no personal data, no metadata)
Purpose: Sentiment analysis, theme extraction, insight generation
Protection:
- Zero data retention agreement with OpenAI
- Data not used to train models
- Encrypted in transit
- Results cached to minimize API calls
Other Third Parties
PCI-DSS Level 1 certified. We never see card numbers.
SOC 2 Type II, encrypted backups, US-based.
Edge network, DDoS protection, 99.99% uptime SLA.
All processors bound by Data Processing Agreements (DPA) with strict security requirements.
Our Security Principles
Built with privacy and security at the core
Privacy-First
Designed with privacy regulations in mind from day one
Data Protection
Your data is encrypted and protected at every layer
Secure Infrastructure
Hosted on SOC 2 certified cloud providers
Transparency
Clear policies on what we collect and why
Enterprise Security (Coming Soon)
We're building additional security features for enterprise customers:
- Custom Data Processing Agreements (DPA)
- Data residency options
- Custom retention policies
- SSO and SAML integration
Incident Response
What happens if something goes wrong
Our Commitment
24/7 monitoring, automated alerts for anomalies
Critical incidents triaged within 15 minutes
Affected users notified within 72 hours (or sooner if legally required). Transparent incident reports published.
Immediate containment, root cause analysis, preventive measures implemented
Report a security issue: Email security@feedb.co for our responsible disclosure process. We offer bug bounties for valid reports.
Transparency & Trust
Stay informed about our security posture