Effective 11 July 2026
Privacy Notice
This notice explains what FeedbackPilot processes, why it is needed, who supports the service, and how privacy requests can be made.
Version 2026-07-11
Who this notice covers
This notice explains how FeedbackPilot handles information about account holders, workspace users, and visitors to its public pages. A business using FeedbackPilot is responsible for the customer information it adds to its workspace; FeedbackPilot processes that information to provide the service.
Information we process
We process account details, login and security records, workspace settings, subscription identifiers, support correspondence, customer contact details, job records, private feedback, public review records, testimonial permissions, improvement actions, and audit history. Public forms may also record limited technical information needed for abuse prevention.
Why information is used
Information is used to provide and secure the service, authenticate users, enforce workspace permissions, process billing, respond to support and privacy requests, prevent abuse, maintain reliable records, and comply with legal obligations. Customer data is not used to create advertising profiles.
Customer information
Businesses should collect only information they need and have a lawful reason to use. FeedbackPilot does not require sensitive personal information in free-text notes, and users should avoid adding it unless genuinely necessary and lawful.
Automated actions and public posting
FeedbackPilot does not automatically send review requests, post reviews, publish testimonials, or post public replies. Product rules organize records and highlight possible next steps, but a user remains responsible for reviewing and carrying out external actions.
Service providers
FeedbackPilot uses providers for application hosting, authentication and database services, payment processing, and transactional email. Current providers include Vercel, Supabase, Stripe, and Resend when email delivery is enabled. They process information under their own security and data-protection commitments.
International processing
Some service providers may process information outside the country where a user or customer is located. Where required, appropriate contractual or legal transfer safeguards are used by FeedbackPilot or its providers.
Retention
Workspace data is kept while an account is active and for a limited period after closure where needed for recovery, billing, security, dispute handling, or legal obligations. Permission and audit evidence may need to be retained longer than ordinary operational records. Backups expire on a separate controlled schedule.
Security
FeedbackPilot uses server-side authorization, tenant-scoped database policies, encrypted connections, hosted payment processing, restricted administrative access, and audit records for sensitive workflows. No online service is risk-free, so users should keep account credentials secure and avoid storing unnecessary personal information.
Your choices and rights
Depending on applicable law, individuals may request access, correction, deletion, restriction, objection, portability, or withdrawal of consent. Customer requests should usually be directed first to the business that collected the information. Account holders can contact FeedbackPilot for workspace exports, deletion, or account-related privacy requests.
Cookies
FeedbackPilot uses essential cookies for authentication, security, and interface preferences. It does not add advertising or behavioural-tracking cookies without updating this notice and obtaining any consent required by law.
Contact
Privacy questions, account data requests, and deletion requests can be sent to support@feedbackpilot.co.uk.