Last updated: 2026-01-15
FeedbackHawk ("we", "us", "our service") is a cloud-based service that helps businesses collect Google reviews from their customers through automated email requests. We care about your privacy and are committed to protecting the personal data processed through our service.
This privacy policy explains what personal data we collect, how we use it, who we share it with, and what rights you have under the EU General Data Protection Regulation (GDPR).
FeedbackHawk is the data controller for the processing of your personal data when you use our service as an account holder. When you as a business owner use our service to send emails to your customers, FeedbackHawk acts as a data processor on your behalf.
Contact: support@feedbackhawk.io
3.1 Account Information: When you register an account, we collect your email address, business name, and optionally your contact person's name. This information is necessary to provide the service.
3.2 Customer Information You Add: You can add your customers' details to the service, such as name and email address, for the purpose of sending review requests. You are responsible for having the appropriate legal basis to process this data and informing your customers about the processing.
3.3 Usage Data: We automatically collect data about how the service is used: number of emails sent, open rates, click rates, login times, and technical information such as browser and IP address.
3.4 Payment Information: Payments are handled by our payment service provider Stripe. We do not store your card numbers or complete payment details. However, we can see the last four digits of your card and payment history for billing purposes.
We process personal data based on the following legal grounds under GDPR:
Contract (Art. 6.1b): Processing necessary to fulfill our contract with you, for example to provide the service and send emails on your behalf.
Legitimate Interest (Art. 6.1f): Processing to improve the service, analyze usage patterns, and protect against fraud.
Legal Obligation (Art. 6.1c): Processing required to comply with legal requirements, such as accounting laws.
We use collected personal data to: provide and administer the service, send review requests via email on your behalf, display statistics and reports on sent emails, handle payments and billing, communicate with you about the service, updates and support, improve and develop the service, and fulfill legal obligations.
We share personal data with the following categories of recipients:
Supabase: Database storage and authentication. Supabase acts as our data processor.
Resend: Email delivery. Resend handles the technical delivery of emails on our behalf.
Stripe: Payment processing. Stripe processes payment data in accordance with PCI DSS standards.
Google: We use the Google Places API to retrieve information about your business's Google review link.
We never sell personal data to third parties. All our subcontractors are bound by agreements ensuring they process personal data in accordance with GDPR.
Some of our subcontractors may be based outside the EU/EEA. In such cases, we ensure that the transfer is made with appropriate safeguards, such as EU Standard Contractual Clauses (SCC) or to countries with an adequate level of protection according to EU Commission decisions.
We take appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. This includes encrypted data transfer (HTTPS/TLS), secure authentication, regular backups, and restricted access to personal data.
Account Information: As long as you have an active account, plus up to 30 days after the account is terminated to allow reactivation.
Customer Information: Deleted when you remove the customer from the system or when your account is terminated.
Usage Data: Stored in anonymized form for statistical purposes.
Billing Information: Stored for 7 years according to accounting law.
You have the following rights regarding your personal data:
Right of Access: You can request a copy of the personal data we process about you.
Right to Rectification: You can request that incorrect data be corrected.
Right to Erasure: You can request that we delete your personal data. You can delete your account and all associated data directly in the service at any time.
Right to Data Portability: You can request to receive your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interest.
Right to Complain: You have the right to file a complaint with your local data protection authority if you believe we are processing your personal data incorrectly.
To exercise your rights, contact us at support@feedbackhawk.io.
We use necessary cookies for the service to function properly, for example to keep you logged in. We may also use analytical cookies to understand how the service is used and improve it. You can manage cookies through your browser settings.
We may update this privacy policy from time to time. For significant changes, we will notify you via email or through a notice in the service.
Do you have questions about this privacy policy or how we process your personal data? Contact us at support@feedbackhawk.io