← Back to Home

Privacy Policy

Last updated: January 3, 2026

Introduction

Your privacy is important to us. It is Gift of Feedback LLC's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://www.giftoffeedback.com, and other sites we own and operate.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Device Data

When you visit our website or interact with our services, we may automatically collect data about your device, such as:

  • Device Type
  • Operating System
  • Unique device identifiers
  • Geo-location data

Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal Information

We may ask for personal information — for example, when you subscribe to our newsletter, create an account, or when you contact us — which may include one or more of the following:

  • Name
  • Email
  • Phone/mobile number
  • Business name and industry
  • Home/mailing address
  • Billing information (processed securely by Stripe)

User-Generated Content

We consider "user-generated content" to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication, processing, or usage on our platform. All user-generated content is associated with the account or email address used to submit the materials.

Please be aware that any content you submit for the purpose of publication will be public after posting (and subsequent review or vetting process). Once published, it may be accessible to third parties not covered under this privacy policy.

Feedback Data

We collect feedback submitted by your customers through our platform, which may include:

  • Ratings and sentiment responses (emoji, star ratings)
  • Text feedback and comments
  • NPS scores (where applicable)
  • Optional contact information provided by respondents
  • Device and browser information
  • Timestamp and response source (QR, link, kiosk)

SMS Communication Data

If you use our SMS campaign features, we collect and process:

  • Phone numbers of recipients you provide
  • Message content and delivery status
  • Opt-out requests and preferences
  • SMS engagement metrics

AI-Processed Data

If you use our AI Response Coach feature, we process the following data through third-party AI services:

  • Customer feedback text and ratings
  • Customer names (if provided)
  • Your business name
  • Selected response tone preferences

This data is sent to Anthropic (Claude AI) or OpenAI to generate response suggestions. AI providers process this data according to their privacy policies and do not use your data to train their models. We log AI usage for analytics but do not store the generated responses.

Team Member Data

If you use our team collaboration features, we collect information about team members you invite:

  • Team member names and email addresses
  • Role assignments and permissions
  • Invitation status and acceptance timestamps
  • Activity logs related to team actions

A2P Business Verification Data

To enable SMS messaging features, US carriers require business verification (A2P 10DLC registration). If you use SMS features, we collect and submit to Twilio Trust Hub:

  • Legal business name and EIN (Employer Identification Number)
  • Business type and industry
  • Business address
  • Website URL
  • Authorized representative name, email, phone, and job title

This information is required for carrier compliance and is processed by Twilio according to their privacy practices.

Referral Program Data

If you participate in our referral program, we collect:

  • Referral codes and tracking links
  • Referred user information (linked to your account)
  • Commission calculations and payment history
  • Stripe Connect account information (for payouts)

Testimonial Data

If a customer provides consent to share their feedback publicly, we collect:

  • Customer consent status and timestamp
  • Display name preference (full name, initials, or anonymous)
  • Feedback content approved for public display
  • Associated rating and location information

Testimonials are only displayed publicly with explicit customer consent. Customers may withdraw consent at any time by contacting the business or Gift of Feedback.

Transaction Data

Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

  • Register for an account
  • Purchase a subscription
  • Sign up to receive updates from us via email or social media channels
  • Use a mobile device or web browser to access our content
  • Contact us via email, social media, or on any similar technologies
  • When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes:

  • To provide you with our platform's core features and services
  • To process feedback and generate analytics
  • To send SMS messages on your behalf (with proper consent)
  • To contact and communicate with you
  • For analytics, market research, and business development
  • For advertising and marketing, including promotional information
  • To enable you to access and use our website and associated applications
  • Process payments and manage subscriptions
  • Comply with legal obligations

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources.

SMS/Text Message Policy

Gift of Feedback enables you to send SMS messages to your customers. By using our SMS features:

  • Your Responsibility: You are responsible for obtaining proper consent before sending SMS messages
  • TCPA Compliance: All messages include opt-out instructions ("Reply STOP to opt-out")
  • Opt-Out Handling: Recipients can opt out at any time by replying STOP
  • Message Content: You must not send spam, fraudulent, or illegal content
  • Phone Number Validation: We validate phone numbers before sending

We use Twilio as our SMS provider. Phone numbers and message data are processed in accordance with Twilio's privacy practices.

Mobile Phone Number Protection: We do not sell, rent, or share your mobile phone number or your customers' mobile phone numbers with third parties for marketing or promotional purposes. Phone numbers are used solely for the purpose of sending feedback requests and transactional messages that you initiate through our platform.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication with Firebase Auth
  • Role-based access controls
  • Regular security audits
  • PCI-compliant payment processing via Stripe

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy.

  • Account Data: Retained while your account is active
  • Feedback Data: Retained according to your plan's data retention policy
  • SMS Logs: Retained for 6 years as required by TCPA regulations for consent verification
  • Billing Records: Retained as required by law (typically 7 years)

If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Children's Privacy

Gift of Feedback is a business-to-business (B2B) service intended for use by adults aged 18 and older. We do not aim any of our products or services at children under the age of 18, and we do not knowingly collect personal information about children under 18. If you believe we have collected information from someone under 18, please contact us immediately and we will take steps to delete such information.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • A parent, subsidiary, or affiliate of our company
  • Third-party service providers for the purpose of enabling them to provide their services
  • Our employees, contractors, and/or related entities
  • Our existing or potential agents or business partners
  • Credit reporting agencies, courts, tribunals, and regulatory authorities
  • Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law
  • Third parties, including agents or sub-contractors, who assist us in providing services
  • An entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:

  • Firebase/Google Cloud: Authentication, database, and hosting
  • Google Analytics: Website analytics
  • Microsoft Clarity: Session recordings, heatmaps, and user behavior analytics
  • Sentry: Error monitoring and performance tracking
  • Stripe: Payment processing and subscription management
  • SendGrid: Transactional and marketing email delivery
  • Twilio: SMS messaging services
  • Square: POS integration (optional)
  • Clover: POS integration (optional)
  • Anthropic: AI-powered response suggestions (Claude AI)
  • OpenAI: AI-powered response suggestions (fallback)
  • Meta Platforms, Inc: Advertising

International Transfers of Personal Information

The personal information we collect is stored and/or processed in United States, or where we or our partners, affiliates, and third-party providers maintain facilities.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us or opt-out using the opt-out facilities provided in the communication.

Use of Cookies and Tracking Technologies

We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.

Session Recording and Analytics

We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay. This helps us improve our website and user experience. Website usage data is captured using first-party cookies and other tracking technologies.

What Clarity collects:

  • Mouse movements, clicks, and scrolling behavior
  • Pages visited and navigation patterns
  • Form interactions (text entered in forms is masked by default)
  • Device type, browser, and screen resolution
  • Session duration and engagement metrics

What Clarity does NOT collect:

  • Passwords or payment card information
  • Sensitive form fields (automatically masked)
  • Personal data in compliance with GDPR, CCPA, and other privacy regulations

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Error Monitoring

We use Sentry to monitor errors, track performance, and improve the reliability of our service. When errors occur, Sentry collects technical information to help us diagnose and fix issues.

What Sentry collects:

  • Error messages, stack traces, and technical diagnostic data
  • Browser type, operating system, and device information
  • URL and page where the error occurred
  • User ID and email (for logged-in users) to assist with support
  • Session replay recordings when errors occur (to understand what led to the error)

What Sentry does NOT collect:

  • Passwords or payment information
  • Sensitive form field contents (automatically filtered)

For more information about how Sentry collects and uses data, visit the Sentry Privacy Policy.

Managing Cookies

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser's capabilities.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Additional Disclosures for Australian Privacy Act Compliance (AU)

International Transfers of Personal Information

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of other organizations (known as "data processors"). We, Gift of Feedback LLC, located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to us.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian's consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them:

Consent From You: Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place.

Performance of a Contract or Transaction: Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you.

Our Legitimate Interests: Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.

Compliance with Law: In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations.

International Transfers Outside of the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Your Rights and Controlling Your Personal Information

Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.

Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.

Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once.

Additional Disclosures for California Compliance (US)

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.

To make such a request, please contact us using the details provided in this privacy policy with "Request for California privacy information" in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.

Do Not Sell or Share My Personal Information

Gift of Feedback does not sell your personal information. We do not exchange your personal information for monetary or other valuable consideration. We also do not "share" your personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

While we work with third-party service providers who may receive personal information to help us operate our business, these disclosures are made for business purposes and are governed by contracts that prohibit the providers from using your information for their own purposes.

Do Not Track

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals.

CCPA-Permitted Financial Incentives

In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.

Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:

  • Identifiers, such as name, email address, phone number, account name, IP address, and an ID or number assigned to your account.
  • Customer records, such as billing and shipping address, and credit or debit card data.
  • Commercial information, such as products or services history and purchases.
  • Geolocation data.

We collect and use these categories of personal information for the business purposes described in the "Collection and Use of Information" section, including to provide and manage our Service.

Right to Know and Delete

If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Shine the Light

If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California's "Shine the Light" with third parties and affiliates for their own direct marketing purposes.

To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include "California Privacy Rights Request" in the first line of the description and include your name, street address, city, state, and ZIP code.

Additional Disclosures for Other U.S. State Privacy Laws

In addition to California, several other states have enacted comprehensive privacy laws. If you are a resident of Virginia, Colorado, Connecticut, or Utah, you may have the following rights:

Your Privacy Rights

Depending on your state of residence, you may have the right to:

  • Access: Confirm whether we are processing your personal data and access such data
  • Correction: Correct inaccuracies in your personal data
  • Deletion: Delete your personal data
  • Data Portability: Obtain a copy of your personal data in a portable format
  • Opt-Out: Opt out of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law (typically 45 days, with possible extensions as permitted by law).

Appeals

If we decline to take action on your request, you may appeal our decision by contacting us. If you are not satisfied with our response to your appeal, you may have the right to lodge a complaint with your state's attorney general or relevant regulatory authority.

Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

Gift of Feedback LLC

Attn: Legal Department

1 E Erie St

Suite 525-2812

Chicago, IL 60611

Email: privacy@giftoffeedback.com