Feedvance Feedvance

Feedvance Privacy Policy, v1.0

Last updated: 15 February 2026

This Privacy Policy explains how Feedvance (“we”) processes personal data when we act as a data controller (e.g., website analytics, account administration, marketing, security). For personal data processed inside the product on behalf of a Customer (feedback invitations and responses), please see Section 9 (“Product Data & Controller/Processor Roles”) and our Data Processing Addendum (DPA).

1. Who We Are (Controller)

Controller: RaBu Media Integration, Horsensgade 18, Denmark, CVR/VAT: DK29473099
Contact: privacy@feedvance.com

2. What Personal Data We Collect (Controller Context)

A) Website and cookie/analytics data
- IP address (may be truncated/processed), device/browser info, pages viewed, approximate location, referral source, and similar usage data.
Purpose: operate and improve our website and understand performance.
Tooling: Google Analytics (GA4), subject to your cookie consent settings.

B) Account and admin data
- Name, email, hashed password, authentication logs, workspace settings, support tickets.
Purpose: provide the Service, secure accounts, communicate with you.

C) Billing and payments
- If Paddle is Merchant of Record, Paddle processes payment and billing data and acts as a separate controller for those payment operations. We receive limited data needed for account provisioning, reconciliation, fraud prevention, and support (e.g., customer email, country, subscription status, transaction identifiers).
Purpose: provision subscription, accounting, fraud prevention, customer support.

D) Marketing
- Newsletter signup data (email, name, preferences, engagement metrics).
Provider: MailerLite.
Purpose: send newsletters and product updates (where you consent or where permitted by law).

E) Security and fraud prevention logs
- IP addresses, request metadata, WAF/security event logs.
Provider: Cloudflare.
Purpose: protect the Service, prevent abuse, investigate incidents.

3. Product Data (Invitation & Feedback Data)

Inside the Service, we process (typically as processor on behalf of the Customer):
- Invitee data: name, email, role, optional message
- Respondent submissions: 1–5 ratings, collaboration boolean, free-text feedback (strengths/growth/opinion), optional comment
- Feedback Subject details (if provided by Customer): name, email, role
This data is primarily controlled by the Customer who created the feedback request.

4. Legal Bases (GDPR)

We rely on the following bases (as controller):
- Contract: to provide the Service, manage accounts, deliver transactional communications.
- Legitimate interests: security, fraud prevention, service improvement, and some B2B communications.
- Consent: analytics cookies (where required) and marketing emails (where required).
- Legal obligation: bookkeeping/accounting, compliance requests, and similar.

5. Who We Share Personal Data With (Recipients)

We use trusted third parties:
- Hosting & database: DigitalOcean (App Platform + Managed MySQL)
- DNS / security / WAF: Cloudflare
- Transactional email sending: Mailgun (Sinch)
- Marketing emails: MailerLite
- Analytics: Google Analytics (Google)
- Payments/billing: Paddle (Merchant of Record)

We share only what is necessary for the relevant purpose.

6. International Transfers

Some providers may process data outside the EEA. Where this occurs, transfers are protected by appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs), and/or other recognized mechanisms, as described in the relevant provider agreements.

7. Retention

Controller-context data:
- Account/admin data: for the duration of the account and then for 3 months as needed for support, disputes, and legal obligations.
- Website analytics: 2 months.
- Marketing data: until you unsubscribe, then suppressed (kept only as needed to respect opt-out).
Product data (processor-context): retained according to the Customer’s instructions and our DPA; default: 90 days after account termination unless deleted earlier.

8. Your Rights

Depending on your jurisdiction, you may have rights such as access, rectification, deletion, restriction, objection, portability, and withdrawal of consent (for consent-based processing).
To exercise rights, contact: privacy@feedvance.com.
If you are a Respondent, in most cases you should contact the Customer (the controller) first; we will assist as required under our DPA.

9. Product Data & Controller/Processor Roles (Important)

A) When we act as Processor
For most invitation/feedback content, the Customer determines the purposes and means of processing. In that context:
- Customer = Controller
- Feedvance = Processor
We process Product Data only on Customer’s documented instructions (as set out in the DPA and the Service functionality).

B) When we act as Controller
We act as controller for:
- our website analytics and cookies;
- our account administration and security logs;
- our marketing list and communications;
- business operations (billing reconciliation, fraud prevention).

C) Paddle as Merchant of Record
When Paddle processes payment and billing information as Merchant of Record, Paddle acts as a separate controller for those payment operations.

10. Cookies

We use cookies and similar technologies. You can manage preferences in our cookie banner and/or cookie settings link within the website/app.
Cookie categories: Necessary, Analytics.
For information, see ourCookie Policy

11. Security

We use appropriate technical and organizational measures to protect data, including encryption in transit (TLS), access controls, and logging/monitoring. No method of transmission or storage is 100% secure.

12. Contact and Complaints

Contact: privacy@feedvance.com
If you are in the EEA/Denmark, you can also complain to your local supervisory authority (in Denmark: Datatilsynet).