← Back to FeedbackBar

Privacy Policy

Effective date: June 1, 2026  ·  Atlas Consulting LLC

1. Who We Are

Atlas Consulting LLC, operating as FeedbackBar ("we", "us", "our"), provides an embeddable feedback widget and analytics dashboard. This policy explains how we handle personal data for two groups:

  • Customers — businesses and developers who create a FeedbackBar account.
  • End Users — visitors to Customer websites who interact with the widget.

Questions? Contact us at privacy@feedbackbar.io.

2. Data We Collect

From Customers (account holders)

  • Name and email address (account registration)
  • Payment information — processed directly by Stripe; we receive only a payment token and last-4 card digits, never full card numbers
  • Server-side usage logs — API request counts, error rates, and feature usage recorded in our own infrastructure. We do not use any third-party product analytics or behavioural tracking tools (no Mixpanel, Amplitude, Segment, or similar).
  • Communications — support emails and in-app messages you send to us

From End Users (via the widget)

  • Feedback sentiment (positive/negative) and optional comment text
  • Page URL where feedback was submitted
  • Anonymous session ID (stored in sessionStorage, not a cookie, cleared on tab close)
  • Email address — only if the Customer has enabled the optional email collection field and the End User chooses to provide it
  • Star rating — only if the Customer has enabled the optional rating field

No tracking cookies. The widget does not set any cookies. It does not track users across sessions or across websites. It does not fingerprint devices.

3. How We Use Data

  • To provide, operate, and improve the Service
  • To process payments and manage subscriptions
  • To send transactional emails (account verification, billing receipts, password reset)
  • To send product update emails — you can unsubscribe at any time
  • To display feedback analytics to the Customer in their dashboard
  • To detect and prevent fraud and abuse

We do not sell personal data. We do not use End User feedback data for advertising.

4. Legal Basis for Processing (GDPR)

For Customers in the EEA/UK, our legal bases are:

  • Contract — processing necessary to provide the Service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, product improvement
  • Consent — marketing emails (you can withdraw consent at any time)
  • Legal obligation — where required by applicable law

5. Data Sharing

We share data only with:

  • AWS — cloud infrastructure (servers, database, email delivery)
  • Stripe — payment processing
  • Slack — only if you configure a Slack integration; we send only the feedback content you choose to forward

We do not share data with advertisers, data brokers, or analytics platforms. We may disclose data if required by law or to protect our legal rights.

6. Data Retention

  • Account data is retained while your account is active and for 30 days after deletion
  • Feedback responses are retained according to your plan's data retention setting (default: 12 months)
  • Payment records are retained for 7 years as required by financial regulations
  • End User session IDs are stored in sessionStorage and are cleared automatically when the browser tab is closed

7. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of your personal data (available via Settings → Data Export)
  • Rectification — correct inaccurate data (available via Settings → Profile)
  • Erasure — delete your account and associated data (available via Settings → Account → Delete Account)
  • Portability — export your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request that we limit processing of your data

To exercise any right not available in-app, email privacy@feedbackbar.io. We will respond within 30 days.

8. Security

We use industry-standard security measures including encryption at rest (AES-256 via AWS KMS), encryption in transit (TLS 1.2+), access controls, and regular security reviews. No method of transmission over the internet is 100% secure — we cannot guarantee absolute security.

In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

9. International Transfers

Our infrastructure is hosted on AWS in the United States. If you are located in the EEA or UK, your personal data is transferred to the US. We address this through the following mechanisms:

  • AWS: We have accepted AWS's Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Stripe: Stripe's services are covered by their own SCCs and Privacy Shield successor frameworks.

Enterprise customers who require a signed Data Processing Agreement (DPA) with Atlas Consulting LLCdirectly may request one at privacy@feedbackbar.io.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or dashboard notice at least 14 days before they take effect. The effective date at the top of this page reflects the most recent update.

12. Contact and Complaints

For privacy questions or to exercise your rights, contact us at privacy@feedbackbar.io.

If you are in the EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority.