360 AI Feedback

Privacy Policy

Last updated: December 2024 | Version 1.0

1. Introduction

At 360 AI Feedback, LLC ("we," "our," or "us"), we are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered feedback platform at 360aifeedback.com (the "Service").

By using our Service, you consent to the data practices described in this policy. This policy applies to all users of our Service, including team leaders, team members, and administrators.

Quick Summary: We collect data necessary to provide our feedback platform, use AI to analyze feedback for insights, and protect your privacy through technical and administrative safeguards. You have control over your data and can request access, correction, or deletion at any time.

2. Company Information

Legal Entity: 360 AI Feedback, LLC

Business Registration: [Your State Registration Number]

Address: [Your Business Address]

Phone: [Your Business Phone]

Email: privacy@360aifeedback.com

DPO Contact: dpo@360aifeedback.com

3. Lawful Basis for Processing (GDPR)

We process your personal data based on the following lawful grounds under GDPR Article 6:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our Service and fulfill our contractual obligations
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security monitoring, and business operations
  • Consent (Art. 6(1)(a)): Marketing communications and optional features
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws and regulations

4. Information We Collect

4.1 Account Information

  • Email address and encrypted password
  • Full name and job title
  • Profile picture (optional)
  • Team and organization information
  • Authentication tokens and session data

4.2 Feedback and Survey Data

  • Feedback responses and comments
  • Survey responses and ratings (1-5 scale)
  • Anonymous feedback submissions with identity protection
  • AI-generated insights and analysis results
  • Feedback timing and completion status

4.3 Usage Information

  • Log data including IP addresses, browser type, and operating system
  • Device information and unique identifiers
  • Usage patterns and feature interactions
  • Session duration and frequency of use
  • Error logs and performance metrics

4.4 Payment Information

We use Stripe to process payments. We store only billing email, subscription status, and payment metadata. We do not store complete payment card information on our servers. Stripe's privacy policy governs the processing of your payment information.

4.5 Communications Data

  • Support ticket content and correspondence
  • Email communication preferences
  • Feedback and feature requests

5. How We Use Your Information

We use the information we collect for the following purposes:

Core Service Delivery:

  • Provide, maintain, and improve our Service
  • Process and analyze feedback using AI technology
  • Generate personalized insights and recommendations
  • Facilitate team collaboration and communication

Business Operations:

  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Send important service updates and notifications
  • Monitor usage and prevent fraud or abuse

Legal and Security:

  • Comply with legal obligations and enforce our Terms of Service
  • Protect against security threats and unauthorized access
  • Investigate and respond to violations of our policies

6. AI Processing and Analysis

6.1 Automated Analysis

We use artificial intelligence (including services from OpenAI and Anthropic) to analyze feedback responses and generate insights. This processing helps identify themes, sentiment patterns, and personalized recommendations to improve team dynamics and individual growth.

6.2 Data Used for AI Training

We may use aggregated, anonymized feedback data to improve our AI models. This includes:

  • Training data is fully anonymized before use
  • No personal identifiers are retained in training datasets
  • You can opt-out of having your data used for model improvements
  • Third-party AI providers process data under strict data processing agreements

6.3 AI Limitations

AI-generated insights are provided for informational purposes only. We do not guarantee accuracy, completeness, or suitability of AI analysis. Users should exercise professional judgment when acting on AI recommendations.

7. Information Sharing and Disclosure

7.1 Within Your Team

Feedback and insights are shared with designated team members based on your team's configuration and the feedback recipient's permissions. Anonymous feedback is processed to protect the giver's identity.

7.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service, including:

  • Supabase: Database and authentication services
  • Stripe: Payment processing
  • Resend: Email delivery services
  • OpenAI/Anthropic: AI analysis services
  • Vercel: Cloud hosting and infrastructure

All service providers are bound by data processing agreements and are required to maintain appropriate security measures.

7.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections and with prior notice to you.

8. Anonymous Feedback Protection

When users choose to provide anonymous feedback, we implement technical and administrative measures to protect their identity:

  • Anonymous feedback is flagged in our system and processed separately
  • Identifying information is not displayed to feedback recipients
  • Aggregate reporting prevents identification through small sample sizes
  • Access to anonymous feedback mapping is restricted to essential personnel
  • Database-level access controls prevent unauthorized identity correlation

Important: While we implement strong technical measures to protect anonymity, complete anonymity cannot be guaranteed in all circumstances, particularly in very small teams (2-3 people) where feedback patterns might be identifiable.

9. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

Technical Measures:

  • End-to-end encryption (TLS 1.3)
  • Database encryption at rest (AES-256)
  • Multi-factor authentication
  • Regular security scans and monitoring
  • Secure API endpoints with rate limiting

Administrative Measures:

  • Employee security training and background checks
  • Access controls and principle of least privilege
  • Incident response procedures
  • Regular security audits and assessments
  • Vendor security requirements

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

10. Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of becoming aware of the breach
  • Notification will include the nature of the breach, affected data types, and recommended actions
  • We will notify relevant supervisory authorities as required by law
  • We will take immediate steps to contain the breach and prevent further unauthorized access

11. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy:

  • Account information: Until account deletion or 3 years after last login
  • Feedback data: Until team deletion or as required for historical insights (max 7 years)
  • Usage logs: Up to 2 years for security and analytics purposes
  • Payment records: 7 years as required by tax and accounting regulations
  • Support communications: 3 years for quality assurance

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law. You can request immediate deletion by contacting privacy@360aifeedback.com.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. When transferring data internationally, we ensure compliance with applicable data protection laws through:

  • Adequacy decisions by competent authorities (where available)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules for intra-group transfers
  • Other appropriate safeguards as recognized by applicable law

13. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Access

Request a copy of your personal information

Rectification

Correct inaccurate or incomplete information

Deletion

Request deletion of your personal information

Portability

Receive your data in a structured format

Restriction

Limit how we process your information

Objection

Object to certain types of processing

Withdraw Consent

Withdraw consent where processing is based on consent

Opt-out

Opt-out of AI training data usage

To exercise these rights, please contact us at privacy@360aifeedback.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

14. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Essential Cookies: Maintain your login session and security
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Analyze Service usage and performance
  • Performance Cookies: Optimize loading times and user experience

You can control cookies through your browser settings. However, disabling essential cookies may affect your ability to use certain features of our Service. For detailed information, see our Cookie Policy.

15. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately at privacy@360aifeedback.com and we will take steps to remove such information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will:

  • Notify you by email of any material changes at least 30 days before they take effect
  • Post the updated policy on our website with a new "Last Updated" date
  • Maintain previous versions for reference
  • Obtain your consent for significant changes that affect your rights

Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

Email: privacy@360aifeedback.com

Phone: [Your Business Phone]

Response Time: Within 2 business days

Data Protection Officer

Email: dpo@360aifeedback.com

Postal Address: [Your Business Address]

Website: 360aifeedback.com