SayFeedbackSAYFEEDBACK

Privacy Policy

Effective Date: October 16, 2025

Company: AI Assist Technologies S.L.

Address: Paseo Zona Franca 25, Barcelona, Spain

Contact: info@sayfeedback.com

  1. Overview

    This Privacy Policy explains how we process personal data via SayFeedback.com (the “Service”). We comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

  2. Roles: Controller vs. Processor

    Processor: For embedded forms and end-user submissions collected by our customers (“Form Owners”), we act as a Data Processor. The Form Owner is the Data Controller and must provide its own privacy policy and obtain valid consent from end users.

    Controller: For SayFeedback.com account holders and site visitors (our direct relationship), AI Assist Technologies acts as the Data Controller.

  3. Data We Collect

    We collect only what is necessary to operate and improve the Service, including: account details (name, email), login data via Google Identity, subscription/billing metadata (processed by Stripe), device and usage metadata (e.g., browser, device, IP hash), and submission content in the form of text transcriptions and AI summaries. We do not store original audio recordings.

  4. Purposes & Lawful Bases

    Purposes include providing and securing the Service, transcribing and analyzing submissions, account management, billing, support, and product improvement. Lawful bases under GDPR may include performance of a contract (Art. 6(1)(b)), legitimate interests (Art. 6(1)(f)), and consent where applicable (Art. 6(1)(a)).

  5. Data Retention

    We retain transcriptions and related metadata for as long as necessary for the stated purposes or until deleted by the Customer or the user, or required by law. Users can request deletion at any time via info@sayfeedback.com.

  6. Sharing with Service Providers

    We use providers solely to operate the Service: Cloudflare, Render, Vercel / Cloudflare Pages, Supabase, OpenAI, Google, GitHub, Stripe.

    Where required, we execute Data Processing Agreements (DPAs) and use appropriate safeguards.

  7. International Data Transfers

    When data is transferred outside the EEA/UK, we rely on valid transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs), or adequacy decisions.

  8. Your Rights (GDPR & CCPA)

    You may request access, correction, deletion, restriction, objection, or portability of your personal data, and withdraw consent at any time. Under CCPA, California residents may request to know, delete, and opt out of certain disclosures and shall not be discriminated against for exercising these rights.

    To exercise rights, contact info@sayfeedback.com. We may need to verify your identity before responding.

  9. Security

    We implement organizational and technical measures (encryption, access controls, secure hosting). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

  10. Children’s Privacy

    The Service is not intended for individuals under 18. We do not knowingly collect personal data from minors.

  11. Requests for End-User Data (Processor Context)

    Where we act as Processor, end users should direct privacy requests to the relevant Form Owner (Controller). We will support Controllers in fulfilling such requests as required by law and our DPA.

  12. Changes to This Policy

    We may update this Policy from time to time. The “Effective Date” above reflects the latest version.

  13. Contact

    Questions or requests: info@sayfeedback.com (AI Assist Technologies S.L., Paseo Zona Franca 25, Barcelona, Spain).