Privacy Policy

1. Overview

BetterFeedback is operated by Sacramento Labs LLC ("Sacramento Labs," "we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and your rights with respect to it.

BetterFeedback is a B2B product. Our direct customers are businesses ("customers") who use BetterFeedback to collect feedback from their own users and customers ("end users"). This policy covers both groups, and we'll be clear about which is which throughout.

2. Information We Collect

A. Information from Customers (Account Holders)

When you create a BetterFeedback account, we collect:

• Account information: Name, email address, and password
• Billing information: Billing email and payment details (processed by Stripe — we don't store card numbers)
• Account activity: Sign-in timestamps, sign-in IP addresses, and sign-in count
• Preferences and settings: Time zone, language, and notification preferences
• Security: If you enable two-factor authentication, we store the data needed to support it

B. Information from End Users (via the JavaScript Snippet)

When a customer installs the BetterFeedback snippet on their website or app, the snippet may collect the following from their visitors:

• BetterFeedback Identifier (bf_identifier): A randomly generated UUID stored in the visitor's browser using localStorage. This is not a cookie. It's used to recognize returning visitors within a given customer's account and to prevent the same survey from being shown repeatedly.
• Custom attributes: Information that the customer's website passes to the snippet, such as the visitor's name, email address, subscription plan, country, or other attributes the customer configures. We only receive what the customer explicitly sends us.
• Survey responses: Ratings (e.g., NPS scores, CSAT ratings), open-ended text responses, and answers to custom survey questions.
• Respondent email address: If provided, used to send survey follow-up emails.
• View and response timestamps: When a survey was shown and when a response was submitted.

We do not collect IP addresses, browser fingerprints, or User-Agent strings from end users and store them in respondent records. Standard HTTP request headers are received by our servers but are not stored in association with respondent profiles.

C. Information We Collect Automatically

When you use the BetterFeedback web application, we collect standard server logs and session data necessary to operate the service, including your IP address at sign-in time.

D. Analytics

We use Plausible Analytics on our marketing website (betterfeedback.io) to understand how visitors find and use our site. Plausible does not use cookies, does not collect personal information, and does not track visitors across websites. The data it provides is aggregate and anonymized.

3. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Send transactional emails, including survey invitations and NPS follow-ups, on behalf of our customers
• Generate AI-powered summaries and insights from feedback data (see Section 5)
• Send account-related communications, such as billing notifications and security alerts
• Respond to support requests
• Detect and prevent abuse, fraud, or unauthorized access
• Improve the reliability and performance of the Service
• Measure and improve our marketing website using anonymized, aggregate analytics

We do not use your data or your end users' data to train AI models. We do not use your data for advertising purposes. We do not sell your data to third parties.

4. How Information Is Stored and Organized

BetterFeedback is a multi-tenant application. Each customer account is isolated — one customer cannot see another customer's data. End user data is always scoped to the customer account that collected it.

End user identifiers (bf_identifiers) are unique per customer account. The same browser visiting two different customers' sites will have separate, unlinked identifiers.

Data is stored on servers hosted on Amazon Web Services (AWS) in the United States.

5. AI Features

BetterFeedback uses AI to generate summaries and insights from survey responses. This processing is performed using Amazon Bedrock, an AI service provided by Amazon Web Services.

When generating summaries, open-ended feedback text from survey responses may be sent to Amazon Bedrock. We send only the content needed to generate the summary — we do not send account credentials, billing information, or other account-level personal data as part of AI processing.

We store only the generated summary output — not the raw feedback as a result of AI processing. The original feedback responses remain stored in BetterFeedback as part of your normal account data.

Feedback text is sent to Bedrock as-is. If your end users include personal information in their free-text survey responses, that content may be included in AI processing. We recommend that customers avoid designing surveys in ways that solicit sensitive personal information in free-text fields.

We do not use your data or your end users' data to train AI models. Data sent to Amazon Bedrock is used solely to generate the requested output and is not retained by Amazon Bedrock for model training purposes, consistent with AWS's data handling commitments.

6. Third-Party Services

We share data with the following third-party services to operate BetterFeedback:

We do not share data with data brokers or marketing platforms beyond what is described above.

7. Cookies and Local Storage

The BetterFeedback application uses a session cookie to keep you logged in while you use the app. This is a standard, necessary cookie.

The BetterFeedback snippet does not use cookies. It uses browser localStorage to store:

• bf_identifier_<accountId> — A persistent identifier to recognize returning visitors
• bf_responded_<accountId>_<surveyId> — Prevents a survey from being shown again after a visitor has already responded
• bf_viewed_notification_<accountId>_<notificationId> — Prevents a notification from being shown again after a visitor has seen it

These localStorage entries are stored in the visitor's browser and are not shared with other websites.

Our marketing website (betterfeedback.io) may use cookies or pixels associated with Reddit Ads for advertising measurement purposes. These are limited to our marketing pages and do not apply to the BetterFeedback application or the snippet.

8. Email Communications

BetterFeedback may send emails to end users on behalf of our customers, including survey invitations and NPS follow-up messages. These emails are sent using AWS Simple Email Service (SES).

The "from" name and address on these emails is configured by the customer. If you receive an email sent through BetterFeedback and want to opt out, you can do so by using the unsubscribe link in the email or by contacting the business that sent it directly.

We send account-related emails to our customers (account holders), including billing notifications, security alerts, and service updates. You cannot opt out of these while your account is active.

9. Data Retention

We retain your data as long as your account is active.

If you delete your account, all associated data is permanently deleted, including surveys, responses, respondent identities, segments, notifications, and configurations. This deletion is irreversible.

We do not currently offer automated data retention schedules or periodic purges. If you need specific data deleted prior to account deletion, please contact us at hello@betterfeedback.io.

For end users of our customers: Your data is stored as part of the customer's account. If you want your data deleted and cannot reach the business that collected it, you can contact us at hello@betterfeedback.io and we'll do our best to assist.

10. Your Rights

Customers (Account Holders)

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information in your account
• Delete your account and associated data
• Export your data (contact us at hello@betterfeedback.io)

End Users

Because BetterFeedback is a B2B product, the businesses using BetterFeedback are primarily responsible for honoring the rights of their own end users. If you are an end user with questions about data collected about you, we recommend contacting the business directly.

If you cannot reach the business, or if you have concerns about how Sacramento Labs has handled your data, contact us at hello@betterfeedback.io and we will do our best to help.

GDPR and UK GDPR (European and UK Users)

If you are located in the European Union or United Kingdom, you have additional rights under the GDPR and UK GDPR, including:

• Right of access — You can request a copy of your personal data
• Right to rectification — You can request correction of inaccurate data
• Right to erasure — You can request deletion of your data in certain circumstances
• Right to restriction — You can ask us to limit how we process your data in certain circumstances
• Right to data portability — You can request your data in a structured, machine-readable format
• Right to object — You can object to certain types of processing

To exercise any of these rights, contact us at hello@betterfeedback.io. We will respond within 30 days.

Legal basis for processing: We process personal data of account holders on the basis of contract (to provide the Service you've signed up for) and legitimate interest (to operate and improve the Service). For end user data collected via the snippet, we process that data on behalf of our customers, who are the data controllers. Customers are responsible for establishing their own legal basis for collecting end user data.

Data transfers: Data is stored and processed in the United States. If you are in the EU or UK, your data will be transferred to the US. We rely on appropriate safeguards for such transfers. Customers requiring a Data Processing Agreement (DPA) may request one at hello@betterfeedback.io.

11. California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of your personal information.

We do not sell personal information.

To exercise your California privacy rights, contact us at hello@betterfeedback.io.

12. Security

We take reasonable technical and organizational measures to protect your data, including:

• Encrypted data transmission (TLS/SSL)
• Encrypted passwords (hashed and salted, never stored in plain text)
• Access controls limiting who within Sacramento Labs can access customer data
• Log filtering to exclude sensitive fields such as passwords, tokens, and email addresses

No system is completely secure. If you have reason to believe your account has been compromised, contact us immediately at hello@betterfeedback.io.

13. Children's Privacy

BetterFeedback is not intended for use by or directed at children under the age of 13. Our customers may not use BetterFeedback to collect data from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the effective date at the top of this page. For material changes, we'll notify account holders by email or through the application. We encourage you to review this policy periodically.

15. Contact Us

Sacramento Labs LLC
5960 S Land Park Dr #1045
Sacramento, CA 95822
United States
hello@betterfeedback.io

If you have questions about this policy or how we handle your data, please reach out. We're a small team and we take these things seriously.