1. Data we collect
- Federated identity. When your users interact with the widget, we receive the identity your backend puts in the signed JWT — a stable user id (
sub), a display name, and optionally an email. We never create accounts for your end users and never ask them for credentials. - Review & reaction content. The text of reviews and replies and the reactions your users submit, scoped to the page they were written on.
- Workspace & account data. The email and profile of the operator who signs in to the dashboard, and the products, keys, and settings they create.
- Usage & billing metadata. Aggregate counts (reviews per month, API calls) for enforcement, and billing state managed through Stripe. We do not store full card numbers — Stripe handles payment details.
2. How we use it
We use the data we collect only to:
- operate the service — persist, render, and moderate reviews;
- authenticate requests and enforce workspace isolation and plan limits;
- bill paid workspaces and surface usage on the billing page;
- maintain security, prevent abuse, and debug operational issues;
- send transactional email — invites and account notices.
3. What we don't do
- No advertising trackers, pixels, or third-party ad networks.
- No selling, renting, or trading of personal data — ever.
- No behavioral profiling of your end users; the only identity we see is the id your JWT carries.
- No email marketing to your end users — we never contact them.
4. Sub-processors
We use a small set of infrastructure providers to run the service. Each processes data only as needed to provide its function:
| Provider | Purpose |
|---|---|
| Amazon Web Services | Application hosting, database, and storage. |
| Cloudflare | Widget CDN, edge caching, and DNS. |
| Stripe | Payment processing and billing. |
| Resend | Transactional email delivery. |
5. Data ownership, export & deletion
You own your review data. Every thread and review is readable through the REST API with your own signed tokens, so a full export is a script, not a support ticket. Delete a product and its keys and data are retired with it. To delete a whole workspace or request removal of specific records, email us and we will action it within a reasonable period.
6. Cookies
The marketing site and dashboard store a single preference — your light/dark theme choice — in the browser's local storage. There are no advertising or cross-site tracking cookies. Authenticated dashboard sessions use the cookies strictly necessary to keep you signed in.
7. Contact
Questions about this policy, or a data request? Email [email protected].