Privacy Policy
Effective Date: [Insert launch date]
Last updated: This policy may be updated from time to time.
1. Introduction
This Privacy Policy explains how Wafeed (“we”, “our”, or “us”) collects, uses, and protects information when you use our customer feedback platform.
We aim to handle personal data responsibly and to support reasonable data access or deletion requests. This policy covers two groups: (a) registered business users who use the Wafeed dashboard, and (b) customers who submit feedback through a business's feedback link.
2. Who We Are
Wafeed is an independent SaaS platform. For questions about this policy or your data, please contact us via the contact page.
3. Information We Collect
Account information
When you register, we collect your name, email address, and password (stored as a secure hash). We do not store plaintext passwords.
Business profile information
Information you provide when setting up your business profile: business name, logo, brand colours, Google review URL, and other settings you configure.
Feedback submissions
Data submitted by your customers through feedback links, including star rating, selected reasons, and optional text comments. See Section 4 for more detail.
Notification settings
Email addresses you add for receiving low-rating notifications. These are used solely for sending alerts per your configuration.
Usage and technical data
Standard server-side metadata such as request timestamps and error logs, used for security, debugging, and performance monitoring.
Email delivery data
When we send notification emails, we may log delivery status (sent, failed) for audit and troubleshooting purposes.
4. Customer Feedback Submissions
When a customer submits feedback through a feedback link, we collect:
- Star rating (1–5).
- Selected reason tags (optional).
- Free-text comment (optional).
- Source type (e.g. WhatsApp link, QR code) — as configured by the business.
- A hashed IP address for spam detection — the raw IP is not stored in readable form.
- Browser user-agent string, used for basic spam detection.
- Whether the customer clicked the Google review link (recorded as a boolean flag).
Customers are not required to provide their name or contact information. The form does not ask for personally identifiable contact details unless a future release adds such an optional field.
Feedback submissions are displayed in the relevant business's dashboard and are not shared with other businesses.
5. How We Use Information
- To provide and operate the Wafeed service.
- To display feedback submissions in your business dashboard.
- To send low-rating alert emails per your notification configuration.
- To prevent spam and abuse through IP hashing and honeypot detection.
- To improve the product and diagnose technical issues.
- To perform support and admin operations when required.
We do not use your data for advertising or sell it to third parties.
6. Basis for Processing
We process business account data on the basis of contractual necessity — to provide the Service you have signed up for. Customer feedback submissions are processed on behalf of the business that configured the feedback link.
Businesses using Wafeed are responsible for ensuring they have an appropriate basis to collect feedback from their customers under the laws applicable to them.
8. Third-Party Review Platforms
If a customer chooses to click the Google review link after submitting feedback, they leave Wafeed Feedback and are directed to an external Google URL. From that point, Google's own privacy policy and terms of service apply. We do not control or have access to data submitted on third-party review platforms.
9. Data Retention
We retain account data for as long as your account is active. Feedback submissions are retained to provide historical reporting in your dashboard. If you request account deletion, we will aim to remove your account and associated data, subject to any legal or technical constraints.
10. Data Security
We implement reasonable technical and organisational measures to protect your data, including HTTPS encryption in transit, authentication and role-based access controls, server-side secret handling, and database-level Row Level Security (RLS). See our Security page for more details.
No system is 100% secure. In the event of a significant data breach affecting your account, we will notify affected users as required.
11. International Processing
Our infrastructure providers (Supabase, Vercel) may process data in data centres located in various countries. By using Wafeed, you acknowledge that your data may be transferred to and processed in countries other than your own. We select providers that maintain appropriate security standards.
12. Your Rights
We aim to support reasonable requests to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your account and associated data.
- Raise a concern about how your data is handled.
Please contact us via the contact page. Specific rights may vary depending on the laws applicable in your jurisdiction.
13. Business Customer Responsibilities
Businesses that use Wafeed to collect customer feedback are responsible for:
- Ensuring they have a lawful basis to collect feedback from their customers.
- Not collecting sensitive personal data through feedback forms unnecessarily.
- Informing customers, where required by law, that their feedback is being collected.
- Responding to any data requests from customers relating to feedback they have submitted.
14. Children's Privacy
Wafeed is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child in error, please contact us so we can take appropriate action.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Where changes are material, we will aim to notify registered users. Continued use of the Service after changes are posted indicates your acceptance of the updated policy.
17. Contact
For privacy-related questions or requests, please contact us via the contact page.
These pages are starter templates intended for informational purposes. They should be reviewed by a qualified legal professional before large-scale commercial launch.
View all legal pages →