Privacy Policy

This Privacy Policy explains how Wafeed (“we”, “our”, or “us”) collects, uses, and protects information when you use our customer feedback platform.

We aim to handle personal data responsibly and to support reasonable data access or deletion requests. This policy covers two groups: (a) registered business users who use the Wafeed dashboard, and (b) customers who submit feedback through a business's feedback link.

Wafeed is an independent SaaS platform. For questions about this policy or your data, please contact us via the contact page.

When a customer submits feedback through a feedback link, we collect:

• Star rating (1–5).
• Selected reason tags (optional).
• Free-text comment (optional).
• Source type (e.g. WhatsApp link, QR code) — as configured by the business.
• A hashed IP address for spam detection — the raw IP is not stored in readable form.
• Browser user-agent string, used for basic spam detection.
• Whether the customer clicked the Google review link (recorded as a boolean flag).

Customers are not required to provide their name or contact information. The form does not ask for personally identifiable contact details unless a future release adds such an optional field.

Feedback submissions are displayed in the relevant business's dashboard and are not shared with other businesses.

• To provide and operate the Wafeed service.
• To display feedback submissions in your business dashboard.
• To send low-rating alert emails per your notification configuration.
• To prevent spam and abuse through IP hashing and honeypot detection.
• To improve the product and diagnose technical issues.
• To perform support and admin operations when required.

We do not use your data for advertising or sell it to third parties.

We process business account data on the basis of contractual necessity — to provide the Service you have signed up for. Customer feedback submissions are processed on behalf of the business that configured the feedback link.

Businesses using Wafeed are responsible for ensuring they have an appropriate basis to collect feedback from their customers under the laws applicable to them.

We do not sell personal data. We may share data with:

If a customer chooses to click the Google review link after submitting feedback, they leave Wafeed Feedback and are directed to an external Google URL. From that point, Google's own privacy policy and terms of service apply. We do not control or have access to data submitted on third-party review platforms.

We retain account data for as long as your account is active. Feedback submissions are retained to provide historical reporting in your dashboard. If you request account deletion, we will aim to remove your account and associated data, subject to any legal or technical constraints.

We implement reasonable technical and organisational measures to protect your data, including HTTPS encryption in transit, authentication and role-based access controls, server-side secret handling, and database-level Row Level Security (RLS). See our Security page for more details.

No system is 100% secure. In the event of a significant data breach affecting your account, we will notify affected users as required.

Our infrastructure providers (Supabase, Vercel) may process data in data centres located in various countries. By using Wafeed, you acknowledge that your data may be transferred to and processed in countries other than your own. We select providers that maintain appropriate security standards.

We aim to support reasonable requests to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your account and associated data.
• Raise a concern about how your data is handled.

Please contact us via the contact page. Specific rights may vary depending on the laws applicable in your jurisdiction.

Businesses that use Wafeed to collect customer feedback are responsible for:

• Ensuring they have a lawful basis to collect feedback from their customers.
• Not collecting sensitive personal data through feedback forms unnecessarily.
• Informing customers, where required by law, that their feedback is being collected.
• Responding to any data requests from customers relating to feedback they have submitted.

Wafeed is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child in error, please contact us so we can take appropriate action.

Wafeed uses essential cookies for authentication and session management. These are necessary for the Service to function and cannot be disabled without affecting your ability to log in.

We do not use non-essential analytics or tracking cookies in the current version of the Service. If analytics tools are added in the future, this policy will be updated and appropriate notice provided. See our Cookie Policy for more detail.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Where changes are material, we will aim to notify registered users. Continued use of the Service after changes are posted indicates your acceptance of the updated policy.

For privacy-related questions or requests, please contact us via the contact page.