FeedbackMonitor

Privacy Policy

Last Updated: 5 December 2025

This Privacy Policy explains how Shah Corporation Limited ("Company", "we", "us", "our") collects, uses, and protects information through FeedbackMonitor ("Service").

Company Details:

  • Company No. 08117456 (England and Wales)
  • VAT No. GB 136 8216 11
  • Registered Office: Irish Square, Upper Denbigh Road, St Asaph, Denbighshire, LL17 0RN
  • Contact: [email protected]

1. Roles and Responsibilities

When we are the Data Controller: We are the data controller for personal data of our registered users (account holders) and website visitors.

When we are the Data Processor: When you use FeedbackMonitor to collect feedback from your recipients, you are the data controller for that feedback data, and we act as your data processor. You are responsible for ensuring you have a lawful basis to collect feedback and have provided appropriate privacy notices to your recipients.

2. Information We Collect

2.1 Account Information

  • Name and email address
  • Password (encrypted)
  • Two-factor authentication settings
  • Theme and display preferences
  • Consent records (timestamps and IP address when you agreed to terms)

2.2 Feedback Loop Data

  • Feedback loop configurations (questions, schedules, settings)
  • Recipient email addresses and optional profile information (name, job title)
  • Feedback responses (text, voice recordings, and images)
  • AI-generated analyses and summaries

2.3 Automatically Collected Information

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and features used
  • Referring website
  • Date and time of access

2.4 Cookies and Tracking Technologies

We use:

  • Essential cookies for authentication and security
  • Analytics cookies to understand Service usage
  • Marketing pixels (where applicable) for advertising measurement

See Section 8 for cookie management options.

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process and deliver feedback requests and responses
  • Generate AI-powered analyses and summaries
  • Send transactional emails (confirmations, notifications)
  • Respond to support requests
  • Analyse usage patterns and improve user experience
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Send marketing communications (with consent)

4. Legal Basis for Processing (UK GDPR)

We process personal data under the following legal bases:

  • Contract: To provide the Service you have requested
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: To comply with applicable laws

5. Information Sharing

We share information with:

5.1 Service Providers

We use third-party service providers for:

  • Artificial intelligence and machine learning services (for analysis and summaries)
  • Email delivery and communication services
  • File storage and content delivery (for uploaded images and voice recordings)
  • Analytics and performance monitoring
  • Cloud infrastructure and hosting

We may change, add, or remove service providers at any time.

5.2 Other Parties

We may share information:

  • With your consent
  • To comply with legal obligations or valid legal process
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets
  • With other users you have shared loops with (according to your sharing settings)

5.3 International Transfers

Your data may be transferred to and processed in countries outside the UK, including the United States. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

6. Data Retention

We retain data as follows:

  • Account data: Until you delete your account; we may retain data for up to 30 days after deletion for backup purposes, or longer if required by law
  • Feedback data: As configured in your loop settings, or until you delete it
  • Voice recordings: Stored until you delete the associated feedback response
  • Analytics data: Aggregated data retained indefinitely; identifiable data retained per our analytics provider policies
  • Logs and security data: Up to 12 months

After account deletion, we may retain certain data as required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal exceptions)
  • Restriction: Request we limit processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within one month, or up to three months for complex requests (we will inform you if an extension is needed).

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Tracking

Essential Cookies

Required for the Service to function. Cannot be disabled.

Analytics Cookies

We use analytics services to understand how visitors use the Service. You can opt out by:

  • Using browser settings to block cookies
  • Using our cookie consent controls (where displayed)

Marketing and Advertising

We may use tracking pixels from advertising platforms to measure campaign effectiveness. These are only activated with your consent.

9. Security

We implement reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of passwords at rest
  • Access controls and authentication requirements
  • Regular security assessments

However, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

10. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If we learn we have collected data from a child, we will delete it promptly.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

12. Feedback Recipients

If you receive a feedback request through FeedbackMonitor:

  • The feedback request is sent on behalf of the organisation or individual who created the feedback loop
  • That organisation is the data controller for your response
  • Contact them directly with questions about how they handle your data
  • You can opt out of future requests using the unsubscribe link in emails
  • Your response may be processed by AI to generate analyses and summaries

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on the Service
  • Sending an email to registered users
  • Displaying a prominent notice on the Service

Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or to exercise your rights:

Shah Corporation Limited Irish Square, Upper Denbigh Road St Asaph, Denbighshire, LL17 0RN United Kingdom

Email: [email protected]

For complaints, you may also contact the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113