Privacy Policy

Welcome to Feedra ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and services.

Data Controller: Feedra
Contact Email: privacy@feedrahq.com

When you join our waitlist or use our services, we collect the following information:

• Email Address: Provided voluntarily when you sign up for early access
• Timestamp: Date and time of your subscription
• IP Address: Used solely for rate limiting and spam prevention (not stored permanently)
• Source Page: The page from which you submitted your email

We do not collect any additional personal information without your explicit consent.

We use your information for the following purposes:

• Waitlist Notifications: To notify you when Feedra launches or becomes available for early access
• Product Updates: To send you important updates about Feedra features, changes, and improvements
• Rate Limiting: To prevent spam and abuse of our services
• Analytics: To understand how our website is used (via privacy-focused Umami analytics with no personal data tracking)

We will never sell, rent, or share your email address with third parties for marketing purposes.

Under the General Data Protection Regulation (GDPR), our legal basis for processing your personal data is:

• Consent (Article 6(1)(a)): By submitting your email address, you explicitly consent to us processing your data for waitlist notifications and product updates
• Legitimate Interest (Article 6(1)(f)): For rate limiting and spam prevention, we have a legitimate interest in protecting our services from abuse

You have the right to withdraw your consent at any time by unsubscribing or contacting us.

We retain your personal data as follows:

• Email Addresses: Stored until you request deletion or unsubscribe from our waitlist
• IP Addresses: Used temporarily for rate limiting (not permanently stored beyond rate limit window of 1 hour)
• Inactive Accounts: If you do not engage with our communications for 2 years after launch, we may delete your data

You can request immediate deletion of your data at any time by contacting us.

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Restrict Processing: Request limitation of how we process your data

To exercise any of these rights, please contact us at privacy@feedrahq.com. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of your personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information

To exercise these rights, contact us at privacy@feedrahq.com.

Feedra uses minimal, privacy-focused tracking to understand how our website is used:

• Umami Analytics: We use Umami, a privacy-focused, GDPR-compliant analytics tool that does not use cookies or collect personal data
• No Third-Party Cookies: We do not use Google Analytics, Facebook Pixel, or any other third-party tracking tools
• No Advertising Cookies: We do not serve ads or use advertising networks

Umami collects only anonymous, aggregated data (page views, referrer sources, device type) without tracking individual users or storing IP addresses.

We use the following third-party services to provide our platform:

• Database Hosting: PostgreSQL database hosted on secure, GDPR-compliant infrastructure
• Email Service (Future): When email notifications are implemented, we will use a GDPR-compliant email service provider

All third-party services are carefully vetted to ensure compliance with GDPR, CCPA, and industry security standards.

Your data is stored and processed in secure data centers. If we transfer data outside the European Economic Area (EEA) or United Kingdom, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the EU
• Adequate data protection certifications
• GDPR-compliant data processing agreements

We prioritize data residency within the EEA/UK where possible.

We implement industry-standard security measures to protect your personal data:

• Encryption in Transit: All data transmitted over HTTPS with TLS 1.3
• Encryption at Rest: Data encryption for sensitive data
• Access Controls: Strict access controls limiting who can view or modify data
• Rate Limiting: Protection against brute-force attacks and spam
• Regular Security Audits: Periodic reviews of our security practices

Despite these measures, no system is 100% secure. We will notify you promptly in the event of a data breach.

Feedra is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@feedrahq.com. We will delete such information promptly.

In compliance with the Children's Online Privacy Protection Act (COPPA), we require parental consent before collecting data from children under 13.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes:

• We will update the "Last Updated" date at the top of this page
• We will notify you via email (if you're on our waitlist)
• We will prominently display a notice on our website for 30 days

Your continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

If you believe we have not handled your personal data in accordance with GDPR or other applicable laws, you have the right to lodge a complaint with a supervisory authority:

• EU/EEA Residents: Contact your national Data Protection Authority (Find your DPA)
• UK Residents: Information Commissioner's Office (ico.org.uk)
• California Residents: California Attorney General's Office (oag.ca.gov/privacy)

However, we encourage you to contact us first so we can address your concerns directly.

In the unlikely event of a data breach that affects your personal information:

• Notification Timeline: We will notify affected users within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
• Notification Method: Via email to the address you provided
• Information Provided: Nature of the breach, likely consequences, measures taken, and steps you should take
• Regulatory Reporting: We will report the breach to relevant authorities as required by law

We maintain incident response procedures to minimize impact and prevent future breaches.

Feedra does not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Any decisions regarding your data (e.g., waitlist approval) are made by humans, not automated systems. If this changes in the future, we will:

• Update this Privacy Policy
• Notify you explicitly
• Provide you with the right to contest automated decisions and request human review

You have the right to withdraw your consent for us to process your personal data at any time. To unsubscribe or withdraw consent:

Note: Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.