Privacy Policy
Last updated: March 24, 2026
1. Who We Are
FeedBoards ("we", "us", "our") operates feedboards.com. We are the data controller for personal data collected through the Service.
Contact for privacy matters: hello@feedboards.com
2. What Data We Collect
2.1 Account Data
When you create an account via Google OAuth: your name, email address, and Google profile picture. We do not receive your Google password.
2.2 Payment Data
Billing information is processed directly by Stripe. We receive only: your plan type, subscription status, and a Stripe customer ID. We never see or store your card number.
2.3 User Data (Your Spreadsheets)
When you upload a CSV, Excel file, or connect a Google Sheet, we temporarily process and store that data to generate your dashboard. This data is stored in our database linked to your account. It may contain personal data about third parties if your spreadsheet includes such data — you are responsible for ensuring you have the right to upload and process this data.
2.4 Dashboard Data
Generated dashboards (chart configurations, titles, analysis) are stored on our servers as long as your account is active.
2.5 Usage Data
We collect: pages visited, features used, dashboard generation events, error logs, and browser/device type. This is used to improve the Service.
2.6 Communications
If you contact us by email, we store that correspondence.
2.7 Cookies
See our Cookie Policy for full details.
3. Why We Process Your Data (Legal Basis under GDPR)
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account data | Provide the Service, authentication | Contract performance |
| Payment data | Process subscriptions | Contract performance |
| User data (spreadsheets) | Generate dashboards | Contract performance |
| Usage analytics | Improve the Service | Legitimate interests |
| Marketing emails | Product updates (opt-out available) | Legitimate interests / Consent |
| Cookie data | Service functionality, analytics | Consent (non-essential) / Legitimate interests (essential) |
4. How We Share Your Data
We do not sell your personal data. We share data only with these service providers ("sub-processors") who process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU / USA |
| Anthropic | AI dashboard analysis | USA |
| Stripe | Payment processing | USA |
| OAuth authentication, Sheets API | USA | |
| Resend | Transactional email | USA |
We may also disclose data if required by law, court order, or to protect the rights and safety of FeedBoards or others.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion |
| Spreadsheet data | Until dashboard is deleted or account is closed |
| Dashboard configurations | Until dashboard is deleted or account is closed |
| Payment records | 7 years (legal requirement) |
| Usage logs | 12 months |
| Support correspondence | 3 years |
After account deletion, all personal data is permanently deleted within 30 days, except payment records which are retained as required by law.
6. Your Rights
Regardless of where you are located, you have these rights:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate data
- Erasure ("Right to be Forgotten"): Delete your account and all associated data
- Portability: Export your data in a machine-readable format
- Restriction: Request we limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for cookie-based analytics at any time
EU/EEA Users (GDPR): You have all rights listed above enforceable under GDPR. Response time: within 30 days.
California Users (CCPA/CPRA): You have the right to know, delete, correct, and opt out of sale of personal information. We do not sell personal information.
To exercise any right: Email hello@feedboards.com with subject line "Privacy Request — [Right Type]". We will verify your identity and respond within 30 days.
7. Data Security
We implement these technical and organizational measures:
- All data in transit encrypted via TLS 1.2+
- All data at rest encrypted via AES-256
- Access to production data restricted to authorized personnel only
- Regular security reviews
- Supabase Row Level Security (RLS) ensuring users can only access their own data
- Stripe handles all payment data — we never store card details
Despite these measures, no system is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR.
8. International Transfers
FeedBoards operates globally. Your data may be transferred to and processed in countries outside your own, including the United States. For EU users, transfers to the US are made under Standard Contractual Clauses (SCCs) as required by GDPR. You can request a copy of these safeguards by emailing hello@feedboards.com.
9. Cookie Policy
For full details on the cookies we use, please see our Cookie Policy page.
10. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us immediately.
11. Changes to This Policy
We will notify you by email of any material changes at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent version.
Contact
Email: hello@feedboards.com
Website: feedboards.com