Privacy Policy
Effective Date: June 16, 2026
Owned and Operated By: MaxIT LLC
1. Introduction
QuickFeedback.ai ("we," "our," "us") is a feedback platform developed by MaxIT LLC, a U.S.-based company. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website or services, including compliance with U.S. (including CCPA) and EU (including GDPR) data privacy laws.
By using QuickFeedback.ai, you agree to the practices outlined here.
2. Who This Applies To
This policy applies to:
- Business owners who create accounts on QuickFeedback.ai
- Visitors who use our feedback forms via QR codes
- Anyone interacting with our website, platform, or communications
Note: Our services are intended for users 18 years or older. If you are under 18, please do not use our services.
3. What We Collect
From Business Owners:
- Name, email, business name, and location
- Login credentials
- Billing and subscription information
- Communication preferences
From Feedback Respondents:
- Rating or response (e.g. 1-5, Yes/No, free text)
- Optional comments (may be anonymous or include contact info if shared voluntarily)
- Time, date, device/browser type
- Location (approximate IP-based, if enabled)
From All Visitors:
- Device info, browser type, cookies, usage patterns
- Referral URLs, page views, click behavior
From AI-Assisted Review Writing:
- When a customer uses the Write with AI feature, the keywords or short phrases they enter are processed temporarily to generate a review draft. This input is not stored after the session ends and is not linked to any personally identifiable information unless the customer voluntarily provides it.
From Connected Scheduling Tools (Automated Feedback):
When a business owner connects a scheduling tool such as Calendly, we receive the appointment information needed to send post-appointment feedback requests on the business's behalf. This includes the customer's name, email address, appointment date and time, and the type of appointment or event. We also store the secure authorization (OAuth) tokens that allow us to connect to the scheduling tool. We request only the data needed to operate the Automated Feedback feature.
Calendly is the first supported scheduling tool. Additional tools such as Acuity and Fresha may be supported in the future under these same terms.
Each business is responsible for ensuring it has the right to contact the customers whose details it brings into QuickFeedback through a connected scheduling tool, including any consent required by law. We act as a service provider and process that data only to provide the Automated Feedback feature.
4. How We Use This Data
We use collected data to:
- Operate and improve our services
- Detect sentiment and trigger AI-powered follow-ups
- Notify businesses of critical feedback
- Monitor platform usage and prevent abuse
- Send periodic updates (opt-in only)
We do not sell or rent your data.
AI Training: We do not use your feedback data, customer responses, or AI-assisted review writing inputs to train external AI models or share this data with third-party AI providers for training purposes. AI processing is performed solely to deliver the features described in this policy and our Terms of Service.
Send Automated Feedback emails to a business's customers after an appointment, using a connected scheduling tool such as Calendly. The business owner controls whether the feature is enabled and the content of the message.
5. Legal Basis for Processing (for EU users)
We process your data based on:
- Contractual necessity (e.g. account creation)
- Legitimate interests (platform improvement, fraud prevention)
- Consent (for marketing or optional disclosures)
- Legal obligation (when required by law)
6. Cookies, Analytics & Tracking
We use cookies and similar technologies to improve user experience, monitor site performance, and understand how visitors interact with our website and services.
Types of Cookies We Use:
- Essential Cookies: Needed to operate the site (e.g. session/login).
- Performance & Analytics Cookies: Help us understand how users interact with our platform.
- Functional Cookies: Remember user preferences.
- Marketing Cookies: Track user behavior for retargeting or ad performance. You may opt out of marketing cookies at any time by using our cookie preference settings, or by visiting optout.aboutads.info or youradchoices.com.
You can also manage or disable cookies through your browser settings. Disabling certain cookies may impact site functionality.
Google Analytics & Similar Tools
We use Google Analytics to collect anonymized or pseudonymized information about how users interact with our website. This includes pages visited and time spent, referring websites, browser type, device type and OS, general location (city/country) based on IP, and events such as clicks, scrolls, and conversions. Google may store this data on servers in the United States. To learn more, see Google's Privacy Policy. If you prefer not to be tracked by Google Analytics, you may install the Google Analytics Opt-Out Browser Add-On.
We also use Hotjar to record anonymized session behavior (such as mouse movements, clicks, and scrolling patterns) to help us improve usability. Hotjar does not capture personally identifiable information. To opt out of Hotjar tracking, visit hotjar.com/opt-out.
AI & Data Usage
Our AI models analyze user feedback (e.g., tone, sentiment) to deliver automated responses or generate insight reports for business users. This processing is fully automated, and no personally identifiable feedback is shared unless the customer explicitly provides it.
Do Not Track (DNT) & Global Privacy Control (GPC)
We respect Do Not Track signals and will honor them where feasible. Our systems also support Global Privacy Control (GPC) signals where applicable.
7. Third-Party Tools We Use
We may share limited data with:
- Hosting providers (e.g. Vercel, AWS)
- Analytics (e.g. Google Analytics, Hotjar)
- Email services (e.g. MailerLite for marketing email, Resend for transactional email and delivery suppression)
- Payment processors (e.g. Stripe)
-Scheduling integrations (e.g. Calendly), connected by the business owner, which provide the appointment data used to send Automated Feedback emails.
All third parties are contractually required to comply with data protection regulations.
Authorized Sales Partners: MaxIT LLC works with authorized sales partners (individuals or businesses) who promote and sell QuickFeedback subscriptions. These partners may receive limited account-level data solely for the purpose of referral tracking and commission attribution (e.g., whether a subscription was completed through their referral). Partners do not have access to feedback data, customer responses, or any personally identifiable information collected through your QuickFeedback account. Partner data handling is governed by a separate Partner Agreement.
8. Data Retention
Feedback and user data are retained for as long as your account is active or as needed for legitimate business purposes.
Following account cancellation or deletion, your data will be retained for 90 days to allow for account recovery or dispute resolution. After this 90-day period, all personal data associated with your account will be permanently and irreversibly deleted from our systems.
Aggregated and anonymized data (which cannot identify you individually) may be retained indefinitely for analytics and product improvement purposes.
You may request early deletion of your data at any time by contacting us at [email protected]. We will process deletion requests within 30 days in accordance with applicable privacy laws.
Appointment data from connected scheduling tools: Appointment information received through a connected scheduling tool such as Calendly is deleted automatically on a schedule the business chooses, either immediately after the feedback email is sent, after 15 days, or after 30 days. Feedback a customer submits, and the record of which appointment it relates to, is retained under the general retention terms above even after the underlying appointment data is deleted. Authorization (OAuth) tokens are deleted when the business disconnects the scheduling tool.
If a recipient unsubscribes or a feedback email cannot be delivered, we keep that email address on a suppression list so we do not contact it again. The suppression list stores the email address only and does not include any appointment details.
9. Your Rights
For EU Residents (GDPR):
You may request to:
- Access, update, correct, or delete your data
- Object to or restrict processing
- Port your data elsewhere in a commonly used, machine-readable format
- Withdraw consent (where applicable)
For California Residents (CCPA):
You have the right to:
- Know what personal data we collect and why
- Request access or deletion of your data
- Opt out of any "sale" of your data (we do not sell data)
To exercise your rights, email us at [email protected].
10. International Data Transfers
Your data may be stored or processed in the U.S. We take appropriate safeguards (e.g. standard contractual clauses) to protect personal data transferred from the EU or other regions with differing laws.
11. Security Measures
We use encryption, access control, and regular audits to protect your data. No method is 100% secure, but we take all reasonable measures.
Authorization (OAuth) tokens for connected scheduling tools are encrypted at rest.
12. Data Breach Notification
In the event of a data breach that affects your personal information, MaxIT LLC will notify affected users and relevant authorities as required by applicable law. For EU residents, we will notify the appropriate supervisory authority within 72 hours of becoming aware of a qualifying breach, where feasible. Affected users will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
Breach notifications will be sent to the email address associated with your account and will include the nature of the breach, the data affected, likely consequences, and steps we are taking to address it.
13. Children's Privacy
We do not knowingly collect information from anyone under 18. If you believe a minor has used our services, please contact us at [email protected].
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page and notify users via email or a notice on our website. We recommend checking this page periodically.
15. Contact Us
For any privacy-related questions, requests, or data subject inquiries, contact:
Email: [email protected]
16. Data Deletion Instructions
If you signed up for QuickFeedback using Facebook Login and would like your personal data deleted, please contact us at [email protected] and include the email address associated with your account. We will process data deletion requests within 30 days, in accordance with applicable privacy laws.
