Skip to main content

Overview

When you use SeggWat to collect feedback from your users, you’re collecting personal data. This guide explains your responsibilities under privacy regulations like GDPR and CCPA, and how SeggWat helps you stay compliant.
Legal Disclaimer: This guide provides general information about privacy compliance. It is not legal advice. Consult with a qualified attorney for guidance specific to your situation.

Your Role as Data Controller

When your users submit feedback through SeggWat widgets on your website:
  • You are the Data Controller — You decide what data to collect and how to use it
  • SeggWat is the Data Processor — We process the data on your behalf according to your instructions
This means you are responsible for:
  • Having a lawful basis to collect feedback (e.g., legitimate interest, consent)
  • Informing users about data collection in your privacy policy
  • Responding to user rights requests (access, deletion, correction)
  • Ensuring compliance with applicable privacy laws

Data SeggWat Collects

When someone submits feedback through your SeggWat widget, we collect:

Automatically Collected

  • Page URL — Where the feedback was submitted
  • Timestamp — When the feedback was submitted
  • IP Address — For approximate geolocation (country/region) and security
  • Browser & Device Info — User agent, screen resolution, operating system
  • Version — Application version (if you configure it)

User-Provided

  • Feedback Text — The message they type
  • Rating Value — Thumbs up/down or star rating
  • User ID — If you use setUser() to identify logged-in users

Optional

  • Email or Name — Only if you customize the widget to collect this
Minimize data collection. Only collect what you need. Avoid collecting sensitive personal information (race, religion, health data) through feedback widgets.

Update Your Privacy Policy

You must inform your users that you use SeggWat to collect feedback. Here’s what to include in your privacy policy:

Recommended Text

## Feedback Collection

We use SeggWat, a third-party service, to collect and manage user feedback
on our website. When you submit feedback:

**Data Collected:**
- Your feedback message
- Page URL where you submitted feedback
- IP address (for approximate location)
- Browser and device information
- Timestamp

**Legal Basis:**
We collect this data based on our legitimate interest in improving our
products and services (GDPR Article 6(1)(f)).

**Data Processor:**
SeggWat processes this data on our behalf. For details on how SeggWat
handles your data, see [SeggWat's End User Privacy Notice](https://seggwat.com/legal/end-user-privacy).

**Data Retention:**
Feedback is retained for [specify your retention period, e.g., "2 years"]
or until you request deletion.

**Your Rights:**
You can request access to, correction of, or deletion of your feedback by
contacting us at [[email protected]].
Include a link to SeggWat’s privacy notice for end users in your privacy policy:

SeggWat End User Privacy Notice

Link to this page from your privacy policy so users understand how SeggWat processes their data.

Handling User Rights Requests

Under GDPR (and similar laws like CCPA), users have rights to access, correct, or delete their data.

Access Requests

When a user requests their feedback data:
1

Identify the User

Ask for identifying information (email, user ID, approximate submission date).
2

Search Your Dashboard

Use filters in the SeggWat dashboard to find their feedback:
  • Filter by user ID (if you used setUser())
  • Search by email (if collected)
  • Filter by date range and page URL
3

Export or Share

Copy the feedback content and share it with the user in a readable format (PDF, email).

Deletion Requests

When a user requests deletion of their feedback:
1

Find the Feedback

Search your dashboard using the methods above.
2

Delete the Feedback

Click the feedback item and select Delete or Archive.
3

Confirm Deletion

The feedback is immediately removed from our production systems and deleted from backups within 30 days.
4

Notify the User

Confirm to the user that their data has been deleted.
Bulk deletion: If you need to delete all feedback from a specific user, contact SeggWat support at [email protected] with the user ID for assistance.

Correction Requests

Users can request correction of inaccurate feedback:
  1. Find the feedback item in your dashboard
  2. Click Edit to update the feedback text
  3. Save changes and notify the user

Data Processing Agreement (DPA)

Do I Need a DPA?

Under GDPR Article 28, data controllers must have a written contract with data processors. SeggWat provides a Data Processing Agreement (DPA) to all customers.

Free & Starter Plans

Standard DPA included in our Terms of Service. Covers all GDPR requirements for most businesses.

Enterprise Plans

Custom DPA available. Contact us for tailored agreements, BAAs (HIPAA), or specific compliance requirements.

Requesting a DPA

1

Review Our Standard DPA

Our standard Data Processing Agreement is included in our Terms of Service.
2

Need a Custom Agreement?

If you need a signed, custom DPA or specific amendments:
3

Receive Signed DPA

We’ll send you a signed DPA within 5 business days (Enterprise customers: 48 hours).

Data Security & Location

Where is Data Stored?

All end-user feedback data is stored in the European Union (Germany):
  • Primary hosting: Hetzner Online GmbH (Germany)
  • Database: MongoDB Atlas (EU region)
  • Backup hosting: Contabo GmbH (Germany)
No data transfers outside the EU. Your users’ feedback data never leaves the European Union, ensuring GDPR compliance without requiring Standard Contractual Clauses (SCCs).

How is Data Secured?

SeggWat implements industry-standard security measures:
  • Encryption in transit: TLS 1.2+ for all data transmissions
  • Encryption at rest: AES-256 encryption for database storage
  • Access controls: Role-based access, minimum privilege principles
  • Regular audits: Security reviews and penetration testing

CCPA Compliance (California)

If you have users in California, you must comply with the California Consumer Privacy Act (CCPA):

CCPA Rights

California users have the right to:
  • Know what personal information you collect
  • Request deletion of their information
  • Opt-out of “sales” (SeggWat does not sell data)

How SeggWat Helps

  • Service Provider Status: SeggWat acts as a “service provider” under CCPA, processing data only on your behalf
  • No Data Sales: We never sell user data to third parties
  • Deletion Support: Use the dashboard to fulfill deletion requests

Update Your Privacy Policy

Add a “California Privacy Rights” section to your privacy policy: 
## California Privacy Rights

If you are a California resident, you have the right to:
- Request disclosure of personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of your information (we do not sell data)

To exercise these rights, contact us at [[email protected]].

Other Privacy Laws

UK GDPR

The UK GDPR is nearly identical to EU GDPR. SeggWat’s EU data hosting ensures compliance for UK customers.

Swiss Data Protection Act (FADP)

SeggWat’s EU hosting and GDPR compliance measures satisfy Swiss data protection requirements.

Brazil LGPD

SeggWat supports LGPD compliance. Data is processed in the EU with adequate safeguards.

Best Practices

Follow these best practices to stay compliant:
Clearly explain in your privacy policy that you collect feedback and use SeggWat as a processor. Link to SeggWat’s End User Privacy Notice.
Only collect necessary data. Don’t customize the widget to collect unnecessary personal information like phone numbers or addresses.
Decide how long you’ll keep feedback (e.g., 2 years) and document it in your privacy policy. Delete old feedback regularly.
Ensure team members understand privacy obligations and know how to handle data access, correction, and deletion requests.
GDPR requires responding to user requests within 30 days. Set up a process to handle requests promptly.
Keep records of:
  • User rights requests and responses
  • Data retention and deletion activities
  • Privacy policy updates
If you use setUser() to link feedback to user accounts:
  • Use pseudonymous IDs, not email addresses
  • Have a mapping table to identify users for data requests
  • Delete this mapping when users delete their accounts
If you integrate SeggWat with other tools (webhooks, Zapier, etc.), ensure those tools are also GDPR-compliant.

Do SeggWat Widgets Use Cookies?

No. SeggWat widgets do not use cookies or local storage for tracking purposes. They only use session storage for:
  • Remembering the modal state (open/closed) during a single page session
  • Preventing duplicate submissions
If SeggWat is your only tracking tool, you typically do not need a cookie consent banner for the widget. However:
  • If you use other tools (Google Analytics, Facebook Pixel, etc.), you may need a banner for those
  • Some jurisdictions interpret “local storage” as requiring consent
  • Consult your legal advisor for guidance

Best Practice

Include a brief mention in your privacy policy: 
Our feedback widget uses session storage (cleared when you close your browser)
to prevent duplicate submissions. No persistent tracking cookies are used.

Common Questions

Yes. If you don’t use setUser() or collect email addresses, feedback is effectively anonymous. However, we still collect IP addresses for security, which is considered personal data under GDPR. Anonymize IP addresses if needed.
GDPR applies if you have any users in the EU, regardless of where your business is located. If you have global users, compliance with GDPR generally satisfies most other privacy laws.
Yes. Sharing feedback with your team members (via SeggWat roles) is permitted under your legitimate interest to improve your product. Ensure team members understand confidentiality obligations.
SeggWat is not designed for children under 16. If you operate a website for children:
  • Block feedback widgets on pages intended for children
  • Obtain parental consent before collecting feedback
  • Consult legal counsel for COPPA (USA) and GDPR compliance
Yes. You can export feedback via:
  • CSV export from the dashboard (coming soon)
  • API to download all feedback programmatically Contact support for bulk export assistance.

Resources

End User Privacy Notice

SeggWat’s privacy notice for your end users who submit feedback.

Terms of Service

Includes our standard Data Processing Agreement (DPA).

Customer Privacy Policy

SeggWat’s privacy policy for account holders (you).

EU GDPR Portal

Official GDPR information and guidance.

Need Help?

If you have questions about privacy compliance or need assistance:
  • Email: [email protected]
  • Custom DPA requests: Include “DPA Request” in the subject line
  • Legal inquiries: We’ll respond within 2 business days
Enterprise Support: Enterprise customers receive priority support for compliance questions and custom agreements.