Privacy & GDPR Compliance
Understand your responsibilities and how SeggWat helps you comply with GDPR, CCPA, and other privacy regulations.
Overview
When you use SeggWat to collect feedback from your users, you're collecting personal data. This guide explains your responsibilities under privacy regulations like GDPR and CCPA, and how SeggWat helps you stay compliant.
Legal Disclaimer: This guide provides general information about privacy compliance. It is not legal advice. Consult with a qualified attorney for guidance specific to your situation.
Your Role as Data Controller
When your users submit feedback through SeggWat widgets on your website:
- You are the Data Controller — You decide what data to collect and how to use it
- SeggWat is the Data Processor — We process the data on your behalf according to your instructions
This means you are responsible for:
- Having a lawful basis to collect feedback (e.g., legitimate interest, consent)
- Informing users about data collection in your privacy policy
- Responding to user rights requests (access, deletion, correction)
- Ensuring compliance with applicable privacy laws
Data SeggWat Collects
When someone submits feedback through your SeggWat widget, we collect:
Automatically Collected
- Page URL — Where the feedback was submitted
- Timestamp — When the feedback was submitted
- IP Address — For approximate geolocation (country/region) and security
- Browser & Device Info — User agent, screen resolution, operating system
- Version — Application version (if you configure it)
User-Provided
- Feedback Text — The message they type
- Rating Value — Thumbs up/down or star rating
- User ID — If you use
setUser()to identify logged-in users
Optional
- Email or Name — Only if you customize the widget to collect this
Minimize data collection. Only collect what you need. Avoid collecting sensitive personal information (race, religion, health data) through feedback widgets.
Update Your Privacy Policy
You must inform your users that you use SeggWat to collect feedback. Here's what to include in your privacy policy:
Recommended Text
## Feedback Collection
We use SeggWat, a third-party service, to collect and manage user feedback
on our website. When you submit feedback:
**Data Collected:**
- Your feedback message
- Page URL where you submitted feedback
- IP address (for approximate location)
- Browser and device information
- Timestamp
**Legal Basis:**
We collect this data based on our legitimate interest in improving our
products and services (GDPR Article 6(1)(f)).
**Data Processor:**
SeggWat processes this data on our behalf. For details on how SeggWat
handles your data, see [SeggWat's End User Privacy Notice](https://seggwat.com/legal/end-user-privacy).
**Data Retention:**
Feedback is retained for [specify your retention period, e.g., "2 years"]
or until you request deletion.
**Your Rights:**
You can request access to, correction of, or deletion of your feedback by
contacting us at [your-email@example.com].Link to SeggWat's End User Privacy Notice
Include a link to SeggWat's privacy notice for end users in your privacy policy:
Handling User Rights Requests
Under GDPR (and similar laws like CCPA), users have rights to access, correct, or delete their data.
Access Requests
When a user requests their feedback data:
Identify the User
Ask for identifying information (email, user ID, approximate submission date).
Search Your Dashboard
Use filters in the SeggWat dashboard to find their feedback:
- Filter by user ID (if you used setUser())
- Search by email (if collected)
- Filter by date range and page URL
Export or Share
Copy the feedback content and share it with the user in a readable format (PDF, email).
Deletion Requests
When a user requests deletion of their feedback:
Find the Feedback
Search your dashboard using the methods above.
Delete the Feedback
Click the feedback item and select Delete or Archive.
Confirm Deletion
The feedback is immediately removed from our production systems and deleted from backups within 30 days.
Notify the User
Confirm to the user that their data has been deleted.
Bulk deletion: If you need to delete all feedback from a specific user, contact SeggWat support at info@seggwat.com with the user ID for assistance.
Correction Requests
Users can request correction of inaccurate feedback:
- Find the feedback item in your dashboard
- Click Edit to update the feedback text
- Save changes and notify the user
Data Processing Agreement (DPA)
Do I Need a DPA?
Under GDPR Article 28, data controllers must have a written contract with data processors. SeggWat provides a Data Processing Agreement (DPA) to all customers.
Free & Starter Plans
Standard DPA included in our Terms of Service. Covers all GDPR requirements for most businesses.
Enterprise Plans
Custom DPA available. Contact us for tailored agreements, BAAs (HIPAA), or specific compliance requirements.
Requesting a DPA
Review Our Standard DPA
Our standard Data Processing Agreement is included in our Terms of Service.
Need a Custom Agreement?
If you need a signed, custom DPA or specific amendments: - Email info@seggwat.com - Include your organization name and compliance requirements
Receive Signed DPA
We'll send you a signed DPA within 5 business days (Enterprise customers: 48 hours).
Data Security & Location
Where is Data Stored?
All end-user feedback data is stored in the European Union (Germany):
- Primary hosting: Hetzner Online GmbH (Germany)
- Database: MongoDB Atlas (EU region)
- Backup hosting: Contabo GmbH (Germany)
No data transfers outside the EU. Your users' feedback data never leaves the European Union, ensuring GDPR compliance without requiring Standard Contractual Clauses (SCCs).
How is Data Secured?
SeggWat implements industry-standard security measures:
-
Encryption in transit: TLS 1.2+ for all data transmissions
-
Encryption at rest: AES-256 encryption for database storage
-
Access controls: Role-based access, minimum privilege principles
-
Regular audits: Security reviews and penetration testing
CCPA Compliance (California)
If you have users in California, you must comply with the California Consumer Privacy Act (CCPA):
CCPA Rights
California users have the right to:
- Know what personal information you collect
- Request deletion of their information
- Opt-out of "sales" (SeggWat does not sell data)
How SeggWat Helps
- Service Provider Status: SeggWat acts as a "service provider" under CCPA, processing data only on your behalf
- No Data Sales: We never sell user data to third parties
- Deletion Support: Use the dashboard to fulfill deletion requests
Update Your Privacy Policy
Add a "California Privacy Rights" section to your privacy policy:
## California Privacy Rights
If you are a California resident, you have the right to:
- Request disclosure of personal information we collect
- Request deletion of your personal information
- Opt-out of the sale of your information (we do not sell data)
To exercise these rights, contact us at [your-email@example.com].Other Privacy Laws
UK GDPR
The UK GDPR is nearly identical to EU GDPR. SeggWat's EU data hosting ensures compliance for UK customers.
Swiss Data Protection Act (FADP)
SeggWat's EU hosting and GDPR compliance measures satisfy Swiss data protection requirements.
Brazil LGPD
SeggWat supports LGPD compliance. Data is processed in the EU with adequate safeguards.
Best Practices
Follow these best practices to stay compliant:
Cookie Consent & Widgets
Do SeggWat Widgets Use Cookies?
No. SeggWat widgets do not use cookies or local storage for tracking purposes. They only use session storage for:
- Remembering the modal state (open/closed) during a single page session
- Preventing duplicate submissions
Do I Need a Cookie Banner?
If SeggWat is your only tracking tool, you typically do not need a cookie consent banner for the widget. However:
- If you use other tools (Google Analytics, Facebook Pixel, etc.), you may need a banner for those
- Some jurisdictions interpret "local storage" as requiring consent
- Consult your legal advisor for guidance
Best Practice
Include a brief mention in your privacy policy:
Our feedback widget uses session storage (cleared when you close your browser)
to prevent duplicate submissions. No persistent tracking cookies are used.Common Questions
Resources
End User Privacy Notice
SeggWat's privacy notice for your end users who submit feedback.
Terms of Service
Includes our standard Data Processing Agreement (DPA).
Customer Privacy Policy
SeggWat's privacy policy for account holders (you).
EU GDPR Portal
Official GDPR information and guidance.
Need Help?
If you have questions about privacy compliance or need assistance:
- Email: info@seggwat.com
- Custom DPA requests: Include "DPA Request" in the subject line
- Legal inquiries: We'll respond within 2 business days
Enterprise Support: Enterprise customers receive priority support for compliance questions and custom agreements.