Data Processing Agreement | FeedSense

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between FeedSense ("Processor" or "we") and the customer ("Controller" or "you") and governs the processing of personal data in connection with FeedSense's services.

This DPA is effective as of the date you accept our Terms of Service and will remain in effect until the termination of your FeedSense account or as otherwise terminated in accordance with its terms.

2. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.

"Controller" means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of Personal Data.

"Processor" means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

"Sub-processor" means any third party engaged by the Processor to process Personal Data on behalf of the Controller.

3. Data Processing Details

3.1 Categories of Data Subjects

The Personal Data processed may concern the following categories of data subjects:

Your customers and users who submit feedback through your FeedSense widget
Your employees or team members who access the FeedSense platform
Visitors to your website who interact with the feedback widget

3.2 Categories of Personal Data

The Personal Data processed may include:

Contact Information: Names, email addresses, IP addresses
Feedback Data: User feedback, comments, ratings, and associated metadata
Usage Data: Browser information, device information, usage patterns
Account Data: Account information for your team members

3.3 Purpose of Processing

Personal Data is processed solely for the purpose of providing the FeedSense feedback management service, including:

Collecting and analyzing customer feedback
Generating insights and analytics reports
Providing customer support and account management
Ensuring platform security and preventing abuse

4. Controller Responsibilities

You agree to:

Ensure you have lawful basis for transferring Personal Data to us
Provide accurate and complete information about data processing activities
Obtain all necessary consents and provide privacy notices to data subjects
Comply with all applicable data protection laws
Respond to data subject requests for access, rectification, or deletion

5. Sub-Processors

FeedSense engages the following sub-processors to assist in providing the Services:

📋 Sub-Processor List

We maintain an up-to-date list of sub-processors on this page. Last updated: February 13, 2026

Sub-Processor	Service	Location	Purpose
Railway	Cloud Hosting	United States	Infrastructure and data storage
Paddle.com	Payment Processing	Ireland (EU)	Billing and payment processing
Resend	Email Service	European Union	Transactional emails
OpenRouter	AI Processing	United States	Feedback sentiment analysis (required for service)
Mixpanel	Analytics	United States	Product analytics (optional, requires consent)
Grafana	Monitoring	United States	Application monitoring (optional, requires consent)

Data Transfer Safeguards: For sub-processors located outside the European Economic Area (EEA), we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

Note: We may update this list as we add or remove sub-processors. Check this page regularly for updates. If you have questions about our sub-processors, contact us at info@feedsense.co.

6. Security Measures

We implement and maintain appropriate technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

Encryption of data in transit and at rest
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Employee training on data protection
Incident response procedures
Regular backups and disaster recovery procedures

7. Data Subject Rights

We assist you in fulfilling your obligations to respond to data subject requests for exercising their rights under applicable data protection laws. This includes:

Right to access their personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to restrict processing

You may use the data export and deletion features in your FeedSense account to assist with these requests.

8. Data Breach Notification

In the event of a personal data breach, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Our notification will include:

The nature of the personal data breach
The categories and approximate number of data subjects concerned
The likely consequences of the breach
Measures taken or proposed to address the breach

We will also assist you in complying with your notification obligations to supervisory authorities and data subjects.

9. Data Protection Impact Assessment

If our processing activities are likely to result in a high risk to the rights and freedoms of data subjects, we will assist you in conducting data protection impact assessments and consulting with supervisory authorities as required by applicable law.

10. Audit Rights

Upon your written request and subject to reasonable advance notice, we will make available to you information necessary to demonstrate our compliance with this DPA. This may include:

Access to our policies and procedures
Results of independent audits or certifications
Security documentation and assessments

11. Return or Deletion of Data

Upon termination of your FeedSense account, we will delete or return all Personal Data processed on your behalf, unless retention is required by applicable law. You may request data export before termination using the data export feature in your account.

12. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the Republic of Turkey, without regard to its conflict of law provisions.

13. Contact Information

For questions about this DPA or data processing activities:

Data Controller: Mahir Can Yüksel
Email: info@feedsense.co
Location: Turkey

14. Amendments

We may update this DPA from time to time to reflect changes in our services or applicable law. We will provide reasonable notice of material changes. Continued use of our services after such changes constitutes acceptance of the updated DPA.