Legal

Privacy Policy

Last updated: March 25, 2026

The Feedback Machine is a Chrome extension that lets teams leave inline feedback on any webpage. This privacy policy explains what data we collect, how we use it, and how we protect it.

Data We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile photo via Google OAuth. This is used solely to identify you within your team and attribute feedback to the correct author.

Feedback Content

When you leave feedback, we store:

The text of your comment and any replies
The URL of the page you left feedback on
A CSS/XPath selector identifying the element you commented on
A screenshot of the selected element (stored as a base64 data URL)
Timestamps for creation and updates
Your user ID (linked to your Google account)

Page Metadata

We store the page URL and page title for each piece of feedback so your team can find and filter comments by page.

Organization and Project Data

If you create or join an organization, we store the organization name, project names, and team member list (email addresses and roles).

How We Store Data

Locally: Feedback and user data are cached in chrome.storage.local for fast access. This data stays on your device.
Cloud: Data is synced to Google Cloud Firestore for team collaboration. Firestore is hosted in Google Cloud and protected by Firebase Authentication and Firestore Security Rules.

How We Use Data

We use your data exclusively to:

Display your feedback on the correct webpage elements
Enable team collaboration (shared feedback, replies, notifications)
Send notifications when teammates reply to or resolve your feedback (via Chrome notifications, and optionally Slack or email if configured by your organization admin)

Third-Party Services

Service	Purpose	Data Sent
Google Firebase Auth	User sign-in	Google OAuth token
Google Cloud Firestore	Data storage and sync	All feedback and user data
Google Cloud Functions	Notification delivery	Feedback summaries for Slack/email
Slack API (optional)	Team notifications	Comment text, author name, page URL
SendGrid (optional)	Email notifications	Comment text, author name, page URL, recipient email

Permissions Explained

Permission	Why We Need It
`activeTab`	To inject the feedback UI into the page you're viewing
`scripting`	To inject content scripts that render feedback overlays
`<all_urls>`	To allow feedback on any webpage (the core purpose of the extension)
`storage`	To cache feedback locally for fast loading
`identity`	To sign in with your Google account
`notifications`	To alert you when a teammate replies to your feedback
`sidePanel`	To display the feedback list in Chrome's side panel
`tabs`	To detect page navigation and load the correct feedback
`offscreen`	To capture element screenshots for feedback context

Data Retention

Your data is retained as long as your account is active.
Deleting a feedback item removes it from Firestore and local storage.
If you uninstall the extension, local data is automatically removed by Chrome. Cloud data remains until deleted by you or your organization admin.

Your Rights

You can view all your feedback in the side panel.
You can delete individual feedback items at any time.
You can export your feedback as JSON, CSV, or PDF.
To request deletion of all your data, contact us at the address below.

Security

All data in transit is encrypted via HTTPS/TLS.
Firestore Security Rules ensure users can only access data within their organization.
Google OAuth tokens are managed by Chrome's chrome.identity API and never stored in plain text.

Changes to This Policy

We may update this policy from time to time. Changes will be posted to this page with an updated "Last updated" date.

Contact

If you have questions about this privacy policy or your data, please open an issue on GitHub.