Privacy Policy

1. Overview

CustomerEQ ("CustomerEQ", "we", "us", or "our") provides a customer-experience analytics platform that helps businesses ingest customer feedback signals — including surveys, NPS responses, support conversations, reviews, loyalty events, and rep observations — and surface AI-driven insights to improve customer outcomes. This Privacy Policy explains what information we collect, how we use it, with whom we share it, how we secure it, and the rights you have with respect to your information.

This policy applies to the CustomerEQ website, web application, APIs, and all related services (collectively, the "Service"). By using the Service, you agree to the practices described here.

2. Who this policy applies to

CustomerEQ interacts with several categories of people:

• Customers — businesses that sign up to use CustomerEQ to analyze their own customers' feedback.
• Authorized users — employees, contractors, or agents of a Customer who access the Service on the Customer's behalf.
• End users — the Customer's own customers, whose feedback, profile data, loyalty events, or reviews flow into the Service.
• Website visitors — anyone who visits our marketing website.

For Customers and Authorized users, CustomerEQ acts as a data controller for the account and billing data we collect directly. For End user data that flows into the Service through a Customer's use of it, CustomerEQ acts as a data processor on behalf of that Customer.

3. Information we collect

3.1 Information you provide directly

• Account information: name, email, password hash, company name, role.
• Billing information: payment details handled by our payment processor; we do not store full card numbers.
• Content you upload: survey questions, campaign configurations, knowledge-base articles, rewards catalog, and any other content you create within the Service.
• Communications: messages you send us via email, support chat, or feedback forms.

3.2 Information collected automatically

• Log data: IP address, browser type, pages visited, timestamps, referrer URLs.
• Device information: operating system, device identifiers, screen size.
• Cookies and similar technologies: authentication cookies, preference cookies, and limited first-party analytics as described in Section 8.

3.3 Information from third-party services

CustomerEQ connects to third-party platforms at a Customer's explicit direction, and only after the Customer authorizes access through OAuth or by providing credentials. These integrations may include (but are not limited to):

• Google Business Profile (Google My Business) API — we retrieve public review content (review text, star rating, reviewer display name, review timestamps, and reviewer replies) for business locations the Customer owns or manages. We request only the minimum scopes required to read review data; we do not post, edit, or delete reviews or Business Profile content.
• Email providers, CRM systems, e-commerce platforms, and other review, survey, or analytics tools.

Data retrieved from third-party services is stored and processed as End user data under this policy and the terms of the Customer's agreement with us. CustomerEQ's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.4 End user data

When a Customer uses CustomerEQ, we process End user data on their behalf. This may include contact details (name, email, phone), purchase history, survey responses, NPS scores, support messages, review content, loyalty points balances, and tags or notes entered by the Customer's staff. The Customer determines what End user data flows into the Service and is responsible for having a lawful basis to do so.

4. How we use information

We use information for the following purposes:

• Providing, operating, and maintaining the Service.
• Authenticating users and securing the Service against fraud and abuse.
• Computing analytics, health scores, sentiment classifications, topic clusters, and anomaly detections requested by the Customer.
• Displaying retrieved third-party content (including Google reviews) back to the authorized Customer within the CustomerEQ dashboard.
• Sending transactional emails such as account confirmations, password resets, and service notifications.
• Responding to support requests and communicating with Customers about the Service.
• Improving the Service, diagnosing technical issues, and developing new features.
• Complying with legal obligations and enforcing our Terms of Service.

We do not sell personal information. We do not use End user data retrieved from Google APIs to serve advertising, to build generalized AI/ML models that are used outside the Service, or for any purpose that is not disclosed to and authorized by the Customer.

5. AI and automated processing

CustomerEQ uses machine-learning models — including large language models (LLMs) operated by third-party AI providers — to classify sentiment, cluster topics, detect anomalies, score customer health, and generate summaries. When we send content to an LLM provider:

• We send only the content required for the analysis.
• We use providers whose enterprise terms prohibit training their models on our data.
• We do not instruct models to generate, post, or publish content on your behalf without explicit user action.

Data retrieved from Google APIs is not used to train AI/ML models. Automated inferences stored in the Service (such as a sentiment label on a review) are treated as derived content and inherit the same retention and access-control rules as the source content.

6. How we share information

We share information only in these circumstances:

• With Authorized users of the same Customer account — so teammates can collaborate.
• With subprocessors — service providers who process data on our behalf under a data processing agreement. Current categories include cloud hosting, managed databases, email delivery, payment processing, error monitoring, and LLM/AI providers. A current list is available on request.
• When legally required — in response to valid legal process, or to protect the rights, safety, and property of CustomerEQ, our Customers, or the public.
• In a business transfer — if CustomerEQ is involved in a merger, acquisition, or sale of assets, data may be transferred as part of that transaction, subject to the protections of this policy.

We never sell personal information, and we do not share End user data with third parties for their own marketing purposes.

7. Data retention and deletion

We retain information for as long as a Customer's account is active and as needed to provide the Service. When an account is closed, we delete or de-identify Customer and End user data within ninety (90) days, except where we are legally required to retain certain records (e.g., tax or billing records).

End users who want their data removed from a Customer's CustomerEQ environment should first contact the Customer. CustomerEQ will cooperate with Customers to honor verified deletion requests. For Google review content specifically, if a reviewer deletes their review on Google, we will remove it from the Customer's CustomerEQ view on the next sync, and in any case no later than thirty (30) days.

8. Cookies and analytics

We use a small number of first-party cookies for authentication and user preferences. We may use privacy-preserving analytics to understand aggregate usage of the marketing website. We do not use cookies to build cross-site advertising profiles, and we do not participate in third-party advertising networks. You can disable cookies in your browser settings, though this may affect the Service's functionality.

9. Data security

We implement administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS 1.2 or higher), encryption at rest, role-based access controls, audit logging, and secret management. See our Security page for more detail. No system is perfectly secure, and we cannot guarantee absolute security; however, we continuously work to harden the Service.

10. International data transfers

CustomerEQ is based in the United States, and information we collect will be processed and stored in the United States and other countries where our subprocessors operate. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

11. Your rights

Depending on where you live, you may have rights including: access to the personal information we hold about you, correction of inaccurate information, deletion, portability, restriction of processing, and the right to object to certain processing. California residents have specific rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of sale or sharing of personal information (CustomerEQ does not sell personal information).

To exercise these rights, email sid.mathur@gmail.com. If you are an End user whose data was submitted by a CustomerEQ Customer, please contact that Customer directly; we will assist them in responding to verified requests.

12. Children's privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable age), and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. For material changes, we will provide prominent notice (for example, by email to account administrators or a banner in the Service) before the change takes effect.

14. Contact us

Questions about this policy, or requests related to your information, can be sent to sid.mathur@gmail.com.