Privacy Policy

Last update: Sep 25, 2023

1. Introduction

This Privacy Policy applies to the website (hereinafter the “website”) published by the company Cordnet OU (hereinafter “Featurebase” or “we”) and its other services and products for which personal data is being communicated to Featurebase.

Please read this Privacy Policy carefully as it explains how Featurebase uses your personal data and how to exercise your rights. This Privacy Policy supplements the Terms & Conditions or any documents or notices that may refer to this Privacy Policy.

Should you have any questions, you may directly contact Featurebase by sending an email to

2. Definitions

DATA means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

USAGE DATA is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).

COOKIES are small files stored on your device (computer or mobile device).

DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.

DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

DATA SUBJECT is any living individual who is the subject of Personal Data.

THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

3. Legal context

We abide by the recommendations of the relevant authorities and have put in place an organization to ensure our compliance with the regulatory framework established by the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and any other laws or regulations relating to personal information that apply to us.

4. What is our role?

Under the GDPR, we are considered as a data controller. It means that we set the whys and hows we process your personal information. For example, when you are visiting our website, we are in charge of determining the purposes and the means that are necessary to administer, operate and manage our users’ personal information that we collect from it.

Depending on the activity we perform on your data, we may also be considered as a data processor. This means that you are our customer’s end user and that we are processing your data under the instructions of our customer considered as a data controller. In this case, the data controller sets the purposes and means of the processing activity, and we abide and deliver our service in regards to these.

5. What kind of personal information do we process?

We only collect and process personal information that is relevant and adequate. We give special attention to its accuracy and updates when needed. Personal information includes in particular:

Type of dataExamples of data
Identification datae.g. first name, last name, picture, birth date, etc.
Professional datae.g. company name, skills, job title, diplomas, etc.
Connection datae.g. IP address, logs, terminal and connection identifiers, timestamp, etc.
Contact datae.g. email address, phone number, postal address, ect.
Internet datae.g. cookies, tracers, navigation data, audience metrics, etc.
Images & video datae.g. video footage or photography
Economic and financial datae.g. income, financial situation, tax situation, banking details, etc.
Location datae.g. movements, GPS data, GSM, etc.

The collection of this information may at times be mandatory in order to provide our service, other times optional to enhance your experience and left to your good will. Mandatory information will be identified as such when we collect your data. Know that if you refuse to provide it, Featurebase won’t be able to provide you with its utmost service and you will unfortunately experience inconveniences.

6. When do we collect your personal information?

We collect your personal information on various occasions.

Sign up formIndividual signed up online
Newsletter subscriptionIndividual subscribed to our newsletter
Website or software visitIndividual browsed our website or our solution
Chat & Email conversationIndividual contacted us directly by mail
Billing formIndividual filled in a payment checkout
Online or paper formIndividual filled in a form
Import via APIImport of personal data via AP

7. How do we use your personal information?

Your personal information will never be processed for incompatible purposes regarding why it was first collected. We only collect and process personal information for specified, explicit and legitimate purposes, like:

Processing ActivitiesPurposesLegal basis
Creation and management of user accountAuthentication ensures the correct identification of users and determines what resources a user can access. This process often involves collecting and verifying personal data like emails or integrating with third-party services which may share user details.Contractual duties, Legitimate interest, Consent
Payment & billing managementTo process money transactionsContractual duties
Newsletter subscription managementTo send a regular newsletter and gather statisticsConsent, Legitimate interest
Marketing communicationTo send marketing communications about updates and promotions regarding the serviceLegitimate interest, Consent
Website audience measurementTo gather analytics on the website trafficConsent, Legitimate interest
Service improvementTo maintain and optimize the performance of the service and understand how individuals use itLegitimate interest
Customer support and social communicationsTo provide customer care and interact with individuals on social platformsLegitimate interest
Bug and security monitoringTo prevent and investigate system abuseLegitimate interest
General Email NotificationsSending general email notifications to users about new comments on their posts, status updates, and other notifications generated by our application.Legitimate interest, Consent, Contractual duties
Feedback Collection and ManagementThe platform's primary function is to collect feedback from users. This involves capturing various types of data, such as user opinions, suggestions, bug reports, and possibly user interactions with the feedback (e.g., voting).Legitimate interest, Consent
Integration Data ProcessingTo enhance our platform's functionality by allowing Featurebase administrators to seamlessly integrate with third-party tools. This integration permits the sending of data, including user details, regarding new posts, updates, and feedback to platforms like Slack, Discord, Jira, Linear, etc. It aims to streamline user communications and keep teams and involved parties informed in real-time.Legitimate interest, Consent, Contractual duties
Changelog PublicationThe process of Changelog Publication is integral to Featurebase's commitment to transparency and timely communication. Users who interact with our platform appreciate knowing the updates and improvements made to the services they use. By publishing changelogs, we ensure that our users are kept informed about new features, bug fixes, and other relevant updates. This enhances user trust, promotes engagement, and enables users to utilize new functionalities effectively.Legitimate interest, Consent, Contractual duties
General Moderation of User-Generated ContentModeration of user-generated content, including posts, comments, feedback, and any other submissions, is vital to upholding the integrity, quality, and safety of the Featurebase community. As we aim to foster an open, constructive, and inclusive environment, it's essential that all content adheres to a set of community guidelines and standards. Moderation ensures that any content that might be inappropriate, misleading, offensive, or potentially harmful is promptly identified and addressed. This proactive approach not only maintains a trusted space for genuine communication but also ensures that all users can engage confidently, knowing that their voices will be heard in a respectful and positive setting.Legitimate interest, Contractual duties, Consent
Feedback AnalysisFeedback Analysis is a cornerstone of Featurebase's value proposition. By systematically analyzing the feedback provided by our users, we can extract meaningful insights about user preferences, pain points, and desired features. This analytical approach enables companies to prioritize product development, feature releases, and improvements based on what users genuinely want. Furthermore, it allows companies to spot trends, anticipate user needs, and continually refine our services to provide maximum value.Legitimate interest, Consent, Contractual duties

In order to comply with the principle of lawfulness, the legal bases for each data processing is determined carefully and on a case-by-case basis in accordance with the list provided by Article 6 of the GDPR.

We do not process your data or use automated decision making without your knowledge, nor do we sell or rent your personal information without your explicit consent.

8. Who can access your personal information?

Recipients to whom we disclose your personal information are carefully chosen by us. They receive data for legitimate purposes, especially when it comes to pursuing our business activity and providing a qualitative service:

SubprocessorService provided
GitHubSoftware development platform
Google CloudCloud computing services
Apple App Store
StripePayment & billing management
EmailOctopusEmail marketing via Amazon SES
IntercomEngagement OS
Customer.ioCustomer interactions
Mixpanel IncProduct analytics
Functional Software Inc. dba SentryApplication Performance Monitoring & Error Tracking
TwillioExternal communication API
LinearIssue tracking
AtlassianCollaboration software
Mango Technologies Inc. DBA ClickupThe productivity platform
SlackMessaging program
Twilio dba SegmentInfrastructure and developer tools
ZapierWorkflow automation platform
Google Recaptcha

Certain data recipients are considered our data processors in accordance with Article 28 of the GDPR, which means we review how they handle personal information and make sure they put in place appropriate guarantees to protect it.

Other recipients are considered authorized third parties in accordance with Article 4 of the GDPR, which means we have to communicate your personal information to them to comply with applicable legal obligations, lawful requests and processes (subpoenas, requests from government or tax authorities, etc.).

9. Where do we transfer your personal information?

As far as possible, your personal information is processed within the European Union. However, some of our service providers may be located in another country of which you are a resident or pursuing their activity outside of the European Union.

When we transfer your personal information to a recipient outside the European Union, we take care of putting in place sufficient guarantees in accordance with the list provided by Articles 44 to 50 of the GDPR, whether it is having it stored in a country with an adequate privacy protection or contracting Data Protection Agreements to ensure your personal information is protected.

SubprocessorLocationAdopted safeguard
GitHubUSAData Processing Agreement
StripeUSAData Processing Agreement
Functional Software Inc. dba SentryUSAData Processing Agreement
TwillioUSAData Processing Agreement
LinearUSAData Processing Agreement
Twilio dba SegmentUSAData Processing Agreement
ZapierUSAData Processing Agreement

10. How long do we store your personal information?

As a general rule when we are considered a data controller by the GDPR, retention periods of your personal information are determined according to the purposes for which we collected it and our legal obligations.

Regarding our activities as a data processor, we retain our customers’ end users personal information as long as required by our terms and conditions and the pursuing of the service our customers’ subscribed to.

When these purposes are fulfilled or when you ask us, your personal information is archived, erased or anonymized.

11. How do we protect your personal information?

We care deeply about the safety of your personal information and that is why we put in place adequate technical and organizational security measures to preserve its confidentiality, integrity and availability.

We take into account the risks for your rights and freedoms and therefore follow with great care the recommendations of the competent authorities regarding security.

12. What are your rights and how to exercise them?

In accordance with Articles 12 to 23 of GDPR, you have rights over your personal information that we are committed to respect:

  • you can request access to your personal information and a copy of it
  • you can ask us to modify your personal information if you consider it obsolete, inaccurate or incomplete.
  • you can object to the processing of your personal information if based on our legitimate interest in certain circumstances.
  • you can request to restrict the processing during a limited period of time, in certain circumstances.
  • you can opt-out from a consent already given, without this withdrawal affecting the lawfulness of the processing operations already carried out.
  • when technically feasible, you can ask us to send you the personal information you provided us or that we communicate it to a third party.
  • you can ask us to delete your personal information if it meets legal grounds for which it is applicable.

These rights can be exercised directly and at any time by sending an email to or on our Data Requests page. In the case you are our customer’s end user, please take into consideration that this request will be forwarded and must be answered directly by them.

13. Children's privacy

Our Services are not intended for use by children under the age of 13 ("Children").

We do not knowingly collect personally identifiable information from Children under 13. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

14. Policy changes

This Privacy Policy may be modified in the future to keep it updated with legal jurisprudence and evolution. You'll be informed either by a special mention on this page or by a personalized warning, by email for instance.

15. Contact us

If you have any questions about this Privacy Policy, please contact us via email at