Welcome to our 360° Feedback platform! We deeply value your privacy and are committed to protecting it. Our platform is built with a “privacy by design” philosophy – meaning we consider privacy at every step of our design and operations. We follow Canadian privacy laws (like PIPEDA, Canada’s main private-sector privacy law ) and international standards (such as the EU’s GDPR) to safeguard your personal information. In plain language: we want you to understand what data we collect and what we do with it, because privacy should be clear and simple . We also promise never to sell your personal data to anyone. This Privacy Policy explains in friendly terms how we handle your information.
Effective Date: 2025 April 29th
[First Initial Version Published]
If you have questions: Please contact us at [[email protected]] – we’re here to help.
We only collect information that we truly need to run our feedback service (following the Privacy by Design principle of data minimization ). Here’s what we gather and why:
Account Information: When you sign up or are invited to our platform, we may collect your name, email address, job title, and organization. We use this to create your account and identify you within the system.
Feedback Data: If you participate in a 360° feedback survey (as a rater or as the person being reviewed), we collect your survey responses. This can include rating scores and written comments about workplace performance. These responses might contain opinions, which are considered personal information too . We use this data to generate feedback reports for professional development.
Usage Data: Like many online services, we automatically collect some technical data when you use the platform. This includes things like your IP address, browser type, device type, and cookies (small text files) if applicable. We collect this to ensure the site works securely, to remember your preferences, and to analyze and improve our service (for example, fixing bugs or enhancing features). We do not use this data to track you across other sites or for advertising purposes.
Support Communications: If you contact us for help, we will collect the information you give us (like an email address and the content of your request) so we can respond to you and improve our customer service.
In plain terms: We collect your basic profile info, your feedback inputs, and some technical info to make the site work. We don’t collect things we don’t need. For example, we do not ask for your home address or financial information, since it’s not relevant to 360° feedback. And we will always be transparent about what data we collect and why.
We use your information only for the purposes you would expect, and we do so under strict privacy principles. Here’s how and why we use it:
To Provide the 360° Feedback Service: Your data is used to administer surveys and compile feedback reports. For example, if you are a rater, we use your responses (combined with others’ in your group) to create an anonymous feedback report for the person being reviewed. If you are being reviewed, we use the feedback from others to prepare your report.
To Maintain Your Account: We use your account information (like email) to log you in, send you necessary emails (e.g. survey invitations, reminders, or a notification when your feedback report is ready), and to personalize your experience (for instance, showing the correct list of people you can review).
To Ensure Anonymity (when applicable): We design our service to protect rater identities. For peer, direct report, and other non-manager feedback, our system combines and averages responses so individuals can’t be identified . We explain more about anonymity below, but importantly, we use the data in a way that preserves confidentiality where promised.
To Improve Our Platform: We might use aggregated usage data (which does not identify you personally) to understand how the platform is used. For example, we might look at overall statistics like “10,000 feedback surveys were completed this year” or see which features are popular, so we can make the service better for everyone.
To Communicate with You: We may send occasional service-related announcements. For instance, if we update this Privacy Policy or if there’s an important security update, we might email you. We won’t spam you or send marketing emails unrelated to the 360° feedback service without your consent.
For Safety and Legal Compliance: We use information to keep the platform safe and secure. That includes monitoring for and preventing fraudulent or malicious activity. If needed, we may use or disclose information to meet any applicable law, regulation, legal process, or enforceable governmental request (for example, addressing a legal claim or audit).
We do not use your personal information for any purpose you wouldn’t reasonably expect. For example, we do not sell your data, we do not share it for third-party marketing, and we do not read your feedback comments for any purpose other than delivering the service (no snooping – only authorized personnel see data, and even then only as needed to support the service). Our sole goal in using your data is to provide a safe, effective 360° feedback platform that helps with professional development.
Your privacy is paramount. We limit the sharing of your information to only what is necessary to run the service or when required by law. Here’s who might receive some of your data and why:
The Organization or Individual Managing the Survey: If your 360° feedback is part of a program by your employer or a specific organizer, the results (aggregate feedback reports) will be shared with the intended recipients. For example, the person being reviewed (and possibly their HR department or coach) will receive the feedback report. These reports may contain your feedback responses, but if you are a peer/direct report rater, your responses are anonymous (not labeled with your name). If you are a manager rater, your feedback is identifiable in the report, as explained below in Rater Anonymity.
Service Providers (Processors): We use trusted third-party services to help us operate the platform – for instance, web hosting companies that store data on secure servers, or an email service that sends out the survey invitations on our behalf. When we share data with such service providers, we remain responsible for your information. These providers only get the information necessary for their task (for example, the email service gets your email address to send the invite) and are contractually obligated to protect it and use it only for our specified purposes.
Legal Requirements and Safety: We might disclose information if required by law or if we believe in good faith that it’s necessary to (i) comply with a legal obligation (such as a court order or government demand), (ii) protect our rights or property, (iii) prevent fraud or abuse of our platform, or (iv) protect the safety of our users or the public. For example, if law enforcement presents a lawful subpoena, we may have to provide the requested data.
Business Transfers: If in the future our company is involved in a merger, acquisition, or sale of assets, user information might be transferred as part of that deal. If that happens, we will ensure the new owner continues to honor your privacy rights as described in this policy, and we’ll notify you (for example, via email or a notice on our site) of any such change.
We do NOT sell your personal information. We don’t share it with advertisers or data brokers. We don’t exchange it for money or other benefits. In short, your data is used only to serve you and your organization’s feedback process, not others’ marketing. This commitment not to sell data is part of respecting your privacy and is aligned with modern privacy laws around the world.
We take strong measures to protect your data throughout its life cycle . Here’s what we do to keep your information safe and how long we keep it:
Secure Storage: Your data is stored on secure servers, which are protected by industry-standard security practices. We use measures like encryption (scrambling data so it’s unreadable to unauthorized people) for data in transit and at rest. For instance, when you log in or submit feedback, the connection is encrypted (HTTPS) to prevent eavesdropping. Our databases are secured and require proper credentials to access. We also implement firewalls and regular security audits on our systems.
Access Controls: Only a limited number of authorized team members have access to personal data, and even then, only on a “need-to-know” basis. This means, for example, our support staff can only access your account information if necessary to help you with a problem, and they have strict guidelines and training on protecting privacy.
Retention Policy: We retain personal information only as long as necessary for the purposes described in this policy. In practice, this means we keep your data while your account is active or as needed to provide the service (for example, as long as a 360° feedback cycle is ongoing or feedback reports might be accessed). We may also keep some information for a reasonable period after (in case you or your organization need to review past feedback, or as required to comply with legal obligations or resolve disputes). When information is no longer needed, we will securely delete or anonymize it. For example, if you delete your account or if your organization asks us to purge the data after a feedback project, we will remove personal identifiers from the feedback data or delete it outright, as appropriate.
Privacy by Design in Security: Because we built this platform with privacy in mind, security isn’t an afterthought – it’s baked in. We regularly update our software and infrastructure to patch vulnerabilities. We test our systems for potential weaknesses. If we ever identify a risk, we act proactively to fix it (we prefer prevention over reaction ). In the unlikely event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.
Location of Data: Our primary servers are located in Canada. If you are using our platform from another country, know that your data is being transferred to and stored in Canada. Canada’s privacy laws are robust and have been recognized by the European Union as providing adequate data protection . We apply the same high privacy standards to all users, wherever you’re from. If we ever need to store or process data in another country, we will ensure it’s protected to an equivalent standard and inform you of any significant changes.
We provide an automated, self-service deletion workflow that exceeds the GDPR’s “right to erasure” standard.
Because the remnants can no longer be tied to you, we may keep anonymised analytical records (e.g., aggregated survey statistics) indefinitely for legitimate business purposes.
In summary, we protect your data as if it were our own sensitive information. While no online service can guarantee 100% security, we work very hard to keep your data safe and secure against unauthorized access, use, or disclosure. If you have specific questions about security, feel free to reach out to us.
Anonymity in feedback is crucial for honest and useful responses. Our platform is designed to protect the anonymity of feedback providers (raters) in most cases, with one important exception. Here’s how it works:
For Peers, Direct Reports, “Other”, and Custom Raters: If you are giving feedback in one of these roles, your identity will not be revealed to the person being reviewed. We require a minimum of three (3) raters in each of these categories to ensure anonymity. Individual responses from these groups are aggregated – for example, if you and several colleagues rate your manager, your scores are averaged together in the report. This way, no one can tell who gave which rating or comment . If fewer than three people are in a category, our system will combine their feedback into an “Overall” section of the report rather than show it separately . This practice protects your identity while still providing the feedback to the person being reviewed. We also strip out or generalize any personal identifiers in comments (if someone accidentally wrote a name, for instance) before delivering reports. Bottom line: you can feel safe providing candid feedback, because your name will not be attached to it in the eyes of the feedback recipient.
For Managers/Supervisor Raters: If you are a manager or direct supervisor providing feedback, there is less anonymity. In fact, usually your feedback is identifiable in the report. Typically, a person has only one direct manager, so any feedback from that role is automatically attributed. Our platform will label the manager’s feedback section separately. This is intentional: part of a manager’s role is to give direct performance evaluations, so the person being reviewed will know which feedback came from their manager. This is the only exception to our anonymity rule . We want to be very clear about it so you know what to expect. If you’re a manager giving feedback, please keep in mind the employee will see your input labeled as coming from you. If you’re an employee receiving feedback, understand that feedback under the “Manager” category is from your manager, whereas feedback from other groups remains anonymous.
Why this split? It’s about balancing honesty with transparency. Research and best practices in 360° feedback show that anonymous peer feedback encourages candor , while manager feedback is typically open by necessity. We are upfront about this so no one is caught by surprise. Rest assured, except for the designated manager feedback, all other responses are kept confidential and anonymous to the person being reviewed. We also advise organizations using our platform to inform participants of this anonymity policy in advance, so everyone understands who sees what.
Our platform welcomes users from around the world. We strive to uphold high privacy standards globally, which means we pay attention to laws like the European Union’s General Data Protection Regulation (GDPR) and others. Here’s what international users should know:
Compliance with GDPR (EU/UK users): If you are in the European Union, the United Kingdom, or a similar jurisdiction, you have certain rights under the GDPR and related laws. These include the right to access your data, correct or update it, delete it, restrict or object to certain processing, and portability of your data. We fully respect these rights and have processes to fulfill them. For example, if you want to see a copy of the personal information we hold about you, or if you want us to delete your account data, you can contact us (see Your Rights & Choices below) and we will respond promptly. Our legal basis for processing your data is typically your consent (when you voluntarily provide feedback or information) and/or legitimate interest (providing and improving our feedback services, which benefit you and your organization, in a privacy-balanced way). Also, as noted in Data Storage, your data may be transferred to Canada. The EU has determined that Canada’s privacy laws provide protection equivalent to EU standards , so your data is safe with us. If we ever need to transfer data to a country not deemed adequate by the EU, we will use appropriate safeguards (like EU Standard Contractual Clauses) to protect your information.
Other Regions (e.g. California, etc.): If other privacy laws apply to you, we aim to honor those as well. For instance, some jurisdictions (like California under the CCPA/CPRA) provide rights to know what data is collected and to opt-out of sale of personal info. While we don’t sell data, we will honor any valid requests related to such rights. Regardless of where you live, we believe in transparency and fairness in data handling.
Language and Transparency: We wrote this policy in plain English so it can be easily translated into other languages and understood by users worldwide. (In fact, simplicity and clarity are key reasons behind Privacy by Design principles .) If you prefer to read this policy in another language, please let us know – we are working on providing translations in multiple languages for convenience. The meaning will remain the same in any translated version.
Governing Privacy Law: As a Canadian-based service, our privacy practices are primarily governed by Canadian law (PIPEDA). That said, we extend the core protections of these laws to all our users, no matter where you’re located. In case of any conflict between laws, we will try to meet the highest standard of protection applicable.
In short, we don’t cut corners on privacy just because you’re from another country. We treat your data with care and respect, and we comply with relevant laws to protect your rights.
You are in control of your personal information. We want to make it easy for you to exercise your privacy rights and make choices about your data. Here’s what you can do:
Access and Corrections: You have the right to access the personal information we hold about you. This usually includes your profile information and any feedback responses you gave. You can request a copy of this information by contacting us. If you find that any of your personal details (like your name or email) are incorrect or outdated, you can correct them yourself in your profile settings or ask us to update them.
Deletion (Right to be Forgotten): You can now erase your account instantly and directly from within the application. In the Profile → Danger Zone panel you’ll see a red “Delete My Account” button. Pressing it:
The entire process finishes in seconds and is GDPR-compliant because the residual data can no longer identify you. If you change your mind afterwards, you would need to create a fresh account from scratch. You can still email us to request a manual deletion, but the in-app flow is the fastest path.
Withdraw Consent / Opt-Out: If at any point you agreed to something (like receiving optional survey invitations or participating in a research beta program), you can withdraw that consent. For example, if you no longer want to take part in a 360° survey, you can decline or ignore the invitation. If you don’t want us to send you non-essential emails, you can opt out by unsubscribing or adjusting your email preferences. (Note: We will still send essential emails about your account or ongoing surveys as needed, but nothing unnecessary.)
Objection and Restriction: If you have concerns about any particular use of your data, you have the right to object. For example, if you feel our legitimate interest in processing your data doesn’t override your privacy, you can object and we’ll review and accommodate if possible. You can also ask us to temporarily restrict processing your data if you are resolving an issue (for instance, you contest the accuracy of some data and want us to stop using it until it’s fixed).
Data Portability: If you want to take your data elsewhere, let us know. Where applicable, we can provide your personal information in a common, machine-readable format. For instance, if you want a copy of all feedback you have given, we can provide a CSV or PDF file of your responses, if feasible.
No Discrimination: Exercising your privacy rights will not result in any unfair treatment. We provide the same quality service regardless of whether you choose to exercise privacy options. (In fact, we encourage you to manage your data as you see fit!)
How to Exercise Your Rights: Simply reach out to us at [[email protected]] with your request. For security, we may need to verify your identity (to ensure we don’t give your data to the wrong person). We will respond as soon as possible, and certainly within any timeline required by law (for example, GDPR typically requires response within one month). There is no cost to exercise these rights, though if a request is excessive or unfounded, the law does allow us to decline or charge a reasonable fee – but we’ve never had to do that. We’re here to help you stay informed and in control.
We want to reiterate a key promise: We do not sell your personal data. Period. Our business model is providing the 360° feedback service to organizations and users, not profiting from your information. We don’t sell or rent email lists, we don’t trade your info for advertising, and we don’t engage in any practice that monetizes your personal data beyond providing the service to you and your organization. Your trust is far more valuable to us than any data sales. As privacy regulations worldwide emphasize, your data is yours, and we respect that fully.
Additionally, if we ever make significant changes to this Privacy Policy, we will let you know. We might email you or post a notice on our website. We encourage you to review this Policy from time to time so you remain informed about how we protect your information. Transparency is one of our core values – if anything in this Policy is unclear, please ask us and we’ll gladly explain.
We’re always happy to hear from you, especially if you have questions or concerns about privacy. You can contact our Privacy Officer at:
Email: [email protected]
Address: [Will be available shortly] Toronto, ON, Canada.
If you have a privacy concern that we can’t resolve, note that under Canadian law you have the right to contact the Office of the Privacy Commissioner of Canada or your local data protection authority (if you’re outside Canada, e.g. in the EU you can reach out to your country’s supervisory authority). But we sincerely hope we can address your questions directly and quickly, as your privacy and satisfaction are our top priorities.
Thank you for reading our Privacy Policy. Using our platform indicates you agree with these practices. We hope this document was clear and helpful. Your privacy is safe with us, and we’re committed to keeping it that way!