Privacy Policy

This Privacy Policy describes how CornerCue ("we", "us", or "our") collects, uses, and protects information when you use our website at cornercue.com, our web application at app.cornercue.com, and our embeddable feedback widget (collectively, the "Service").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address - used for authentication, transactional emails (welcome, password reset), and account communication.
• Password - stored in hashed form only. We never store or have access to your plaintext password.

1.2 Feedback Submission Data

When end users submit feedback through the CornerCue widget embedded on your website, we collect:

• Feedback message - the text content submitted by the user.
• Feedback category - the type selected (bug, feature request, or general feedback).
• Screenshot - if the user chooses to attach one. Screenshots are converted to AVIF format and stored in our object storage. Screenshot capture is entirely optional and user-initiated.
• Page URL path - the page the user was on when submitting feedback.
• Browser and OS information - parsed from the User-Agent header (e.g., "Chrome 120", "Windows 10").
• Country - derived from IP address using a local MaxMind GeoLite2 database. The IP address itself is not stored.

1.3 Optional Metadata

Website owners who embed the CornerCue widget may choose to pass additional context with each submission:

• User info - such as a user ID, username, or email, configured by the website owner.
• Custom metadata - arbitrary key-value pairs set by the website owner for their own use.

We store this data as provided. If you are an end user submitting feedback, the data passed depends entirely on the website owner's configuration.

1.4 Payment Information

Payments are processed by our third-party payment provider, Dodo Payments. We store your billing email, name, and transaction records (amount, currency, status). We do not store credit card numbers or full payment credentials.

2. How We Use Your Information

We use collected information to:

• Provide and operate the Service.
• Authenticate your account and maintain sessions.
• Deliver feedback submissions to the appropriate project dashboard.
• Process payments and manage billing.
• Send transactional emails (account verification, password resets).
• Derive anonymous, aggregated metadata (browser, OS, country) to enrich feedback reports.

We do not sell your data. We do not use your data for advertising.

3. Cookies

We use a single session cookie (session_id) on our web application to keep you logged in. This cookie is:

• HttpOnly (not accessible to JavaScript).
• Set with a 30-day expiration.
• Used solely for authentication.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

4. Third-Party Services

We rely on the following third-party services to operate:

• Dodo Payments - payment processing.
• ZeptoMail (Zoho) - transactional email delivery.
• S3-compatible object storage - screenshot storage.
• Cloudflare Turnstile - bot protection during registration and login.
• MaxMind GeoLite2 - IP-to-country lookup (processed locally, no data sent to MaxMind).
• Google Fonts - font loading on our landing site.

Each provider operates under its own privacy policy. We share only the minimum data necessary for each service to function.

5. Data Storage and Security

• Passwords are stored using industry-standard hashing algorithms.
• Sessions are managed server-side via Redis.
• Screenshots are stored in encrypted object storage and served via signed URLs.
• All communication between clients and our servers uses HTTPS/TLS encryption.

6. Data Retention

We retain your account data for as long as your account is active. Feedback submissions are retained until deleted by the project owner through the dashboard. If you delete your account, your data will be removed in accordance with our retention schedule.

7. Your Rights

You have the right to:

• Access your personal data stored with us.
• Correct inaccurate information.
• Delete your account and associated data.
• Export your data in a portable format.

To exercise any of these rights, contact us at the email listed below.

8. Children's Privacy

CornerCue is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@cornercue.com