Last updated: June 2026
AH! Feedback ("we", "us", "our"), operated by PravIN CRM Solutions Inc., is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
PravIN CRM Solutions Inc., operating AH! Feedback, is the data controller responsible for your personal data. If you have any questions about how we handle your data, you can contact us through our Contact page.
We collect the following categories of personal data: Account Data: Your name, email address, and password (stored encrypted) when you register. Payment Data: Payment transactions are processed by Stripe. We store only payment status and Stripe session IDs. We never store your full card details. Usage Data: Reports you generate, videos you analyze, and your activity within the Service. Technical Data: IP address, browser type, device information, and cookies for session management. Third Party Login Data: If you sign in with Google, we receive your name, email, and profile picture from Google.
We use your personal data for the following purposes: - To provide and maintain the Service - To process payments and issue refunds - To send account-related emails (confirmation, password reset) - To improve and develop the Service - To detect and prevent fraud and abuse - To comply with legal obligations We do not sell your personal data to third parties. We do not use your data for advertising purposes.
For users in the European Economic Area (EEA), we process your data on the following legal bases: - Contract: Processing necessary to provide the Service you requested - Legitimate Interests: Improving our Service, preventing fraud - Legal Obligation: Complying with applicable laws - Consent: Where you have given explicit consent
We use the following third party services that may process your data: Supabase: Database and authentication provider. Data may be stored in the US. Supabase is GDPR compliant. Stripe: Payment processing. Stripe is PCI-DSS compliant and GDPR compliant. Google (YouTube API): We use YouTube Data API to fetch public comment data. Subject to Google Privacy Policy. Google Gemini: AI report generation. Comments are sent to Google's Gemini API for analysis. Subject to Google AI Privacy Policy. Vercel: Website hosting. Subject to Vercel's Privacy Policy.
AH! Feedback accesses publicly available YouTube comment data through the YouTube Data API. We only access comments that are publicly visible on YouTube. We do not access private user information, subscriber data, or any non-public data. YouTube comment data used for report generation is not permanently stored in our systems beyond what is necessary to generate your report. Comment text used in reports is sourced from publicly available YouTube comments. We store anonymized excerpts only — we do not store commenter usernames, profile information, or any personally identifiable information from commenters. Brand names, product names, and competitor mentions extracted from comments are stored as part of the analytical report and do not constitute personal data under GDPR.
We retain your personal data for as long as your account is active or as needed to provide the Service. Report data is retained for 30 days from the date of generation. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes. Payment records are retained for 7 years as required by financial regulations.
If you are located in the EEA, you have the following rights regarding your personal data: Right of Access: Request a copy of your personal data Right to Rectification: Correct inaccurate personal data Right to Erasure: Request deletion of your personal data Right to Portability: Receive your data in a portable format Right to Object: Object to processing of your personal data Right to Restriction: Request restriction of processing To exercise any of these rights, contact us through our Contact page. We will respond within 30 days.
If you are a California resident, you have the following rights: Right to Know: What personal information we collect and how we use it Right to Delete: Request deletion of your personal information Right to Opt-Out: We do not sell personal information Right to Non-Discrimination: We will not discriminate for exercising your rights To exercise these rights, contact us through our Contact page.
We use cookies and similar tracking technologies to maintain your session and improve your experience. We use the following types of cookies: Essential Cookies: Required for the Service to function. Cannot be disabled. Session Cookies: Maintain your login session. Deleted when you close your browser. We do not use advertising cookies or tracking cookies. You can control cookies through your browser settings.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted data storage, secure HTTPS connections, and access controls. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.
Your data may be transferred to and processed in countries outside your country of residence, including the United States. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place, including Standard Contractual Clauses where required.
Our Service is not directed to children under 18 years of age. We do not knowingly collect personal data from children under 18. If you believe we have collected data from a child under 18, please contact us immediately through our Contact page.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our Contact page. We will respond to all privacy-related inquiries within 30 days.