GDPR Policy
Last updated on
This GDPR Policy explains how ProductBridge handles personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. It applies to visitors, customers, users, and individuals whose feedback or personal data may be processed through ProductBridge.
ProductBridge is designed to help SaaS teams collect, organize, analyze, and act on customer feedback. Where we process personal data, we aim to do so transparently, securely, and only for legitimate product and service purposes.
1. Roles under GDPR
Depending on how ProductBridge is used, we may act as either a data controller or a data processor. For account, billing, website, and direct customer relationship data, ProductBridge generally acts as a data controller. For customer feedback, messages, product requests, and imported workspace content processed on behalf of a customer, ProductBridge generally acts as a data processor.
2. Personal data we may process
The categories of personal data we may process include account information, contact details, workspace and company information, support communications, usage and device data, and customer feedback data submitted or connected through integrations.
Account data such as name, email address, role, and company details.
Customer feedback data such as requests, comments, messages, issue descriptions, and related metadata.
Technical data such as IP address, browser type, device information, logs, and product usage activity.
3. Legal bases for processing
Where ProductBridge acts as a controller, we rely on appropriate legal bases for processing, including performance of a contract, legitimate interests, consent where required, and compliance with legal obligations. Where ProductBridge acts as a processor, we process personal data according to the customer’s instructions and applicable data processing terms.
4. How we use personal data
We use personal data to provide and improve ProductBridge, maintain accounts, deliver support, operate integrations, analyze product usage, secure the service, prevent abuse, comply with legal obligations, and help customers organize and understand feedback submitted to their workspace.
5. Data subject rights
Individuals in the European Economic Area, United Kingdom, and other applicable regions may have rights to access, correct, delete, restrict, object to, or request portability of their personal data. Where processing is based on consent, individuals may also withdraw consent at any time.
If your personal data was submitted to ProductBridge by one of our customers, we may direct your request to that customer or work with that customer to respond, because they control the relevant workspace data.
6. International data transfers
ProductBridge stores customer data and operates its production servers in data centers located in France. We use enterprise-grade infrastructure from Amazon Web Services (AWS) and Microsoft Azure to host, process, secure, and back up the Service. If approved service providers access or process data from outside your country of residence, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, and other legally recognized transfer mechanisms.
7. Data hosting and infrastructure
All ProductBridge production servers and customer data are stored in France-based data centers. Our hosting infrastructure uses enterprise-level cloud services from AWS and Microsoft Azure, including security, resilience, monitoring, backup, and availability capabilities appropriate for operating a business software platform.
8. Subprocessors and service providers
We may use trusted third-party service providers to host infrastructure, deliver support, process analytics, manage communications, and operate core service functionality. These providers are permitted to access personal data only as necessary to provide services to ProductBridge and are required to protect that data.
9. Data retention
We retain personal data only for as long as needed to provide ProductBridge, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes. Customer workspace data is retained according to the customer’s account settings, subscription status, and deletion requests.
10. Security measures
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, encryption in transit, restricted internal access, monitoring, and operational security practices.
11. Contact
For GDPR questions, data requests, or privacy concerns, contact us at support@productbridge.io. We may need to verify your identity before responding to certain requests.
