Enterprise-Grade Security

Security & Compliance

Your data security is our priority. We implement industry-standard practices to protect your feedback data and maintain compliance with global privacy regulations.

SOC 2 Type II
GDPR Compliant
256-bit Encryption

SOC 2 Compliance

We are actively pursuing SOC 2 Type II certification to demonstrate our commitment to security.

Current Status

SOC 2 Type II audit is in progress. We are working with an independent auditor to complete the certification process.

Expected completion: Q2 2026

Request SOC 2 Report

Once available, our SOC 2 report can be shared with prospective customers under NDA.

security@talktovalerie.com

GDPR Compliance

We are fully committed to GDPR compliance and protecting the privacy rights of EU residents.

Our GDPR Posture

  • Data minimization principles
  • Right to access and deletion
  • Data portability support
  • Transparent processing

Data Processing Agreement

We provide a comprehensive DPA that outlines how we process data on your behalf as a data processor.

Standard Contractual Clauses included

Request a DPA

Need a signed DPA for your records? Contact our security team and we'll send one within 24 hours.

Request DPA

Data Collected by Script

Complete transparency on what data Valerie collects from your visitors.

What We Collect

Page URL

Where feedback was submitted

User agent / device info

Browser and device type for analytics

Survey responses

Ratings and text provided by visitors

Anonymous visitor ID

Random ID for frequency limiting (not linked to identity)

Timestamp

When feedback was submitted

What We Do NOT Collect

Personal information (PII)

Unless voluntarily provided in feedback text

Session recordings

We never record user sessions or screen activity

Keystrokes

No keystroke logging or input monitoring

Cookies for tracking

No third-party advertising or tracking cookies

IP addresses

IPs are used only for country detection, never stored

Data Sent to AI Provider

We use AI to generate insights from your feedback. Here's exactly what happens with that data.

What

Anonymized feedback text only. No user identifiers, emails, or PII are sent to AI providers.

Why

To generate sentiment analysis, theme extraction, and actionable insights from feedback patterns.

Retention

Processed in real-time. AI provider does not store feedback data after processing is complete.

Training

Your data is NOT used to train AI models. We use API endpoints with data opt-out agreements.

Privacy commitment: We use OpenAI's API with enterprise data handling agreements. Your feedback data is never used to train their models and is deleted immediately after processing.

Subprocessors

A complete list of third-party services that process data on our behalf.

Subprocessor
Purpose
Location
Security Info
Vercel
Website & API hosting
United States
Supabase
Database & authentication
United States
OpenAI
AI processing for insights
United States
Resend
Transactional email
United States

Last updated: January 2026. We will notify customers of any subprocessor changes.

Enterprise Security

Security measures that protect your data at every level.

Encryption Everywhere

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Secure key management

No Third-Party Tracking

  • No advertising trackers
  • No cross-site tracking
  • Minimal cookies (session only)

Data Deletion on Request

  • Full data export available
  • Complete deletion within 30 days
  • Deletion certificate provided

Security Questions?

Our security team is here to help with compliance questionnaires, security assessments, or any questions about how we protect your data.

security@talktovalerie.comView Privacy Policy