Privacy Policy

Process Feedback's privacy policy

Effective date: March 15, 2026

Key Points (TL;DR;)

  • Users retain ownership of all content they create or upload. Process Feedback only processes or stores content when users explicitly save or share reports or when required under an institutional agreement. Read more in Section 4.
  • Process Feedback uses personally identifiable information only to operate and support its services, comply with legal obligations, and fulfill user- or institution-requested purposes. Read more in Section 5.
  • Process Feedback does not use Google Analytics or similar tracking tools within its core editor pages or report-viewing pages. Limited analytics may be used on the public website and support services. Read more in Section 7.

1. Introduction

a) Web site owner

Process Feedback, LLC ("PF") operates and owns the processfeedback.org Web Site. For any privacy-related inquiries or concerns, you can contact PF via email at contact@processfeedback.org. This privacy notice outlines PF's information practices concerning the PF Web Site, detailing the types of personally identifiable information requested, how this information is utilized, and the parties with whom it may be shared. Please note that other PF websites may be governed by privacy notices with differing information practices.

b) Anonymous web site visits

You can freely visit the PF Web Site without the need to disclose personal information. However, please be aware that certain non-personal data, such as cookies or analytics data, may be collected for the purpose of optimizing site functionality and improving user experience. This includes the use of analytics tools that track aggregate user data to understand website usage patterns and trends.

2. Product categories and data handling

Unless explicitly stated and voluntarily initiated by the user, Process Feedback applications do not automatically transmit and store any writing, code, or document content from any tool, extension, or service. This includes all browser extensions, web editors, compiler tools, and any future Process Feedback products.

a) Browser extensions (for Google Docs, online editors, LMSs, etc.)

Process Feedback provides several browser extensions such as "Process Feedback for Google Docs." These extensions access only the content of the active document or page the user is viewing or editing. They do not access other Google Drive files, browsing history, emails, or unrelated data. These extensions operate locally within the user's browser by default.

Process Feedback extensions transmit and store data only when a user chooses to use the "Share this Report" feature. If requested, Process Feedback can disable this specific "Share this Report" feature for specific email domains, ensuring that users from that domain cannot use the feature and are prevented from submitting or transmitting any data to Process Feedback servers. Institutions may request such domain-level blocking of the data sharing feature, preventing data submission from designated domains. For example, we can block all users from ".pf.edu" domain from accessing this feature.

When a user opts to share data, the following data may be securely stored on Process Feedback-managed servers for the purpose of generating or delivering the requested report.

  • Name and email address
  • Document identifiers (e.g., Google Docs document ID)
  • Document name or metadata
  • Writing-process information: text changes, insertions, deletions, paste actions, timestamps, revision metadata, contributor identifiers
  • IP address and system metadata required for secure transmission

Users may delete their stored documents or reports at any time via the report page interface.

b) Online editors

Process Feedback provides built-in editors that allow users to write, revise, and analyze their working process directly within the Process Feedback application. These editors collect only the information necessary to provide the requested functionality, such as:

  • Writing activity
  • Revision patterns
  • User-entered text, code, or uploaded files
  • Typing metrics, pause durations, paste events, and document changes
  • Optional user-provided metadata (assignment name, class information, etc.)

All writing and activity data remains on the user's device and is not transmitted to Process Feedback servers unless the user chooses to save or share a writing-process report. When a user saves or exports a report, only the information included in that report is stored on Process Feedback-managed servers. Users may delete their stored documents or reports at any time.

c) Online compilers

Process Feedback provides an online code-execution environment ("Online Compiler") for educational use. When a user submits code for execution, the following information may be processed:

  • The code the user chooses to run
  • Input provided by the user
  • Execution output, errors, and performance logs
  • Language and runtime selection
  • System metadata required for security and rate limiting (e.g., IP address)

No source code, execution logs, or compiled artifacts are shared with third parties.

d) Use of generative AI

Process Feedback does not offer any generative AI feature when users access it via browser extensions such as "Process Feedback for Google Docs" or "Process Feedback."

When users utilize Process Feedback's Online Editor or Online Compiler, they can access safeguarded and constrained versions of generative AI tools. These tools are not configured for open, two-way conversational interaction. Instead, they provide targeted, function-specific assistance, such as offering options for correcting grammar, suggesting teacher-approved feedback options, or generating explanations for code or execution errors.

  • The interaction with the generative AI (the prompt sent and the direct response received) is processed ephemerally and is not logged or stored on Process Feedback-managed servers.
  • However, outputs of the AI tool become a part of the document's content and are then logged as revision events.
  • The document's history and all revision events, including those resulting from AI-assisted changes, are retained on the user's device or stored on Process Feedback-managed servers only if the user explicitly saves or shares a writing-process report.
  • Users retain full ownership of their data (including text, code, and documents), and this data is strictly prohibited from being used for any kind of AI model training. All prompts and outputs are handled in accordance with our data minimization and privacy policies.

3. Support chat across all products

Process Feedback also offers a customer support chat to assist users. When a user initiates a support chat, the chat service provider may collect standard website analytics and chat-related metadata (e.g., IP address, browser information, pages visited, and chat content). No Google Docs data or student writing data is automatically transmitted through this support feature. The specific chat service provider used may change over time.

4. Personal information that may be collected

a) Identifying information

In order to access designated services and/or restricted features within the processfeedback.org website, PF may request a user to provide certain personal identifying information, which may include: name, title of the document or coding project, affiliation, email address, and personal written/typed content. PF may request additional information necessary to secure and maintain user data online. Users of the processfeedback.org website retain ownership of all content that they upload, post, or otherwise make available on the site. Users are responsible for maintaining the links to the content they have created. PF does not have the ability to retrieve this information for users.

b) Information from children

Process Feedback is committed to protecting the privacy of students and young users. Our services are designed for educational institutions and students aged 13 and above. In jurisdictions where the minimum age of digital consent is 13 (such as the United States under COPPA), students who are at least 13 years old may use our services and provide personal data without requiring parental consent. In jurisdictions where a higher age threshold applies (such as 16 under the GDPR), we act as a data processor on behalf of the educational institution (the data controller). In such cases, it is the responsibility of the institution to ensure that any required consents, including parental consents where applicable, have been obtained prior to a student's use of our services. We do not knowingly collect personal data from children under the applicable age of digital consent without the appropriate authorization. If we become aware that we have inadvertently received such data, we will take steps to delete it. Please note that in order for us to process the request for the removal of a user's information, the parent or guardian will need to provide sufficient information to identify the child's account or data. We do not use personally identifying information collected from children for marketing or promotional purposes, and we do not disclose such information to any third party for any purpose whatsoever. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at contact@processfeedback.org.

c) Lost or stolen information

Users must submit removal requests from the email address associated with the stored content and are responsible for maintaining a copy of their content identifiers (IDs) to facilitate removal requests. It's important to note that even after user content is removed, it may still exist in cached or archived forms, or if other users have copied or stored the content. PF shall not be liable for any damages arising from the retention or dissemination of user content once it has been removed from the site. Notwithstanding the foregoing, for data covered by a signed Data Privacy Agreement (DPA) with an institution, PF will rely solely on the written instruction of the institution (the Data Controller) to delete identified data.

d) Links to other web sites

PF Web site may contain links to, or information from, other web sites. PF is not responsible for the privacy practices or the content of those other Web sites.

5. Uses made of the information

a) Limited uses identified

PF will only use your personal identifiable information for the purposes for which it is submitted, unless we obtain your prior consent for other uses. These purposes include but are not limited to: replying to inquiries, handling complaints, providing operational notices, and maintaining program records. We will not use your personal identifiable information for any other purpose without your explicit consent.

b) Marketing uses

PF shall refrain from utilizing the information you provide for direct marketing objectives or disseminating such information for direct marketing endeavors without your explicit consent. Nonetheless, aggregated and anonymized statistics obtained from user data may be disseminated for analytical or statistical intents.

c) Stored information uses

PF stores and retains the information entered on the PF website and uploaded to PF servers for a duration of around six (6) months. During this period, you have the option to download the stored information at any time. We strongly recommend downloading the information as a precaution against potential server failures.

6. Disclosure of the information

a) Within the corporate organization

PF may share your personal information within the PF corporate organization, and may transfer the information to countries in the world where PF conducts business. In such countries, PF will still handle user personal information in the manner described herein. Notwithstanding the foregoing, where PF has executed a separate written Data Privacy Agreement (DPA) or Addendum with an institution, the terms of that agreement will supersede this section and govern the data retention, deletion, and disposal requirements.

b) Mergers and acquisitions

Process Feedback may, for sound business reasons, choose to sell, buy, merge, or otherwise reorganize its businesses. In the event of such a transaction, the transfer of company assets may involve the limited disclosure of user information, including PII, to prospective or actual purchasers for the purpose of due diligence. PF will only disclose the minimum necessary PII required for the transaction and will do so under strict confidentiality agreements. Notwithstanding the foregoing, where PF has executed a separate written Data Privacy Agreement (DPA) or Addendum with an institution, the terms of that agreement will supersede this section and govern the disclosure of any Personally Identifiable Information (PII) related to that contract. Disclosure of such PII will be handled solely in accordance with the executed DPA, which typically requires prior written notice to the institution.

c) Agents

PF employs or engages other companies and individuals to perform business functions on behalf of PF. These persons are provided with personal identifying information required to perform their functions, but are prohibited by contract from using the information for other purposes. These persons engage in a variety of functions which include, but are not limited to, fulfilling orders, delivering packages, removing repetitive information from user lists, analyzing data, providing marketing assistance, processing credit card payments, and providing user services.

d) Disclosure to governmental authorities

Under certain circumstances, personal information may be subject to disclosure pursuant to a judicial or other government subpoenas, warrants, or orders.

7. Use of computer tracking technologies

a) Tracking of personal information

PF and its third-party components may utilize cookies, local storage (such as Session Storage or IndexedDB), and other technologies to collect identifiable and personal information. A cookie, an alphanumeric identifier, can be transferred to a user's hard drive via their browser. Once stored on the user's computer, the cookie serves as an anonymous tag identifying the computer, not the user. Cookies and other local storage mechanisms may be sent by PF or its third-party vendors. Users have the option to configure their browsers to receive notifications before accepting cookies, allowing them to decide whether to accept them. Users may also clear stored data in their browser settings. However, disabling or clearing this data may result in certain websites and PF features not functioning properly.

b) Use of cookies

PF and its third-party components may utilize cookies to collect identifiable and personal information through various technologies. A cookie, an alphanumeric identifier, can be transferred to a user's hard drive via their browser. Once stored on the user's computer, the cookie serves as an anonymous tag identifying the computer, not the user. Cookies may be sent by PF or its third-party vendors. Users have the option to configure their browsers to receive notifications before accepting cookies, allowing them to decide whether they accept them. However, disabling cookies may result in certain websites not functioning properly.

c) Use of web beacon technologies

PF may also use Web beacons or other technologies to better tailor its Web site(s) to provide better user service. If these technologies are in use, when a visitor accesses these pages of the Web site, a non-identifiable notice of that visit is generated, which may be processed by PF or by its suppliers. Web beacons usually work in conjunction with cookies. If user does not want cookie information to be associated with user's visits to these pages, user can set its browser to turn off cookies; however, Web beacon and other technologies will still detect visits to these pages, but the notices they generate cannot be associated with other non-identifiable cookie information and are disregarded.

d) Collection of non-identifiable information

PF may collect non-identifiable information from user visits to the PF website(s) to improve user service. This may include traffic analysis, such as tracking the domains from which users visit or the number of visitors, measuring visitor activity on PF website(s), website and system administration, user analysis, and business decision-making. Additionally, non-identifiable information may encompass data such as screen size, type of browser, operating system, and device type. This information, often referred to as "clickstream data," may be utilized by PF or its contractors to analyze trends and statistics, thereby enhancing the overall user experience.

e) Collection of personal information

PF collects personal identifying information from users during various interactions, including the use of online storage and initiating chats. This information is primarily used and analyzed at an aggregate level, not at an individual level, to help PF understand trends and patterns. While individual-level review of this information is not typical, in the event of system errors or debugging processes, PF may access and utilize personal information to diagnose and resolve technical issues. Additionally, when users initiate chats, personal information may be collected as part of the chat interaction to provide support and assistance.

f) Use of analytics on the public website

PF utilizes Google Analytics solely on its public-facing website, http://www.processfeedback.org, for the purpose of understanding visitor interactions and enhancing the user experience. This analytics data is collected in an aggregate form and does not include personally identifiable information.

g) No analytics on core application

PF does not employ Google Analytics or any other similar tracking or analytics tools within its core application. For example, the Chrome extension page at http://app.processfeedback.org/gdocs or the online editor at http://app.processfeedback.org/writing do not incorporate any analytics technologies.

8. Information security

a) Commitment to online security

PF employs physical, electronic, and managerial procedures to safeguard the security and integrity of personal information.

b) No liability for acts of third parties

PF will exercise all reasonable efforts to safeguard the confidentiality of user personal information. However, transmissions protected by industry standard security technology and implemented by human beings cannot be made absolutely secure. Consequently, PF shall not be liable for unauthorized disclosure of personal information due to no fault of PF, including but not limited to errors in transmission and unauthorized acts of PF staff and/or third parties.

9. Privacy policy changes and opt-out rights

a) Changes to the privacy policy

PF reserves the right to change its privacy policy at any time. When PF makes changes to its privacy policy, we will post the updated policy on our website and update the effective date. For material changes, we will take reasonable steps to notify users in a timely and effective manner, including by requiring users to acknowledge and agree to the updated Privacy Policy before continuing to use Process Feedback and, where appropriate, by sending a notification email to the email address associated with the user's account or the applicable school board, district, or institutional account. We encourage you to review our privacy policy periodically to stay informed about how we protect your information. Notwithstanding the foregoing, where PF has executed a separate written Data Privacy Agreement (DPA) or Addendum with an institution, the terms of that agreement will supersede this section and govern the amendment process for any material change concerning the privacy, security, use, or disclosure of data covered by that contract. Such material changes will require advance written notice to the institution.

b) Opt-out right

Users have the right at any time to cease permitting personal information to be collected, used, or disclosed by PF and/or by any third parties with whom PF has shared and/or transferred such personal information. The right of cancellation may be exercised by contacting PF via email at contact@processfeedback.org. In order to facilitate the deletion of personal information, users must provide all necessary details as requested by PF. Upon receipt of the request and necessary information, PF will promptly delete the user's personal information from its database.

10. Access rights to data

a) Information maintained by PF

Upon the user's request, PF will provide a reasonable description of the personally identifiable information that PF maintains in its database. Users can contact PF via email at contact@processfeedback.org to request this information. It's important to note that PF cannot access or delete user content without specific identification of the data being stored. Therefore, individual users and non-DPA accounts must submit their requests from the email address associated with the content and are advised to maintain a copy of the identification details associated with their content. These details will be necessary when making requests to remove their content from PF's database. Notwithstanding the foregoing, for data subject to a signed Data Privacy Agreement (DPA) with an institution, PF will accept and execute deletion instructions submitted in writing by the institution (the Data Controller).

b) Your California privacy rights

California's privacy laws require a company to provide notice to California users of their rights to receive information on which entities their information was shared for marketing purposes. While PF may not collect personal information for direct marketing purposes, we acknowledge your rights as a California resident under California Civil Code Section 1798.83. If you have any questions or concerns regarding PF's handling of personal information, you may contact us at contact@processfeedback.org. While we may not have direct marketing practices, we are committed to providing transparency regarding your personal information. If applicable, within 30 days of receiving such a request, PF will provide information regarding the categories of personal information that may be disclosed to third parties for their direct marketing purposes, if any, along with the names and addresses of these third parties. Please note that in order to fulfill your request, we may require you to provide necessary identification or verification details. This request may be made no more than once per calendar year. Additionally, PF reserves its right not to respond to requests submitted other than to the specified email address.

11. Data breach response

In the event of a security incident or data breach involving personal information, Process Feedback will promptly investigate the incident, contain the breach, and assess its scope and impact. We will notify affected individuals and relevant authorities without undue delay. When we have a valid email address on file, we will provide notice by direct email to the email address associated with the affected user's account and, where applicable, to the email address associated with the relevant school, board, district, or institutional account or designated contact. Our breach response plan includes measures to mitigate harm, prevent recurrence, and protect the integrity and confidentiality of personal information.

12. Educational use and data processing

When Process Feedback is used in an educational setting, we act as a Data Processor on behalf of the school or institution, which serves as the Data Controller. This means:

  • We process personal data solely on the instructions of the school or institution.
  • We do not use personal data for any purpose other than to provide our services as agreed with the institution.
  • We maintain appropriate technical and organizational measures to protect the security and confidentiality of personal data.

13. For school users

When used under a school agreement, our handling of student data is governed by applicable student privacy laws and a signed Data Privacy Agreement.

14. Accountability

a) Questions, problems, or complaints

If you have a question about this policy statement or a complaint about PF's compliance with this privacy policy, you may contact PF by email at contact@processfeedback.org.

b) Terms of use

By choosing to use PF's services, you hereby acknowledge and accept PF's practices as described in this Privacy Policy. Any dispute over privacy between you and PF is subject to the provisions of this notice and to PF's Terms of Service Agreement, which is hereby incorporated by reference. You can review the Terms of Service Agreement at processfeedback.org/terms.

Read: Terms and Conditions Read: Docs for Institutions
We are still working on a short course for students. Please stay tuned!