Privacy Policy
Last updated: June 2026
This Privacy Policy describes how Nordex Technologies Inc. ("we," "us," or "our") collects, uses, and protects information in connection with the HEAR+ASK platform (the "Service"). We take privacy seriously and have engineered the Service with data isolation and security as foundational principles.
1. What data we collect
We collect the following categories of information:
- Business account data: name, email address, business name, billing information, and authentication credentials.
- Customer submission data: feedback, ratings, survey responses, votes, and any contact information that customers voluntarily provide when responding to a business's campaigns.
- Device fingerprint: a non-personally-identifiable hash used to prevent duplicate submissions and fraudulent activity.
- Usage analytics: aggregated metrics about how businesses interact with the Service to improve product reliability and performance.
2. How we use data
We use collected information to:
- Provide, maintain, and improve the Service.
- Send transactional emails (account confirmations, billing receipts, feedback notifications).
- Process payments and subscriptions via Stripe.
- Generate AI-powered insights derived from the business's own feedback data.
- Detect, investigate, and prevent fraud or abuse.
3. Data isolation
Each business's data is completely isolated from every other business on the platform. We enforce isolation at the database level using Row-Level Security (RLS) on every table. No business can read, query, or access another business's data under any circumstances.
4. Data sharing
We do not sell personal data. We share data only with the limited set of infrastructure providers required to operate the Service:
- Stripe — payment processing.
- Resend — transactional email delivery.
- Google — AI processing for insights generation.
- Supabase — database and authentication infrastructure.
5. Data retention
Businesses can delete their data at any time from within their account. Customer submissions are retained for as long as the associated business account remains active. When an account is deleted, all associated data is permanently removed from active systems within 30 days.
6. Customer rights
Customers who have submitted feedback, votes, or survey responses can request deletion of their submitted data by contacting us at contact@hearandask.com. We will process verified deletion requests within 30 days.
7. Cookies
We use a minimal set of cookies, limited to session management and authentication. We do not use third-party advertising or tracking cookies.
8. Security
We protect data with industry-standard security controls:
- TLS 1.3 encryption for all data in transit.
- AES-256 encryption for data at rest.
- Row-Level Security enforced on every database table.
- Regular security audits and dependency scanning.
9. Contact
Questions about this Privacy Policy or our data practices? Contact us at contact@hearandask.com.