Is there a free plan?

Yes. The free plan includes 1 board, up to 100 posts, and unlimited users — free forever, no credit card required.

How is pricing calculated?

Flat $20/mo per workspace (or $200/year). No per-user charges, no tracked-user limits. Your price stays the same whether you have 10 or 10,000 users giving feedback.

Can I embed it in my app?

Yes. Drop a single script tag into your site. Supports open mode for quick setup or HMAC-signed authentication to automatically identify your logged-in users.

Do my users need to create accounts?

No. When embedded, users are authenticated through your app automatically — no separate signup. On the public board, they sign in with a magic link. No passwords needed.

Can I customize the workflow?

Yes. Pro workspaces can rename, recolor, and reorder post statuses to match your team's actual workflow — from "New idea" to "Shipped" or anything in between.

Is data isolated between workspaces?

Completely. Each workspace has its own users, posts, and settings. A user in one workspace has no connection to another — by design.

How does Feedbakery differ from Canny?

Feedbakery offers a free plan with unlimited users and a Pro tier at $20/mo — roughly 4× cheaper than Canny's $79/mo starter plan. Unlike Canny, Feedbakery charges a flat workspace fee with no per-tracked-user pricing, includes passwordless magic link login, Telegram notifications, and HMAC-signed embed authentication on the Pro plan.

Can I import data from Nolt or Canny?

Yes. Feedbakery includes an import tool so you can migrate your existing posts and votes from Nolt or Canny without losing your history.

Does Feedbakery include a public roadmap?

Yes. Every workspace includes a public roadmap view that groups posts by status — so users can see what's planned, in progress, and shipped without leaving your product.

Privacy Policy

Effective Date: December 13, 2018

Last Updated: March 25, 2026

Website: https://feedbakery.io

How we collect, use, and protect your personal data.

1. Introduction

This Privacy Policy describes how Feedbakery (formerly known as TheBeyond.io) ("we," "us," or "our"), operated from Chisinau, Republic of Moldova, collects, uses, stores, and protects personal information when you use our customer feedback management platform (the "Service") available at https://feedbakery.io.

We are committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR) where applicable.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Roles and Responsibilities

2.1 When We Are the Data Controller

We act as the data controller for the personal data of Tenants (business customers) and Staff members who register and manage accounts on Feedbakery. This includes registration data, account information, billing data, and usage analytics.

2.2 When We Are the Data Processor

When a Tenant uses Feedbakery to collect feedback from their End Users, the Tenant is the data controller and we act as the data processor. We process End User data on behalf of and under the instructions of the Tenant.

Tenants are responsible for providing appropriate privacy notices to their End Users and for ensuring they have a lawful basis for collecting End User data through the Service.

3. Information We Collect

3.1 Tenant and Staff Information

When you register for an account, we collect your email address, name (if provided), password (stored in hashed form), and organization or company name (if provided).

3.2 End User Information

When End Users interact with a Tenant's feedback board, we collect (on behalf of the Tenant) email addresses (for authenticated users), display names, feedback content (posts, votes, comments), IP addresses (for rate limiting and anonymous session management), and browser user agent information.

3.3 Payment Information

Payment processing is handled by Paddle (Paddle.com Market Limited), our Merchant of Record. We do not directly collect or store credit card numbers or bank account details. Paddle may share with us transaction identifiers, subscription status, and billing country for the purpose of managing your subscription.

3.4 Automatically Collected Information

When you use the Service, we may automatically collect IP addresses, browser type and version, device information, pages visited and features used, timestamps of access, and referral URLs.

We use this information for security (rate limiting, abuse prevention), service improvement, and analytics.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve the Service, including account management, authentication, and feature delivery.
Communication: To send transactional emails (magic links, status notifications) and, with your consent, promotional communications.
Security: To protect against unauthorized access, abuse, and fraud through rate limiting, session management, and monitoring.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Analytics: To understand how the Service is used and to improve our offerings.

5. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) and where GDPR applies, our legal bases for processing personal data are:

Contract Performance: Processing necessary to provide the Service under our Terms and Conditions (Article 6(1)(b) GDPR).
Legitimate Interests: Processing necessary for our legitimate interests, such as fraud prevention, security, and service improvement, where these interests are not overridden by your rights (Article 6(1)(f) GDPR).
Legal Obligation: Processing necessary to comply with a legal obligation (Article 6(1)(c) GDPR).
Consent: Where you have given explicit consent for specific processing activities, such as marketing communications (Article 6(1)(a) GDPR).

6. Data Sharing and Third-Party Services

We do not sell your personal data. We may share your information with the following categories of third parties, solely for the purposes described in this policy:

Paddle (Paddle.com Market Limited): Payment processing and subscription management. Paddle acts as our Merchant of Record and has its own privacy policy.
Mailgun (Sinch Email): Transactional email delivery (magic links, notifications).
Bugsnag (SmartBear): Error tracking and application monitoring.
PostHog: Product analytics. PostHog collects anonymized usage data (page views, feature usage, session information) to help us understand how the Service is used and improve it. PostHog sets a first-party cookie to identify returning visitors across sessions. For more details, see Section 11 (Cookies and Tracking).

We may integrate additional third-party services in the future. This Privacy Policy will be updated accordingly, and material changes will be communicated to active Tenants.

We may also disclose your information if required to do so by law or in response to valid legal requests from public authorities (e.g., a court order or government agency).

7. Data Storage and Security

Your data is stored on servers located in the European Union (Amsterdam, Netherlands). We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data in transit (TLS/SSL)
Secure hashing of passwords and authentication tokens
Rate limiting to prevent abuse
Access controls and authentication for administrative functions
Regular security reviews
Soft deletion to prevent accidental data loss

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Tenant and Staff accounts: Data is retained for the duration of the account. Upon account deletion, personal data is removed within 30 days, except as noted below.
End User data: Retained for the duration of the Tenant's account. When a Tenant deletes a project or account, associated End User data is removed within 30 days.
Transaction records: Billing and transaction data may be retained for up to 7 years after the end of the business relationship, as required by applicable tax and accounting regulations.
Security logs: IP addresses and access logs used for security purposes are retained for up to 90 days.

Soft-deleted data (posts, comments, accounts) may remain in our database in a deactivated state for up to 30 days before permanent deletion.

9. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
Right to Erasure: You may request the deletion of your personal data, subject to legal retention requirements. We will delete your data within 30 days of a verified request, except for transaction records we are legally required to retain.
Right to Restriction: You may request that we restrict the processing of your personal data under certain circumstances.
Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
Right to Object: You may object to the processing of your personal data based on legitimate interests.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

If you are an End User and wish to exercise your rights regarding data collected through a Tenant's feedback board, please contact the Tenant directly, as they are the data controller for that data.

10. International Data Transfers

Our servers are located in the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU. For individuals in the EEA, this means your data remains within the EU and no additional transfer mechanisms are required.

Our third-party service providers may process data outside the EU. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

11. Cookies and Tracking

Essential Cookies

The Service uses essential cookies and local storage for authentication session management, CSRF protection, and user preferences. These are strictly necessary for the operation of the Service and do not require consent.

Analytics Cookies

We use PostHog, a product analytics platform, to understand how the Service is used and to improve our offerings. PostHog sets a first-party cookie (ph_*_posthog) that assigns a unique, anonymous identifier to your browser. This cookie persists across sessions and enables us to analyze usage patterns, such as which features are most used and how users navigate the Service. The cookie does not contain your name, email, or other directly identifying information.

Your choice: When you first visit the Service, you will be asked whether you consent to analytics cookies. You may accept or decline, and you can change your preference at any time via the cookie settings link in the page footer. If you decline, no analytics cookies are set and no usage data is collected by PostHog.

We do not use any third-party advertising or marketing cookies.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Effective Date." For material changes that affect how we process your data, we will also notify active Tenants via email at least 14 days before the changes take effect.

14. Data Protection Contact

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

Email: [email protected]
Website: https://feedbakery.io

If you are in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.