Privacy Policy

Last updated: 26 June 2026

Produck (“we”, “us”, “our”) is a browser extension and feedback platform that lets product teams capture voice feedback with screenshot annotations and session context on any web page. This privacy policy explains what data the Produck extension, SDK, and dashboard handle and why.

What We Collect

From End Users (Those Submitting Feedback)

When you initiate a capture using the global hotkey (Cmd+Shift+Z on macOS, Ctrl+Shift+Z on Windows/Linux), tap the capture widget, or interact with a site that integrates the Produck SDK, we collect the following:

Microphone audio: Only while you are actively recording. Audio is streamed in real-time to our transcription service and is not retained or stored by Produck. Only the transcript is kept as part of your feedback item. The microphone is never accessed in the background or without an explicit recording action.
Transcript text: Automatically generated from your recording by our transcription service. The transcript accompanies your feedback item in your team’s dashboard.
Screenshot of the active tab: Captured at the moment you start a capture, so feedback has visual context. Only the current tab is read.
rrweb snapshot: A serialized DOM snapshot of the captured page, including visible page structure and selected element information, to help your team reproduce the exact state of the page.
Session replay data: A time-stamped event stream of user interactions (clicks, scrolls, keystrokes) leading up to the capture, enabling your team to replay the interaction context.
Console and network logs: A summary of browser console output and network requests (method, status code, path) from the captured session, to help diagnose issues.
Page metadata: URL, page title, viewport size, and browser version of the captured tab.
Account identifier: Your Produck user or workspace ID, to associate submitted feedback with the correct team dashboard.

From Admins and Account Holders

When you create a Produck account or access the dashboard, we also collect your email address, name, and company name; billing information (processed securely by our payment provider — we do not store full payment card details); usage data (pages visited, features used, and error logs); and technical data (IP address, browser type, and operating system).

From the Extension (Local Data)

Local extension storage (via the browser storage API) is used to cache your session, preferences, and the current state of rolling session data on your device.

What We Do Not Do

We do not record audio, capture screenshots, or read page content unless you explicitly start a capture.
We do not sell your data to advertisers, data brokers, or third parties for any purpose.
We do not use your data for advertising, personalized marketing, or for creating user profiles unrelated to feedback processing.
We do not access pages or tabs you are not actively capturing.
We do not use your data to determine credit-worthiness or for lending purposes.

How Data Is Processed and Stored

When you submit feedback, the audio, transcript, screenshot, snapshot, session replay, console/network logs, page URL, and your account identifier are sent over an encrypted TLS connection to Produck’s servers. All data is made available only inside your team’s research dashboard.

Sub-processors

We rely on the following third-party services to operate Produck. Each is bound by contractual data protection obligations.

Sub-processor	Purpose	Location
OpenAI	Real-time speech-to-text transcription via the Realtime API	United States
Cloudflare R2	Encrypted object storage for screenshots, session replay data, transcripts, and other feedback artifacts	United States
Neon	PostgreSQL database hosting for feedback metadata and account records, plus OAuth identity services	United States

Chrome Web Store Limited Use

Because we process audio, Produck complies with the Chrome Web Store Limited Use policy. Specifically:

We limit use of collected data to the single disclosed purpose: providing feedback capture, transcription, and team review functionality.
We do not sell, transfer, or use data for personalized advertising, ad targeting, or credit-worthiness determination.
We do not allow humans to read raw feedback data except: (a) with your explicit consent for a specific support request, (b) for aggregated/anonymized internal operations, (c) for security purposes, or (d) as required by law.
We request only the minimum permissions necessary to provide our service. For details, see the Permissions Justification section below.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Permissions Justification

The extension requests the following permissions:

Permission	Why
`activeTab` & `tabs`	To capture the currently viewed tab and its metadata on any website.
`scripting`	To inject the capture canvas and inspector overlay onto the active page.
`storage` & `unlimitedStorage`	To cache session state, user preferences, and rolling replay data locally.
`offscreen`	To run audio recording and transcription processing off the main extension thread.
`cookies`	To maintain your Produck authentication session across extension sessions.
`commands`	To register the global hotkey (Cmd+Shift+Z / Ctrl+Shift+Z) that triggers capture.
`<all_urls>`	Feedback can be captured on any website the user chooses; we access no host unless the user explicitly initiates a capture there.

Security

All data is transmitted over TLS 1.3 (HTTPS) between the extension, our API, and storage services.
Data at rest is encrypted using AES-256.
Dashboard access requires authentication via Neon OAuth.
Session tokens are short-lived and rotated automatically.

Data Retention and Deletion

Feedback items are retained until you or your workspace administrator delete them from the Produck dashboard. Account and personal data are retained for as long as your account is active, plus 30 days thereafter for recovery, unless a longer retention period is required by law.

To request deletion of your account and all associated data, email [email protected]. We will honor deletion requests within 30 days.

Your Rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, email [email protected]. We aim to respond within 30 days.

Children

Produck is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us immediately and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via in-product notice or email at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

For privacy-related questions or data requests, contact Produck Inc. via [email protected] or tryproduck.com.