Privacy Policy
Effective Date: January 2020
Last Updated: 2/14/2025
JabFab, Inc. (“JabFab,” “we,” “us,” or “our”) is a Delaware corporation committed to protecting privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Health Insurance Portability and Accountability Act (HIPAA).
This Privacy Policy explains how we collect, use, and protect data when organizations use JabFab to optimize service quality through real-time and reflective feedback.
1. Who Uses JabFab and How Accounts Are Created
JabFab is a B2B2C platform designed for organizations to manage and improve service quality. Only designated Admin users receive JabFab accounts, which are manually created by JabFab’s Customer Success Team (CSM) upon request from an organization.
There is no public sign-up for JabFab accounts. Customers, employees, vendors, or guests who provide feedback do so without creating an account. Feedback is submitted only in response to specific requests from an organization using JabFab.
Admins are responsible for launching and managing feedback projects, receiving operational alerts, and using service insights to drive improvements. Frontline service teams do not need accounts—they act on operational alerts sent by Admins.
2. Information We Collect and Why
2.1 Admin Account Information
JabFab collects only the data necessary to enable service improvement. For Admin users, this includes:
-
Name
-
Email address
-
Role within the organization
-
Company affiliation
-
Optional profile details (such as communication type preferences, SMS number and notification settings)
This information is used strictly for account authentication, service administration, and communication regarding platform use.
2.2 Feedback Data from Audiences
JabFab does not collect personal data from individuals providing feedback. Feedback responses are designed to be hyper-local (if using real-time engagement) and situational, meaning:
-
Service teams receive operational insights without requiring identifying details from respondents.
-
In healthcare settings, patient feedback remains completely anonymous. No personally identifiable health information (PHI) is collected, in compliance with HIPAA.
-
Organizations cannot track or link feedback responses to specific individuals unless internal use or the respondent voluntarily provides contact details (e.g., for follow-up).
2.3 Location Awareness
JabFab does not actively track user location via GPS or device-based location services.
-
Any location metadata attached to a feedback response (e.g., from device settings) is not used for tracking or determining user location.
-
JabFab’s location awareness is operationally derived from the Audience Map—not from device GPS, user input, or external tracking services.
-
Users can disable location sharing via their device settings at any time and it will have no impact on the real-time hyperlocal use cases
3. How We Use Information
JabFab’s data is used exclusively to optimize service operations, including:
-
Providing Admins with actionable service insights to improve response times and customer satisfaction.
-
Delivering instant alerts to Admins so they can resolve service gaps before they escalate.
-
Enabling reflective analytics to help organizations drive long-term service improvements.
-
Using AI-driven sentiment analytics to identify trends and recommend actions.
JabFab does not use collected data for advertising and does not sell personal information to third parties.
Organizations using JabFab may choose to display informational or promotional content within feedback interactions (e.g., directing users to social media, support resources, or relevant services). However, JabFab does not allow external third-party advertising or tracking.
4. Activity and Log Data
JabFab automatically collects usage data to monitor platform performance, prevent abuse, and improve service quality. This may include:
-
Pages viewed within the platform
-
Browser type and operating system
-
IP address (for anonymous session tracking and security)
-
Requested URLs, timestamps, and referring URLs
-
General analytics on service interactions
For anonymous feedback responses, JabFab logs IP addresses but does not consider IPs to be Personal Information. This data is used in aggregate to improve platform functionality.
5. Security and Data Protection
We use industry-standard encryption, secure data storage, and strict access controls to protect all information. Admins have restricted access based on organizational roles and strong passwords.
For organizations in regulated industries such as healthcare, JabFab complies with HIPAA by ensuring that no patient-identifiable information is collected. Feedback remains anonymous and operationally relevant, allowing service teams to respond effectively without needing personal data.
6. Compliance with Data Protection Laws
JabFab complies with GDPR, CCPA/CPRA, and HIPAA, ensuring:
-
Right to Access (GDPR/CCPA): Admin users can request access to their account data.
-
Right to Deletion (GDPR/CCPA): Admin users may request deletion of their personal data, subject to legal and operational requirements.
-
HIPAA Compliance: No collection of Protected Health Information (PHI).
Privacy-related requests may be sent to privacy@jabfab.com.
7. Data Retention and Deletion
-
Admin user data is retained as long as the organization maintains an active JabFab account.
-
Feedback data is stored in non-personalized, aggregated form to support service analytics.
-
Organizations may request data deletion by contacting privacy@jabfab.com.
8. Third-Party Service Providers and Future Payments
JabFab does not sell personal data. However, we use third-party service providers for technical support, analytics, and security.
If JabFab introduces paid services in the future, payment processing will be handled exclusively by third-party providers, and we will not store credit card details.
9. Investigations and Legal Compliance
JabFab reserves the right to investigate abuses of the platform and enforce its Terms of Service. We may disclose information if necessary to:
-
Comply with legal requirements (e.g., subpoenas, law enforcement requests).
-
Protect our rights and the safety of our users.
-
Prevent fraud, security breaches, or illegal activity.
10. International Data Transfers
JabFab operates globally, and data may be processed in the United States or other jurisdictions in compliance with applicable laws. By using JabFab, users consent to data transfers to the U.S. and understand that privacy laws may differ from their home country’s regulations.
11. Opt-Out & Managing Communication Preferences
Admin users can manage email notifications via their JabFab dashboard settings.
For commercial email opt-outs, users can email do-not-email-me@jabfab.com, and we will process the request promptly.
12. Children's Privacy
JabFab is not directed at children under 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal data, we will delete it immediately. Parents or guardians may request deletion by contacting privacy@jabfab.com.
13. Modifications to This Privacy Policy
JabFab may update this Privacy Policy periodically. Major updates will be communicated to Admin users directly. Continued use of the platform after changes take effect constitutes agreement to the revised policy.
14. Contact Information
For privacy-related concerns, contact:
📧 privacy@jabfab.com
📍 JabFab, Inc., a Delaware corporation