๐Ÿ‡ช๐Ÿ‡บ EU data processing

How Fluister protects your data โ€” fully within the EU

Data is stored in Germany. No export to the US. No cookies. No third-party trackers. GDPR-compliant by design โ€” not as an afterthought.

๐Ÿ‡ฉ๐Ÿ‡ช Servers: Hetzner, Nuremberg๐Ÿšซ No US data transfer๐Ÿช No tracking cookiesโš–๏ธ GDPR by design

Where is your data stored?

Fluister runs exclusively on European infrastructure. There is no scenario in which your feedback data leaves the EU.

๐Ÿข

Hosting: Hetzner Online GmbH

  • Location: Nuremberg, Germany
  • ISO 27001 certified data center
  • No sub-processors outside the EU
  • Hetzner is a German company โ€” governed by EU law
๐Ÿ—„๏ธ

Database: PostgreSQL (local)

  • PostgreSQL runs on the same server
  • No managed cloud database (no AWS RDS, no GCP)
  • Backups stored in the same EU region
  • Data never leaves the server automatically
๐Ÿค–

AI processing: OpenAI (opt-in)

  • Feedback text is anonymized before AI analysis
  • Max 500 characters, no PII included
  • OpenAI Zero Data Retention policy active
  • AI triage can be disabled per project

What data does Fluister collect?

Fluister collects as little as possible. No session tracking, no behavior profiles, no advertising cookies.

โœ“ What we collect

  • Feedback text (submitted by the user)
  • Page URL where the feedback was submitted
  • Timestamp of submission
  • Optional: email address for follow-up (only if the user provides it)
  • Screenshot (only if the user explicitly adds it)

โœ— What we do NOT collect

  • IP addresses (not stored)
  • Browser fingerprint or device info
  • Session behavior or click paths
  • Advertising or retargeting data
  • Cookies (widget works without)
  • Cross-site tracking

Why do you not need a cookie consent banner?

GDPR requires a cookie consent banner if you place tracking or marketing cookies. Fluister places no cookies. The widget only uses local browser storage (localStorage) to track the session โ€” this falls outside the cookie definition of the ePrivacy Directive.

๐Ÿ’ก Practical: you can add Fluister to your site without changing your cookie policy or consent flow.

Note: if you enable the optional email field for follow-up, you may fall under e-Privacy rules for direct marketing. Consult your legal advisor for your specific situation.

Processing roles under GDPR

Who is responsible for which data? Here is the overview of processing responsibilities.

Data Controller

You (the website owner)

You determine why feedback is collected and what happens with it. You are responsible for your own privacy policy toward users.

Data Processor

Fluister / Newlin

Fluister processes data on your behalf. We follow your instructions and only process data for the agreed purposes.

Sub-processor

Hetzner Online GmbH

Hetzner hosts the servers. As a German company, Hetzner falls fully under EU law. No data transfer outside the EU.

โ†’ A Data Processing Agreement (DPA) is available upon request. Email privacy@fluister.dev.

How long do we retain data?

Feedback responses
While the project is active
Deletable by project owner
Tickets & comments
While the project is active
Deletable by project owner
Account data
Until account is deleted
Self-deletable via settings
Payment data
7 years (legal requirement)
Managed by Mollie (EU-hosted)
AI analysis cache
30 days
Automatically deleted
Screenshots
While the feedback exists
Deleted together with the feedback

Rights of data subjects

Under GDPR, users of your site have rights regarding their feedback data.

โš–๏ธ
Right to access
Users can request to see what feedback they submitted via the "My feedback" function in the widget.
โš–๏ธ
Right to erasure
Users can delete their feedback. Project owners can delete all feedback from a user upon request.
โš–๏ธ
Right to rectification
Feedback can be updated by the project owner. Direct correction by end users is in development.
โš–๏ธ
Right to data portability
Project owners can export all feedback as JSON/CSV via the dashboard.

Related pages:

๐Ÿ“„ Privacy policyโš–๏ธ GDPR feedback widget๐Ÿช Feedback without cookies๐Ÿ‡ช๐Ÿ‡บ Hotjar alternative EU๐Ÿ” Privacy-friendly feedback

Privacy-first feedback. Built in Europe.

Start free. No credit card. Data stays in Germany. Setup in 5 minutes.

Create free account โ†’