FeaturesPricing
About
Sign InStart Free Trial

Legal

Privacy Policy

Last updated: January 1, 2026 · Effective: January 1, 2026

At Perfo Review, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Privacy at a Glance

  • ✓ We never sell your personal data to third parties
  • ✓ Reviewer identities in feedback remain strictly confidential
  • ✓ You can export or delete your data at any time
  • ✓ We use industry-standard encryption (AES-256, TLS 1.3)
  • ✓ We are GDPR, CCPA, and SOC 2 Type II compliant

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Services:

  • Account Information: Name, email address, job title, department, profile photo
  • Organization Information: Company name, size, industry, billing address
  • Review Content: Performance reviews, feedback, ratings, comments, and goals
  • Communications: Messages you send to us or through our platform
  • Payment Information: Processed by our payment providers; we do not store card numbers

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • Log Data: IP address, access times, referring URLs, error logs
  • Cookies and Similar Technologies: See our Cookie Policy

1.3 Information from Third Parties

We may receive information from:

  • SSO Providers: Google, Microsoft, Okta (name, email, profile picture)
  • Integration Partners: HR systems, communication tools (Slack, Teams)
  • Service Providers: Analytics, fraud prevention, customer support

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Send administrative notifications, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns to enhance user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms
  • With your consent, send marketing communications

3. Anonymous Feedback Protection

We take feedback anonymity extremely seriously. When feedback is configured as anonymous:

  • Reviewer identities are cryptographically separated from feedback content
  • We aggregate responses to prevent identification in small teams (minimum 3 reviewers)
  • Administrators and managers cannot access individual reviewer identities
  • We do not provide tools or backdoors to de-anonymize feedback
  • Anonymity protection survives data exports and account deletion

4. Data Sharing and Disclosure

4.1 Within Your Organization

Your organization's administrators control access to data within the platform. Managers typically see aggregated feedback for their direct reports. Individual feedback is never attributed to specific reviewers when anonymity is enabled.

4.2 Service Providers

We share data with trusted third parties who assist in operating our Services:

  • Cloud Infrastructure: Amazon Web Services (data hosting)
  • Payment Processing: Stripe (payment handling)
  • Email Services: Resend (transactional emails)
  • Analytics: Vercel Analytics (privacy-focused analytics)
  • Customer Support: Intercom (support chat)

All service providers are bound by data processing agreements and confidentiality obligations.

4.3 Legal Requirements

We may disclose information if required to:

  • Comply with applicable laws, regulations, or legal processes
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, or safety of Perfo Review, our users, or others
  • Detect, prevent, or address fraud, security, or technical issues

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred. We will provide notice and choice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures:

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Controls: Role-based access, multi-factor authentication
  • Infrastructure: SOC 2 Type II certified cloud infrastructure
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular third-party security assessments and penetration testing
  • Training: Employee security awareness training

6. Data Retention

We retain your data for as long as necessary to provide Services and fulfill purposes described in this policy. Specific retention periods:

  • Account Data: Retained while account is active + 30 days after deletion
  • Review Data: Retained according to your organization's settings
  • Usage Logs: 90 days for operational purposes
  • Backups: 30 days for disaster recovery
  • Legal/Compliance: As required by applicable laws

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format.

7.2 Correction

Request correction of inaccurate or incomplete personal data.

7.3 Deletion

Request deletion of your personal data, subject to legal retention requirements.

7.4 Restriction

Request restriction of processing in certain circumstances.

7.5 Objection

Object to processing based on legitimate interests or for direct marketing.

7.6 Withdraw Consent

Withdraw consent where processing is based on consent, without affecting prior processing.

To exercise these rights, contact us at privacy@perforeview.com or use the self-service options in your account settings.

8. International Data Transfers

We operate globally and may transfer data to countries with different data protection laws. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU-US Data Privacy Framework certification (where applicable)
  • Data processing agreements with all international service providers

9. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with exceptions)
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

To submit a request, email privacy@perforeview.com with subject "CCPA Request."

11. European Privacy Rights (GDPR)

For EU/EEA residents, Perfo Review acts as a data processor on behalf of your organization (the data controller). Our legal bases for processing include:

  • Contract Performance: Processing necessary to provide Services
  • Legitimate Interests: Improving Services, security, fraud prevention
  • Legal Obligations: Compliance with applicable laws
  • Consent: Marketing communications and optional features

For detailed GDPR information, see our GDPR Compliance page.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or in-app notification.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us:

EU Representative: Perfo Review EU Ltd., Dublin, Ireland

Your privacy matters to us. If you have any concerns about how we handle your data, please don't hesitate to reach out.