Privacy Policy

Effective date: May 6, 2026 · Cybermoji Corporation

1. Who We Are

Honopinion is a product of Cybermoji Corporation(“we,” “us,” or “our”). This Privacy Policy explains what data we collect when you use honopinion.com, how we use it, and your rights regarding that data.

Questions? Email us at hello@honopinion.com.

2. Data We Collect

We collect the minimum necessary to operate the service:

When you create a feedback page

The title/prompt you enter (stored to generate dimensions and display on the feedback page).
Your email address — optional. Only collected if you choose to receive your admin link by email or activate the verified dashboard.
A randomly generated admin token (32-character random string) tied to your page.
Your IP address — used for rate limiting only (max 5 pages/hour per IP). Not linked to your page record and not stored beyond the rate-limit window.

When you respond to a feedback page

Your numeric scores (one per dimension, 0–100). No free-text fields are collected.
A session ID — a random 16-character token stored in an HttpOnly cookie scoped to the specific feedback page. Used solely to prevent duplicate submissions. Does not track you across pages or sessions.
Your IP address — used for rate limiting (max 10 responses/hour per IP). Not stored with your response record.
A randomly generated display name and avatar seed for anonymous attribution.

When you upgrade to Pro

Payment is handled entirely by Stripe. We receive a Stripe customer ID and payment intent ID. We do not store your card number, CVV, or billing address.

Automatically collected

Aggregated, cookieless page-view analytics via self-hosted Plausible Analytics. Plausible does not use cookies and does not collect personally identifiable information. No cross-site tracking.
Standard server logs (request path, response status, timestamp) retained for up to 7 days for operational debugging.

3. What We Do Not Collect

No persistent device fingerprinting.
No third-party advertising or tracking pixels.
No free-text responses — all feedback is numeric sliders only.
No passwords — authentication is magic-link only.
No precise location data beyond coarse IP-based rate limiting.

4. Cookies

We use a single type of cookie:

Session cookie (honopinion_session) — HttpOnly, SameSite=Strict, scoped to the path of a specific feedback page. Set when you submit a response. Used only to prevent duplicate submissions. Expires with the browser session or after 24 hours, whichever comes first.

If you have verified your email and are logged into the dashboard, a separate HttpOnly cookie stores your verified-email session. This cookie does not track browsing behaviour.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

5. How We Use Your Data

To operate the feedback platform and display results to the page creator.
To send your admin link and optional email verification (via Resend).
To prevent abuse — rate limiting via Upstash Redis, spam protection via Cloudflare Turnstile.
To process Pro payments (via Stripe).
To generate AI-powered feedback dimensions from your prompt (via Anthropic and OpenAI APIs). Your prompt is sent to these providers' APIs but is not used to train their models under their standard API terms.
To send product updates to verified users who have opted in (via Listmonk / Amazon SES). You can unsubscribe at any time.

We do not sell your data. We do not share it with third parties for advertising purposes.

6. Third-Party Services

We share data with the following sub-processors only to the extent necessary to operate the service:

StripePayment processing for Pro plansResendTransactional email deliveryAnthropic / OpenAIAI-generated feedback dimensions (your prompt only)Cloudflare TurnstileSpam protection on the contact formUpstash RedisRate limiting (IP stored temporarily in memory)Plausible AnalyticsCookieless, self-hosted aggregate analyticsHetznerCloud infrastructure hosting (EU data center)Amazon SESEmail delivery relay for campaign messages

7. Data Retention

Free-tier pages and responses: Automatically deleted 30 days after page creation.
Pro-tier pages and responses: Retained indefinitely until you delete the page or your subscription lapses (the 30-day countdown then resumes).
Email addresses: Retained while your verified account is active. You may request deletion at any time.
Payment records: Retained as required by US financial regulations (typically 7 years).

8. Security

We implement industry-standard security measures: HTTPS everywhere, HttpOnly cookies, Content Security Policy headers, HSTS, parameterised database queries, and admin tokens generated with a cryptographically secure random number generator. Admin tokens are never logged.

If you believe you have found a security vulnerability, please disclose it responsibly to hello@honopinion.com.

9. Your Rights

To exercise any of the following rights, email hello@honopinion.com. We will respond within 30 days.

Access: Request a copy of the personal data we hold about you.
Deletion: Request deletion of your email address and associated pages.
Correction: Request correction of inaccurate data.
Opt-out of email marketing: Unsubscribe via any email or contact us directly.
California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information.

10. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at hello@honopinion.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to verified users at least 14 days before taking effect. The “Effective date” at the top of this page reflects the most recent version.

Terms & Conditions Refund Policy

← Back to home