PII visible to everyone
In many feedback tools, anyone who can open a response can read the customer's email and phone number. Nobody notices — until an export starts circulating.
Qmeter is a customer feedback platform built to support GDPR compliance: personal data is masked by default, every reveal is audit-logged, and deletion requests are resolved by anonymising the customer everywhere while your statistics stay intact. Inactive profiles are auto-anonymised after a retention window you control — and for full data sovereignty, Qmeter can run on-premise, on your own servers.
Feedback is personal data — names, emails, phone numbers, free-text stories. A GDPR survey tool has to treat it that way from the first response: masked, permission-gated, and logged. Qmeter does, by default.
Trusted in regulated industries — banks like Rabitabank and ABB run Qmeter across their branch networks.
Sensitive fields masked by default — every reveal permission-gated and written to an immutable audit log.
Every survey response can carry a name, an email, a phone number, a free-text story. Four ways that becomes a liability when the platform has no guardrails.
In many feedback tools, anyone who can open a response can read the customer's email and phone number. Nobody notices — until an export starts circulating.
Hard-deleting a customer to satisfy an erasure request also deletes their responses — quietly bending every NPS, CSAT, and trend figure you have ever reported.
Storage limitation is a GDPR principle: personal data should not be kept longer than needed. Tools without retention controls leave that duty to a manual clean-up that typically never happens.
When a customer or a regulator asks who accessed personal data and when, “we can't tell” is the worst possible answer. Without an access log, it is the only one.
Data minimisation, applied to daily work: your team handles feedback and tickets without handling personal data.
Emails and phone numbers render masked across the platform — lists, profiles, tickets. Agents resolve feedback without ever seeing raw contact details.
The eye icon unmasks a field only for users whose role carries PII permission. Everyone else gets a warning, not the data.
Each unmasking is written to the audit log — who revealed which field, and when. PII views also appear on the customer's timeline, in plain sight.
Combined with the role and branch permissions below, masking keeps personal data on a strictly need-to-know basis — across bank branch networks, clinics, and every other multi-location operation.
Erasure requests get their own queue in Qmeter. Each request shows the reason, the channel it arrived through, the customer's statistics, and an SLA deadline — GDPR expects erasure requests to be handled without undue delay, within one month.
Approve, and the customer's personal data is anonymised across the entire system — profile, surveys, tickets. Deny, and the reason is recorded, so the decision itself is defensible later.
Why anonymise instead of hard delete? Because a hard delete silently rewrites your history: response counts and score trends all shift. Anonymisation removes the identity and contact details, while the anonymous responses keep your statistics honest — and the audit trail intact.
In Company Settings → Privacy & GDPR, an administrator sets the data retention window. Customers who stay inactive past that window are anonymised automatically — no quarterly clean-up scripts, no forgotten spreadsheets of stale personal data.
The principle GDPR calls storage limitation becomes a setting, not a project. Your reports keep their history; the people behind old records keep their privacy.
Every customer profile carries an Audit tab — an immutable journal of every operation performed on that record. The Timeline sits alongside it with the full history: surveys, tickets, notes, and every PII view.
When someone asks “who accessed this data, and when?”, the answer is one click — not an investigation.
Access is decided per module and per branch — two permission levels, Full and View, and a branch scope on every user.
Every role grants each module either Full access — read, create, edit, delete — or View, which is strictly read-only. Analysts can see everything and change nothing.
Master and Admin hold full access. Every other role is assembled module by module, so permissions match the job — not the other way round.
Users can be bound to specific branches and see only their branches' data — feedback, tickets, and customers. A branch agent in one city cannot browse another city's customers.
Unmasking personal data is its own permission, independent of module access. Most users never need it — so most users never have it.
Qmeter's AI Analyst builds reports from plain-language questions — but the model only ever receives the structure of the query, the schema. Customer records, response texts, and personal notes are never sent.
AI features stay off until an administrator enables them in Company Settings → AI & Keys — choosing the provider and model, and connecting the company's own API key. Privacy by design, then privacy by configuration.
Some organisations cannot put customer data in anyone else's cloud — a common requirement among banks, healthcare providers, and public-sector operators. For them, Qmeter offers an on-premise deployment: the full platform running on your own servers, inside your security perimeter, under your controls.
See integrations and on-premise deployment for how Qmeter fits into your existing systems, or compare plans on the pricing page — on-premise is an Enterprise conversation, and we're happy to have it.
The return here is risk that never materialises — and enterprise deals that stop stalling in security review. Both sides, with the legal facts as written.
GDPR fines can reach €20 million or 4% of global annual turnover, whichever is higher — the regulation's own ceiling, not a sales scare. PII masking, audit logs and deletion workflows exist to keep everyday operations far from that conversation.
GDPR, Article 83is the deadline GDPR sets for answering an erasure request without undue delay. Qmeter's deletion queue carries an SLA deadline on every request — the legal clock becomes a tracked workflow instead of a fire drill.
GDPR, Article 12“Customer data cannot leave our infrastructure” is often the clause that stalls a SaaS purchase in banking, government and healthcare. An on-premise deployment turns that blocker into a checkbox — and unlocks the procurement processes behind it.
Enterprise deploymentAn honest caveat: no software makes you GDPR-compliant by itself — compliance is a process you run. But the controls that support it are built into Qmeter from the first response, at public prices: Web Feedback from €500/year, Device License from €50/device/month, Enterprise (with on-premise) custom. Set that against the exposure above — see transparent pricing.
Short, honest answers — no legal overclaims. For anything specific to your setup, talk to our team.
Qmeter is built to support GDPR compliance — it does not replace your own legal obligations, but it makes the technical side practical. Personal data is masked by default and every reveal is audit-logged; deletion requests follow a right-to-be-forgotten workflow that anonymises personal data while preserving statistics; a configurable retention window auto-anonymises inactive customers; and role- and branch-based permissions keep access on a need-to-know basis. For full data sovereignty there is also an on-premise deployment option.
APIs, embedded feedback, custom development, and on-premise deployment for full control.
→Branch networks and regulated customer data — service feedback measured safely.
→Patient experience measurement with privacy handling that matches the setting.
→Post-call and post-installation feedback at subscriber scale, with scoped access.
→Public prices: Web Feedback from €500/year, devices from €50/month, Enterprise custom.
→Plain-English definitions of NPS, CSAT, SLI, and the rest of the CX vocabulary.
→PII masking, audit logging, and GDPR workflows are built in from the first response — not bolted on later. Start your 14-day free trial, no credit card required.