Feature — Security & GDPR

GDPR-compliant customer feedback platform

Qmeter is a customer feedback platform built to support GDPR compliance: personal data is masked by default, every reveal is audit-logged, and deletion requests are resolved by anonymising the customer everywhere while your statistics stay intact. Inactive profiles are auto-anonymised after a retention window you control — and for full data sovereignty, Qmeter can run on-premise, on your own servers.

Feedback is personal data — names, emails, phone numbers, free-text stories. A GDPR survey tool has to treat it that way from the first response: masked, permission-gated, and logged. Qmeter does, by default.

See pricing

Trusted in regulated industries — banks like Rabitabank and ABB run Qmeter across their branch networks.

1000+companies use Qmeter
2M+feedbacks collected
15+years in customer experience

Sensitive fields masked by default — every reveal permission-gated and written to an immutable audit log.

The problem

Feedback data is personal data

Every survey response can carry a name, an email, a phone number, a free-text story. Four ways that becomes a liability when the platform has no guardrails.

01

PII visible to everyone

In many feedback tools, anyone who can open a response can read the customer's email and phone number. Nobody notices — until an export starts circulating.

02

Deletion that destroys history

Hard-deleting a customer to satisfy an erasure request also deletes their responses — quietly bending every NPS, CSAT, and trend figure you have ever reported.

03

Data kept forever

Storage limitation is a GDPR principle: personal data should not be kept longer than needed. Tools without retention controls leave that duty to a manual clean-up that typically never happens.

04

No answer to “who saw this?”

When a customer or a regulator asks who accessed personal data and when, “we can't tell” is the worst possible answer. Without an access log, it is the only one.

Privacy by default

PII masking with an audited reveal

Data minimisation, applied to daily work: your team handles feedback and tickets without handling personal data.

Masked by default

Emails and phone numbers render masked across the platform — lists, profiles, tickets. Agents resolve feedback without ever seeing raw contact details.

Reveal only with permission

The eye icon unmasks a field only for users whose role carries PII permission. Everyone else gets a warning, not the data.

Every reveal is logged

Each unmasking is written to the audit log — who revealed which field, and when. PII views also appear on the customer's timeline, in plain sight.

Combined with the role and branch permissions below, masking keeps personal data on a strictly need-to-know basis — across bank branch networks, clinics, and every other multi-location operation.

Right to be forgotten

Deletion requests: anonymise everywhere, keep the statistics

Erasure requests get their own queue in Qmeter. Each request shows the reason, the channel it arrived through, the customer's statistics, and an SLA deadline — GDPR expects erasure requests to be handled without undue delay, within one month.

Approve, and the customer's personal data is anonymised across the entire system — profile, surveys, tickets. Deny, and the reason is recorded, so the decision itself is defensible later.

Why anonymise instead of hard delete? Because a hard delete silently rewrites your history: response counts and score trends all shift. Anonymisation removes the identity and contact details, while the anonymous responses keep your statistics honest — and the audit trail intact.

Storage limitation

Retention windows that clean up after themselves

In Company Settings → Privacy & GDPR, an administrator sets the data retention window. Customers who stay inactive past that window are anonymised automatically — no quarterly clean-up scripts, no forgotten spreadsheets of stale personal data.

The principle GDPR calls storage limitation becomes a setting, not a project. Your reports keep their history; the people behind old records keep their privacy.

  • One retention window for the whole company
  • Inactive customers auto-anonymised on schedule
  • Statistics survive; personal data does not
  • Set by admins in Company Settings → Privacy & GDPR
Accountability

An immutable audit trail on every customer

Every customer profile carries an Audit tab — an immutable journal of every operation performed on that record. The Timeline sits alongside it with the full history: surveys, tickets, notes, and every PII view.

When someone asks “who accessed this data, and when?”, the answer is one click — not an investigation.

  • Audit tab: an immutable journal of every operation on the record
  • PII reveals recorded with user and timestamp
  • Timeline merges surveys, tickets, notes — and PII views
  • Deletion decisions kept with their reasons, approve or deny
Access control

Role and branch permissions: need-to-know by design

Access is decided per module and per branch — two permission levels, Full and View, and a branch scope on every user.

Full vs View

Every role grants each module either Full access — read, create, edit, delete — or View, which is strictly read-only. Analysts can see everything and change nothing.

Custom roles

Master and Admin hold full access. Every other role is assembled module by module, so permissions match the job — not the other way round.

Branch-scoped users

Users can be bound to specific branches and see only their branches' data — feedback, tickets, and customers. A branch agent in one city cannot browse another city's customers.

PII as a separate permission

Unmasking personal data is its own permission, independent of module access. Most users never need it — so most users never have it.

AI privacy

AI that never reads your customers' data

Qmeter's AI Analyst builds reports from plain-language questions — but the model only ever receives the structure of the query, the schema. Customer records, response texts, and personal notes are never sent.

AI features stay off until an administrator enables them in Company Settings → AI & Keys — choosing the provider and model, and connecting the company's own API key. Privacy by design, then privacy by configuration.

Data sovereignty

On-premise, when the data can't leave the building

Some organisations cannot put customer data in anyone else's cloud — a common requirement among banks, healthcare providers, and public-sector operators. For them, Qmeter offers an on-premise deployment: the full platform running on your own servers, inside your security perimeter, under your controls.

See integrations and on-premise deployment for how Qmeter fits into your existing systems, or compare plans on the pricing page — on-premise is an Enterprise conversation, and we're happy to have it.

  • Runs inside your own security perimeter
  • Your infrastructure, your access controls, your keys
  • The full platform — channels, ticketing, analytics
  • An Enterprise option — priced per deployment
The ROI

What built-in compliance returns

The return here is risk that never materialises — and enterprise deals that stop stalling in security review. Both sides, with the legal facts as written.

4%

GDPR fines can reach €20 million or 4% of global annual turnover, whichever is higher — the regulation's own ceiling, not a sales scare. PII masking, audit logs and deletion workflows exist to keep everyday operations far from that conversation.

GDPR, Article 83
1 month

is the deadline GDPR sets for answering an erasure request without undue delay. Qmeter's deletion queue carries an SLA deadline on every request — the legal clock becomes a tracked workflow instead of a fire drill.

GDPR, Article 12
On-premise

“Customer data cannot leave our infrastructure” is often the clause that stalls a SaaS purchase in banking, government and healthcare. An on-premise deployment turns that blocker into a checkbox — and unlocks the procurement processes behind it.

Enterprise deployment

An honest caveat: no software makes you GDPR-compliant by itself — compliance is a process you run. But the controls that support it are built into Qmeter from the first response, at public prices: Web Feedback from €500/year, Device License from €50/device/month, Enterprise (with on-premise) custom. Set that against the exposure above — see transparent pricing.

FAQ

Security & GDPR, answered

Short, honest answers — no legal overclaims. For anything specific to your setup, talk to our team.

Is Qmeter GDPR compliant?

Qmeter is built to support GDPR compliance — it does not replace your own legal obligations, but it makes the technical side practical. Personal data is masked by default and every reveal is audit-logged; deletion requests follow a right-to-be-forgotten workflow that anonymises personal data while preserving statistics; a configurable retention window auto-anonymises inactive customers; and role- and branch-based permissions keep access on a need-to-know basis. For full data sovereignty there is also an on-premise deployment option.

Keep exploring

Where privacy meets the rest of Qmeter

Get started

Collect feedback. Protect the people behind it.

PII masking, audit logging, and GDPR workflows are built in from the first response — not bolted on later. Start your 14-day free trial, no credit card required.

See pricing
We use cookies to improve your experience. 
You can
opt out of certain cookies. 
Find out more in our privacy policy
AI Cookie