Security & Compliance

1. Client-Side Masking & PII Redaction

Tellback widget uses proactive client-side redaction rules to prevent credentials and sensitive metadata leakage:

• Ignored Elements: Applying `data-tellback-ignore` to any HTML element entirely blocks that element's content and click events from being logged.
• Password Masking: Input change values on `type="password"` fields are immediately blocked from logging characters.
• URL Scrubbing: Query parameters (e.g. `?token=secret123&key=xxx`) are automatically stripped from all captured URLs at the widget level.

2. Firebase Storage Bucket Security

Direct client-side read or write access to our Google Cloud Storage bucket (`gs://tellback-io.firebasestorage.app`) is strictly prohibited by security rules.

All uploads and reads are gated via secure, short-lived pre-signed URLs generated server-side. Pre-signed URLs are configured with a strict **15-minute expiration window** (`X-Goog-Expires=900` parameters). Unauthenticated public HTTP attempts to access objects directly without valid signatures return HTTP 403.

3. Private Vertex AI Inference

Timeline click logs, voice transcripts, and screenshot metadata are analyzed using **Vertex AI Gemini 2.5** enterprise models.

Your feedback data remains private within Google Cloud API boundaries:

• Customer data is never shared with third parties or public model providers.
• No customer logs are retained by Google for foundational model training or optimization.
• PII prompts are redacted by our Cloud Functions before being sent to the AI model.

4. Scheduled Retention Controls

We run daily automated cleanup jobs to prune session events, screenshots, audio, and tasks based on workspace subscription levels:

• Free Plan: 7 days session events, 30 days feedback and tasks.
• Pro Plan (Coming Soon): 30 days session events, 365 days feedback.

Pruned files are deleted permanently and cannot be recovered.