← Back

Data Security & Privacy Policy

Version 1.0 · February 2026 · FeedbackRocket (Pty) Ltd

1. Executive Summary

Sage is an AI-powered leadership coaching platform developed by FeedbackRocket that provides personalised, confidential coaching to managers based on their 360-degree feedback results.

            The core principle: No confidential data is permanently stored with any third-party AI provider. All sensitive information — survey results, action plans, and coaching conversations — is stored exclusively on FeedbackRocket's secure, encrypted infrastructure. The AI model processes data transiently and retains nothing between interactions.
        

2. How Sage Processes Data

Stateless AI Architecture

Sage uses Anthropic's Claude API, which operates on a stateless, request-response model:

The AI model has no memory between interactions. Every coaching response starts from zero.
When a manager sends a message, the system reconstructs the full context from FeedbackRocket's database and sends it as a single, encrypted API request.
The AI generates a coaching response and returns it. The response is saved to FeedbackRocket's database.
Immediately after responding, the AI discards all data from that request. Nothing is cached, logged for training, or persisted.

In practical terms: This is equivalent to making an encrypted phone call. The conversation happens in real time, and when it ends, the line goes silent. There is no recording on the AI provider's side.

Data Flow

Step	What Happens	Where Data Lives	Duration
1. Manager sends message	Browser sends HTTPS request to FeedbackRocket server	FeedbackRocket server (encrypted)	Permanent (our server)
2. Context assembly	Server retrieves survey data, action plan, chat history	FeedbackRocket database (encrypted)	Permanent (our server)
3. AI request	Encrypted API call sent to Anthropic Claude	In transit (TLS encrypted)	Transient (seconds)
4. AI processing	Claude generates coaching response	Anthropic servers (not stored)	Transient (seconds)
5. Response returned	Coaching response saved to FeedbackRocket database	FeedbackRocket database (encrypted)	Permanent (our server)
6. AI forgets	All data from the request is discarded by Anthropic	Nowhere — deleted	N/A

3. Anthropic's Data Policy (API Users)

FeedbackRocket accesses Claude exclusively via Anthropic's commercial API, which provides the strongest privacy protections available:

No training on API data: Anthropic explicitly states that API customer data is never used to train or improve AI models, without exception.
Minimal log retention: API interaction logs are retained for a maximum of 7 days for operational monitoring, after which they are automatically deleted.
Zero Data Retention (ZDR): Anthropic offers an optional ZDR mode for enterprises requiring immediate deletion. FeedbackRocket can enable this upon client request.
No data sharing: Anthropic does not sell, share, or provide API customer data to any third parties.
Encryption in transit: All API communications use TLS encryption.

Important distinction: Media coverage about AI providers using data for training relates to consumer accounts. Commercial API access — which is what Sage uses — is explicitly excluded from any data training under Anthropic's Commercial Terms of Service.

4. Data Storage & Infrastructure

All persistent data is stored exclusively on FeedbackRocket's managed infrastructure:

Database: Dedicated PostgreSQL instance with encryption at rest, hosted on Render's managed infrastructure in the EU (Frankfurt, Germany).
Application server: Isolated compute instance with no local data storage.
Backups: Automated daily database backups with point-in-time recovery capability.

Data Type	Contents	Stored Where
Survey Results	Behavioural scores, anonymous comments, self vs. others ratings	FeedbackRocket database only
Action Plans	Development goals and commitments	FeedbackRocket database only
Conversations	Manager–Sage coaching dialogue	FeedbackRocket database only
Credentials	Hashed passwords (irreversible)	FeedbackRocket database only

5. Access Controls & Authentication

Individual credentials: Each manager receives a unique login with a temporary password that must be changed on first access.
Password security: All passwords are stored using industry-standard bcrypt hashing (irreversible).
Session management: Secure, encrypted session tokens with configurable expiry.
Role separation: Managers can only access their own data. Administrative functions require separate authentication.
Conversation privacy: Coaching conversations are private to the individual manager. No other manager, HR representative, or administrator can read them.

6. Nature of Shared Data

The data transiently processed by the AI includes:

Anonymised behavioural ratings (e.g., "scored 3.5 on Seeks Insight")
Anonymous qualitative comments from respondents
Self-assessment scores
Development action plan text
The manager's own coaching conversation history

This data does not include: trade secrets, strategic plans, financial data, customer information, intellectual property, personally identifiable information of respondents, or any other commercially sensitive material.

7. Comparison with Traditional Coaching

Most organisations already share 360 feedback data with external executive coaches. Sage provides equivalent or stronger protections:

Dimension	Traditional External Coach	Sage AI Coach
Data retention by coach	Indefinite (notes, files, emails)	Zero (AI retains nothing)
Data transmission	Email, phone, video (variable encryption)	TLS-encrypted API only
Human access to data	Coach reads and discusses results	No human reads the data
Availability of records	Coach may retain notes indefinitely	Stored securely; deletable on request
Consistency	Varies by individual coach	Uniform security policy for all

8. Compliance & Certifications

POPIA: FeedbackRocket processes personal information in compliance with South African data protection legislation.
ISO 27001: Information security management practices aligned with ISO 27001 standards.
SOC 2 Type 2: Security controls designed to meet SOC 2 trust service criteria for security, availability, and confidentiality.
GDPR alignment: Infrastructure hosted in the EU with data processing practices aligned to GDPR requirements.

9. Client Rights & Controls

Data deletion: Request complete deletion of all data at any time.
Data export: Request a full export of all stored data in machine-readable format.
Zero Data Retention: Request activation of Anthropic's ZDR mode for additional assurance.
Contractual protections: A Data Processing Agreement (DPA) is available upon request.

10. Frequently Asked Questions

Does the AI learn from our employees' conversations?

No. Anthropic's commercial API explicitly prohibits using customer data for model training. The AI does not learn, adapt, or retain any information from coaching sessions.

Could another company's coaching session see our data?

No. Each API call is completely isolated. There is no cross-contamination between requests, users, or organisations.

What happens if we terminate the engagement?

Upon request, FeedbackRocket will permanently delete all data associated with your organisation. A certificate of deletion can be provided.

Is this more or less secure than using ChatGPT?

Significantly more secure. Sage uses Anthropic's commercial API (not a consumer chatbot). Consumer AI tools may retain and train on data by default. Sage's architecture ensures zero data retention by the AI provider.

Can HR or management read a manager's coaching conversations?

No. Coaching conversations are completely private and confidential to the individual manager. This is a non-negotiable principle of the platform.

Where are the servers located?

The application and database infrastructure is hosted in the EU (Frankfurt, Germany) on Render's managed platform.