What is Featurebase?

Featurebase is a tech startup incorporated in Estonia, Europe, under the legal name Cordnet OÜ. Our platform helps modern startups manage customer support and feedback.

Where is Featurebase hosted?

We are hosted on cloud providers Hetzner, DigitalOcean, and Fly.io. Your data is hosted in the Netherlands & Germany and is kept safe following some of the strictest privacy laws.

Is customer data encrypted?

Yes, all customer data is encrypted at rest and in-transit:

• In transit: We use HTTPS (TLS) to encrypt all traffic served to end-users.

• At rest: Data is encrypted at rest using industry-standard AES encryption protocols.

How are users authenticated?

By default, all customer data - unless explicitly made public - is only accessible to authenticated users with the proper permissions.

Access can be restricted using admin roles and workspace-level controls within Featurebase, allowing you to safely collaborate with internal and external stakeholders.

Which user/company data is required to operate on Featurebase?

The only required piece of information to sign up is an email address.

When subscribing to a paid plan, credit card details are required. These are securely processed by Stripe and never touch our servers. We only store the expiration date, brand, and last 4 digits for convenience.

If a billing address is provided, it's stored privately and only accessible to workspace admins.

What other 3rd-party services process data?

We only share your data with certain companies that help us make our services better for you. You can see the full list of our subprocessors from Subprocessors.

How well is Featurebase protected against common web application vulnerabilities?

Our infrastructure includes the following protections:

• All services run behind Cloudflare, which provides built-in DDoS protection and rate limiting

• All traffic is served over HTTPS

• Authenticated endpoints use secure token validation

• Error monitoring and logging is handled by Sentry

• We utilize tools like Snyk/DeepSource for scanning vulnerabilities in our dependencies and code.

• All our team members are well-versed in common web application vulnerabilities and we always design our systems and code with a defense-in-depth approach

In short, we follow OWASP best practices and regularly review our infrastructure and code for vulnerabilities.

Data Processing Agreements (DPA)

We offer a comprehensive Data Processing Agreement (DPA) that clearly outlines the responsibilities and obligations in data processing, aligning with GDPR standards.

You can read it here: Data Processing Agreement

Is Featurebase GDPR compliant?

Yes, Featurebase is fully GDPR compliant. Keeping your personal information safe and respecting your privacy rights is super important to us.

We are deeply committed to the protection of personal data and ensuring compliance with the General Data Protection Regulation (GDPR).

If you want to know more about your data, change something, or even ask us to delete it, we're here for you. You can chat with us live on our website or email support@featurebase.app.

Is Featurebase SOC2 certified?

Yes, Featurebase is officially SOC 2 certified. The full SOC 2 Type II report is available upon request via live chat or support@featurebase.app.

You can access our Trust Center here →

Company details

Featurebase is operated by CORDNET OÜ, a company based in Estonia.

Our address:

Harju maakond,

Viimsi vald,

Haabneeme alevik,

Kaluri tee 4-32, 74001