Gotcha is a React SDK that lets developers add contextual feedback to any UI component. Collect star ratings, votes, NPS scores, poll responses, and bug reports directly on the elements users interact with.

How do I install Gotcha?

Install via npm: npm install gotcha-feedback. Then wrap your app with GotchaProvider and add Gotcha components around elements you want feedback on.

What feedback modes does Gotcha support?

Gotcha supports four feedback modes: feedback (star ratings with optional text), vote (thumbs up/down), poll (custom multiple-choice), and NPS (0-10 scale with follow-up). Bug flagging can be enabled on any mode.

How much does Gotcha cost?

Gotcha has a free tier with 500 responses/month and 1 project. The Pro plan is $29/month for unlimited responses, unlimited projects, and advanced analytics.

Privacy Policy

1. Introduction

Gotcha ("we", "us", "our") operates the gotcha.cx website and the gotcha-feedback SDK. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and profile information from your authentication provider (e.g., GitHub).

Profile & Segmentation Data

During onboarding or profile updates, we may collect additional information such as company size, job role, industry, and use case. This data is used to improve the product experience and may be attached to feedback responses for segmentation purposes.

Feedback Data

When end users submit feedback through the Gotcha SDK embedded on your website, we collect: the feedback content (text, ratings, votes, poll responses, NPS scores), bug reports, the element identifier, page URL, user agent, and any user metadata you choose to pass.

Team & Invitation Data

When you invite team members to your organization, we collect and store the invitee's email address, the role assigned, and the invitation status.

Usage Data

We track response counts per organization for plan limit enforcement.

3. How We Use Your Information

To provide, maintain, and improve our services
To process payments and manage subscriptions
To send transactional emails (welcome, usage warnings)
To enforce plan limits and prevent abuse

4. Third-Party Services

We use the following third-party services to operate Gotcha:

Supabase — Authentication and database hosting
Stripe — Payment processing
Resend — Transactional email delivery
Netlify — Website hosting
Upstash — Rate limiting (Redis)

Each of these services has its own privacy policy. We do not sell your data to any third party.

5. Webhooks & Third-Party Data Delivery

You may configure webhooks to send feedback data to external URLs (e.g., Slack, Discord, or custom endpoints). When webhooks are enabled, feedback data is delivered to the URLs you specify. You are responsible for the security and privacy practices of those endpoints. We validate webhook URLs to prevent delivery to private networks.

6. Cookies

We use essential cookies for authentication session management. We also use short-lived httpOnly cookies to securely process team invitation links. We do not use tracking or advertising cookies. The Gotcha SDK does not set any cookies on your end users' browsers.

7. Data Retention

We retain your account data and feedback responses for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us.

8. Data Security

We protect your data using industry-standard measures including encrypted connections (TLS), hashed API keys, and access controls. However, no method of transmission over the Internet is 100% secure.

9. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Data portability

Gotcha provides API endpoints for programmatic data export and deletion of end-user data scoped to individual projects. Account holders can use these APIs to fulfill data subject requests from their own users.

To exercise your own rights, or for requests not covered by the API, contact us at info@braintwopoint0.com.

10. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, contact us at info@braintwopoint0.com.