userjourneys.ai - Privacy Policy
Effective Date: June 1, 2025
PRIVACY POLICY
userjourneys.ai, Inc., (“we,” “us,” or “our”) is committed to protecting the privacy of our customers and their end users. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our AI-powered session replay analysis platform (the “Service”).
1. SCOPE
This Policy applies to:
- Data collected from users of our website and customers of our Service;
- Session replays, custom events, and associated metadata captured via our scripts;
- Any personal data processed on behalf of customers as a data processor.
2. DATA WE COLLECT
We collect two types of data:
A. Customer Data (B2B):
- Account info (e.g., name, email, company, billing details)
- Authentication & usage logs
B. End User Data (via Session Replay):
- Screen recordings, mouse movements, clicks, scrolls
- Page metadata (URL, referrer, device info, IP address)
- Custom events sent via client API
We do not intentionally collect sensitive personal data (e.g. SSNs, health data). Customers are responsible for not capturing such data and for implementing masking.
3. HOW WE USE DATA
- To provide and maintain the Service
- To process session replays and deliver analytics
- To monitor and improve performance, accuracy, and usability
- To comply with legal obligations
- To contact Customers about their account, security, or usage
We do not sell personal data or use session data for ad targeting.
4. LEGAL BASIS (GDPR)
We process Customer personal data based on:
- Performance of a contract (Art. 6(1)(b))
- Legal obligations (Art. 6(1)(c))
- Legitimate interests (Art. 6(1)(f)), e.g., service improvement and fraud prevention
Where required, Customers are responsible for obtaining end-user consent for tracking and analytics (e.g., via a cookie banner).
5. DATA RETENTION
- Customer data: retained for the duration of the contract + 90 days
- Session data: retained per customer-configured retention policy (default 30–90 days)
- Backups: may be retained for disaster recovery for up to 180 days
6. DISCLOSURE OF DATA
We may share data with:
- Hosting providers (e.g., AWS, GCP)
- Customer-authorized integrations
- Legal authorities if required by law
- Our sub-processors (listed upon request)
We do not share data with third parties for marketing purposes.
7. SECURITY MEASURES
We implement:
- Encryption in transit and at rest
- Role-based access controls
- Continuous monitoring and audits
- Secure development lifecycle practices
No system is 100% secure, but we follow industry best practices.
8. DATA SUBJECT RIGHTS
If you are an EU/UK/CA resident, you may have the right to:
- Access your data
- Correct or delete your data
- Restrict or object to processing
- Data portability
- Lodge a complaint with a supervisory authority
Requests should be submitted to founders@userjourneys.ai.
9. INTERNATIONAL TRANSFERS
Data may be transferred to and processed in the United States or other jurisdictions. We use Standard Contractual Clauses or other lawful mechanisms to ensure appropriate safeguards.
10. COOKIES & TRACKING
We use cookies to enable core functionality, track usage, and support session recording. Customers must configure their own consent mechanisms for end users in compliance with cookie laws.
11. CHANGES TO THIS POLICY
We may update this Policy periodically. Material changes will be communicated via email or Service notifications.
12. CONTACT
For questions or data access requests, contact: founders@userjourneys.ai
userjourneys.ai, Inc.