userjourneys.ai - Privacy Policy
Effective Date: April 30, 2026
KSP Studio, Inc. dba UserJourneys ("UserJourneys," "we," "us," or "our") provides an AI-powered user research and product experimentation platform. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in connection with our website, application, and related services (the "Service").
Our customers use the Service to run AI-powered voice interviews, analyze interview responses, understand product behavior, review session replay or analytics data where enabled, and generate product insights and experiment ideas.
1. Scope
This Privacy Policy applies to personal information we process:
- from visitors to our website and people who contact us;
- from customer team members who create or use an account;
- from end users who participate in interviews, use a customer's product, or otherwise appear in data a customer provides to the Service; and
- from connected customer systems, such as analytics tools, warehouses, session replay providers, source-control systems, and other integrations where enabled by the customer.
For customer end-user data, our customer usually determines why the data is collected and how it is used. In that context, we generally process personal information on behalf of the customer.
2. Personal Information We Collect
Account and customer team data
- name, email address, company, role, and account settings;
- authentication, access, usage, and security logs;
- billing and subscription information processed through Stripe;
- support, sales, and customer communications.
Voice interview data
- interview recordings and transcripts where enabled;
- interview responses, summaries, themes, quotes, and insights;
- interview metadata, such as duration, language, timestamp, study identifier, and quality signals;
- respondent email or contact information only when the customer enables or provides it.
Product analytics and session data
- events, event properties, identifiers, cohorts, funnels, and related metadata;
- session replay data, DOM snapshots, clicks, scrolls, page views, and device/browser metadata where enabled;
- data from customer-managed tools such as PostHog, Mixpanel, BigQuery, Snowflake, or similar systems where authorized by the customer.
Technical and website data
- IP address, device information, browser information, pages viewed, referring URL, and similar log data;
- cookies and similar technologies used for site functionality, analytics, security, and product improvement.
We do not intentionally collect health data, payment card numbers, financial account numbers, Social Security numbers, government ID numbers, or other highly sensitive data. Customers are responsible for configuring the Service and their own products to avoid sending those categories unless expressly agreed in writing.
3. How We Use Personal Information
We use personal information to:
- provide, operate, secure, and maintain the Service;
- run AI-powered interviews and process interview responses;
- generate summaries, themes, insights, reports, and experiment ideas;
- analyze product usage, analytics, session replay, and behavioral patterns where enabled by the customer;
- authenticate users, enforce project access, and protect tenant boundaries;
- provide support, sales, billing, account administration, and customer communications;
- monitor, debug, secure, and improve the Service;
- comply with legal obligations and enforce our agreements.
We do not sell personal information. We do not use personal information for cross-context behavioral advertising.
4. AI Processing
The Service uses AI systems to conduct interviews, translate or summarize responses, extract themes, score interview quality, analyze product behavior, generate insights, and assist with product experimentation workflows.
We use third-party AI and voice providers as subprocessors where needed to provide the Service. We require subprocessors that process customer data on our behalf to process that data under appropriate confidentiality, security, and data-processing obligations.
We do not permit third-party AI subprocessors to use customer personal information submitted through the Service to train, improve, or fine-tune their general models, except where a customer separately enables or agrees to that processing.
5. Customer Responsibilities
Customers are responsible for determining whether and how to use the Service with their own users, products, analytics data, interviews, and connected systems.
Customers are responsible for:
- providing required privacy notices and disclosures to end users;
- obtaining consent where required for interviews, cookies, analytics, session replay, or similar processing;
- ensuring they have a lawful basis to provide personal information to the Service;
- configuring masking, blocking, retention, and access settings appropriately;
- responding to end-user privacy requests where the customer controls the data.
6. How We Disclose Personal Information
We may disclose personal information to:
- service providers and subprocessors that host, store, analyze, secure, monitor, or support the Service;
- AI, voice, analytics, infrastructure, billing, email, monitoring, and customer-authorized integration providers;
- customer-authorized users and customer-configured destinations;
- professional advisors, auditors, insurers, and legal or compliance reviewers;
- authorities or third parties where required by law, legal process, or to protect rights, safety, and security;
- a successor or acquirer in connection with a merger, financing, acquisition, reorganization, or sale of assets.
Our compliance-owned subprocessor inventory is maintained separately and may be made available to customers on request or through a published subprocessor page.
7. Data Retention and Deletion
We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support backups or audit records.
- Customer account and subscription records are retained for the account term and as needed for legal, tax, accounting, and security purposes.
- Voice interview, analytics, session replay, and derived insight data are retained according to the customer's subscription, configuration, order form, deletion request, or applicable agreement.
- Upon customer termination or approved deletion request, we delete customer-controlled personal information within 90 days unless a shorter period is configured, a signed agreement says otherwise, or retention is required by law.
- Backups and deleted object versions may persist for a limited recovery period before final deletion according to our backup and cloud-retention controls.
- Audit logs, security logs, billing records, and deletion-request records may be retained where needed for security, compliance, and legal purposes.
8. Security
We use administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and at rest, role-based access controls, tenant isolation, logging and monitoring, vendor review, and secure development practices.
No system is completely secure. Customers should use the Service in a way that matches the sensitivity of their data and should not send highly sensitive data unless expressly agreed in writing.
9. International Transfers
We are based in the United States and use service providers in the United States, European Union, and other jurisdictions. Personal information may be transferred to and processed in countries other than where it was collected.
Where required, we use appropriate transfer mechanisms such as Standard Contractual Clauses, data processing terms, or other lawful safeguards.
10. Cookies and Similar Technologies
We use cookies and similar technologies for website functionality, authentication, security, analytics, and product improvement. Customers using the Service in their own products are responsible for configuring their own notices, consent flows, and tracking controls where required.
11. Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to certain processing of your personal information.
If you are an end user of one of our customers, the customer is usually the best first contact because they control the relationship with you and determine how your data is used. We will assist customers with privacy requests as required by law and applicable agreements.
You may contact us at founders@userjourneys.ai. We may need to verify your request before acting on it.
12. Children
The Service is not directed to children. We do not knowingly collect personal information from children through our website or account signup. Customers are responsible for determining whether their own end-user audience requires additional consent, notice, or controls.
13. Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service, by email, or by another reasonable method. The effective date above shows when this Policy was last updated.
14. Contact
For privacy questions or requests, contact founders@userjourneys.ai.
KSP Studio, Inc. dba UserJourneys
For the related public terms, see the Terms of Service.
For participant-facing interview terms, see the Interview Participant Terms.