Privacy FAQ
Gary Gaspar avatar
Written by Gary Gaspar
Updated over a week ago

Is GDPR compliant?

Yes! For more information, read our commitment to GDPR here.

Does collect sensitive and personal information?

It’s important to understand that collects data about two main types of users.

  1. Users with a login: When you create a account as an Admin, Member or Guest, we collect basic information such as Full name, Email address, Profile picture, IP address, Operating system, and Browser (Type, Version).

  2. End-users / reporters: Anyone submitting feedback via’s widget. For these users, collects basic information such as Full name & Email address, and device info (OS, Browser, …). In addition, there are two types of other sensitive data your admin could send to when collecting feedback via the widget.

    1. Admins can actively send any custom attributes about reporters via our custom metadata feature.

    2. Admins can passively collect sensitive data that might be embedded in the page content of your website. Since’s widget can capture screenshots, record videos, and replay sessions, the widget admin may collect personal information that your end users are typing into fields or that might get displayed on pages of your website or app. Luckily, we have created tools to help widget admin suppress the collection of personal and sensitive data.

How long do you keep my data?

We keep your usage data indefinitely unless you request deletion by contacting us directly or by deleting your user and/or workspace data yourself. We honor all deletions from an account, and all account data which has been deleted by you is permanently deleted from our back-ups within 90 days.

As for session replays, if no feedback is reported, recorded sessions are automatically destroyed after 1 hour (or less, most of the time, it only takes 15min). When feedback is reported, the related session is stored permanently through the feedback page.

Do you use sub-processors?

Yes. We work with certain companies and tool systems to provide our services to you. They've been carefully vetted for best-in-class security practices. For more information, see our List of Subprocessors

How should I describe in my Privacy Policy?

Did this answer your question?