About our users' customers privacy

We may obtain Personal Data about our users' customers.
We know it's sensitive, so we keep it safe and are transparent on how we do it.

If you are a Customer of one of our Users, Userpace will generally not collect your Personal Data directly from you. Your agreement with the relevant Userpace User should explain how the Userpace User shares your Personal Data with Userpace, and if you have questions about this sharing, then you should direct those questions to the Userpace User.

Our approach is anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation ("GDPR"), which becomes enforceable on May 25, 2018.

At Userpace, we prioritize customer trust and aim to deliver an outstanding user experience, this is why we provide you with all the necessary information we can regarding your Personal Data we could have to process to provide and manage our Services.

Your Data

Personal Data that we collect about you.

Personal Data is any information that relates to an identified or identifiable individual. The Personal information we collect and provided to us through our services will be made apparent whenever possible from the context in which the data is provided. In particular:

  • Feedback and Ratings

    When you provide a feedback using Userpace, we will collect Personal Data from various sources:

    When provided by our Users which can include your email, full name, profile picture, or any other information which can help to personalise your experience.

    When you decide to create a Feedback, answer or react to an Idea, we will also collect any other information you choose to include in the body of your responses

    When you decide to attach a file, image or a screenshot to your responses.

  • Online Form
    In case you would like to contact us using our online forms, we will collect your full name, email address, country, and anything else you tell us about your project or needs.
  • Emails and Survey
    When you respond to emails or surveys sent by our users via Userpace, we collect your email address, name and any other information you choose to include in the body of your email or responses.
  • Phone Call
    If you contact us by phone, we will collect the phone number you use to call Userpace and may collect additional information in order to verify your identity.

Information that we collect automatically on our Services.

Our Services use several technologies to function effectively, to help us analyze your use of our services and diagnose technical issues. These technologies record information about your use of Userpace solutions, including:

  • Browser and device data We collect technical details such as IP address, device type, operating system, browser name and version, screen resolution, device manufacturer and model, browser language and network provider;
  • Usage data We may track browsing history and navigation on our solutions using data collection such as time spent on the pages, pages visited, links clicked.

For these purpose, we developed our own tracking technology to ensure none of your Personal Data leaves our systems.

How We Use Personal Data

Our products and services.

We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our legal obligations, and to pursue our legitimate business interests.

The main purposes are to help qualifying a feedback, especially when related to a UX or technical issue, to identify and prove the source of the feedback as well as optimizing the workflow of the feedback management and communication (ex: email alerts, localisation, categorisation, ... ). This all made at the benefit of the team using Userpace but also the you, the end-user.

How We Disclose Personal Data.

Userpace will never sell or rent your Personal Data to any third parties. We will never use your Personal Data for marketing or commercial prospection, including for the promotion of our own services.

We share your Personal Data only with trusted entities for our legitimate business interests, as outlined below.

Onvey (Legal Entity, editing Userpace)

We share Personal Data with other Onvey entities in order to provide our legitimate Services and for internal administration purposes.

Service providers, sub-contractors and sub-processors.

We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, email delivery, and auditing services.

These service providers may need to access Personal Data to perform their services. We authorise such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.

Entity NameEntity TypeEntity Country
MailjetEmail Service ProviderFrance, European Union
Google LLCHosting Service Provider European Union, United States

Our Users and third parties authorized by our Users

We share Personal Data with Users as necessary to maintain a User account and provide the Services. We share data with parties directly authorized by a User to receive Personal Data, such as when a User authorizes a third party application provider to access the User’s Userpace account using Userpace API or Integrations. The use of Personal Data by an authorized third party is subject to the third party’s privacy policy.

Our Obligations

Security

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of a User account has been compromised), please contact us immediately.

Product, Network and Application Security Measures

  • Data Hosting and Storage
    Userpace services and data are hosted in Google Cloud Platform (GCP) facilities in the Europe, which encrypts all data at rest by default, in compliance with the Privacy Rule within HIPAA Title II.
  • Private Cloud
    All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
  • Back-ups
    All our systems are automatically backed-up at least daily, using Google's solutions which guarantee the data integrity and their restoration procedures.
  • Monitoring
    We implemented various internal and external monitoring solutions, for continuous testing, troubleshooting and activity logs management (generation, audit, archive).
  • Encryption

    Userpace is served 100% over https.

    All data sent to or from Userpace is encrypted in transit using 256 bit encryption.

    Our Applications and APIs endpoints are TLS/SSL only and score an “A+" rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS fully enabled.

  • Uptime
    We have a 99% uptime or higher. You can check our services stats at https://userpace.doyoucheck.info/

Other Security Measures

  • Employee Access, Permissions and Authentication

    Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties.

    Userpace runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Userpace's network.

    We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on GitHub, Google Services, Intercom and other Cloud Services to ensure protected access.

  • Employee Confidentiality
    All employee contracts include a confidentiality agreement.
  • Employee Policies
    Userpace has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
  • Office Security
    While no Personal Data should be made accessible offline, on hard-copies, or on employees devices, we relly on additional preventive security measures regarding our Offices and personnel access. Our building offers 24/7 guard and video surveillance, and only our employees with a personal access cards can access the office.

Data Retention

As a customer, we retain your Personal Data as long as we are providing the Services to our User. We retain Personal Data after we cease providing Services to them, even if they close their Userpace account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

Customers' Personal Data can be removed by a User directly from our services or APIs.

International Data Transfers

We are a global business. Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Data that we maintain about you to recipients in countries other than the country in which the Personal Data was originally collected, including to the United States. Those countries may have data protection rules that are different from those of your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your Personal Data remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

Your Rights

You have choices regarding our use and disclosure of your Personal Data. If you have questions about this sharing, then you should direct those questions to the Userpace User.

  • Right to Withdraw ConsentWhere the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time.
  • Exercise of the Rights of the Data SubjectAs described in this page;
  • Right to Be InformedThe right to request confirmation of whether Userpace processes Personal Data relating to you.
  • Right to AccessThe right to request a copy of that Personal Data;
  • Right to RectificationThe right to request that Userpace rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
  • Right to Erasure ("Right to be Forgotten")The right to request that Userpace erase your Personal Data in certain circumstances provided by law;
  • Right to Restriction of ProcessingThe right to request that Userpace restrict the use of your Personal Data in certain circumstances, such as while Userpace considers another request that you have submitted (including a request that Userpace make an update to your Personal Data); and
  • Right to Object to ProcessingYou may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
  • Right to Object to Automated Individual Decision MakingThe right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

Do you have a question about your Personal Data Privacy?

Contact us

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.