If you are a Customer of one of our Users, Userpace will generally not collect your Personal Data directly from you. Your agreement with the relevant Userpace User should explain how the Userpace User shares your Personal Data with Userpace, and if you have questions about this sharing, then you should direct those questions to the Userpace User.
Our approach is anchored with a strong commitment to privacy, security, compliance and transparency. This approach includes supporting our customers’ compliance with EU data protection requirements, including those set out in the General Data Protection Regulation ("GDPR"), which becomes enforceable on May 25, 2018.
At Userpace, we prioritize customer trust and aim to deliver an outstanding user experience, this is why we provide you with all the necessary information we can regarding your Personal Data we could have to process to provide and manage our Services.
Personal Data that we collect about you.
Personal Data is any information that relates to an identified or identifiable individual. The Personal information we collect and provided to us through our services will be made apparent whenever possible from the context in which the data is provided. In particular:
Feedback and Ratings
When you provide a feedback using Userpace, we will collect Personal Data from various sources:
When provided by our Users which can include your email, full name, profile picture, or any other information which can help to personalise your experience.
When you decide to create a Feedback, answer or react to an Idea, we will also collect any other information you choose to include in the body of your responses
When you decide to attach a file, image or a screenshot to your responses.
Online FormIn case you would like to contact us using our online forms, we will collect your full name, email address, country, and anything else you tell us about your project or needs.
Emails and SurveyWhen you respond to emails or surveys sent by our users via Userpace, we collect your email address, name and any other information you choose to include in the body of your email or responses.
Phone CallIf you contact us by phone, we will collect the phone number you use to call Userpace and may collect additional information in order to verify your identity.
Information that we collect automatically on our Services.
Our Services use several technologies to function effectively, to help us analyze your use of our services and diagnose technical issues. These technologies record information about your use of Userpace solutions, including:
- Browser and device data We collect technical details such as IP address, device type, operating system, browser name and version, screen resolution, device manufacturer and model, browser language and network provider;
- Usage data We may track browsing history and navigation on our solutions using data collection such as time spent on the pages, pages visited, links clicked.
For these purpose, we developed our own tracking technology to ensure none of your Personal Data leaves our systems.
How We Use Personal Data
Our products and services.
We rely upon a number of legal grounds to ensure that our use of your Personal Data is compliant with applicable law. We use Personal Data to facilitate the business relationships we have with our Users, to comply with our legal obligations, and to pursue our legitimate business interests.
The main purposes are to help qualifying a feedback, especially when related to a UX or technical issue, to identify and prove the source of the feedback as well as optimizing the workflow of the feedback management and communication (ex: email alerts, localisation, categorisation, ... ). This all made at the benefit of the team using Userpace but also the you, the end-user.
How We Disclose Personal Data.
Userpace will never sell or rent your Personal Data to any third parties. We will never use your Personal Data for marketing or commercial prospection, including for the promotion of our own services.
We share your Personal Data only with trusted entities for our legitimate business interests, as outlined below.
Onvey (Legal Entity, editing Userpace)
We share Personal Data with other Onvey entities in order to provide our legitimate Services and for internal administration purposes.
Service providers, sub-contractors and sub-processors.
We share Personal Data with a limited number of our service providers. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, information technology and related infrastructure, email delivery, and auditing services.
These service providers may need to access Personal Data to perform their services. We authorise such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.
|Entity Name||Entity Type||Entity Country|
|Mailjet||Email Service Provider||France, European Union|
|Google LLC||Hosting Service Provider||European Union, United States|
Our Users and third parties authorized by our Users
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of a User account has been compromised), please contact us immediately.
Product, Network and Application Security Measures
- Data Hosting and StorageUserpace services and data are hosted in Google Cloud Platform (GCP) facilities in the Europe, which encrypts all data at rest by default, in compliance with the Privacy Rule within HIPAA Title II.
- Private CloudAll of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
- Back-upsAll our systems are automatically backed-up at least daily, using Google's solutions which guarantee the data integrity and their restoration procedures.
- MonitoringWe implemented various internal and external monitoring solutions, for continuous testing, troubleshooting and activity logs management (generation, audit, archive).
Userpace is served 100% over https.
All data sent to or from Userpace is encrypted in transit using 256 bit encryption.
Our Applications and APIs endpoints are TLS/SSL only and score an “A+" rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS fully enabled.
- UptimeWe have a 99% uptime or higher. You can check our services stats at https://userpace.doyoucheck.info/
Other Security Measures
- Employee Access, Permissions and Authentication
Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties.
Userpace runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Userpace's network.
We have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies on GitHub, Google Services, Intercom and other Cloud Services to ensure protected access.
- Employee ConfidentialityAll employee contracts include a confidentiality agreement.
- Employee PoliciesUserpace has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
- Office SecurityWhile no Personal Data should be made accessible offline, on hard-copies, or on employees devices, we relly on additional preventive security measures regarding our Offices and personnel access. Our building offers 24/7 guard and video surveillance, and only our employees with a personal access cards can access the office.
As a customer, we retain your Personal Data as long as we are providing the Services to our User. We retain Personal Data after we cease providing Services to them, even if they close their Userpace account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Customers' Personal Data can be removed by a User directly from our services or APIs.
International Data Transfers
You have choices regarding our use and disclosure of your Personal Data. If you have questions about this sharing, then you should direct those questions to the Userpace User.
- Right to Withdraw ConsentWhere the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time.
- Exercise of the Rights of the Data SubjectAs described in this page;
- Right to Be InformedThe right to request confirmation of whether Userpace processes Personal Data relating to you.
- Right to AccessThe right to request a copy of that Personal Data;
- Right to RectificationThe right to request that Userpace rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- Right to Erasure ("Right to be Forgotten")The right to request that Userpace erase your Personal Data in certain circumstances provided by law;
- Right to Restriction of ProcessingThe right to request that Userpace restrict the use of your Personal Data in certain circumstances, such as while Userpace considers another request that you have submitted (including a request that Userpace make an update to your Personal Data); and
- Right to Object to ProcessingYou may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
- Right to Object to Automated Individual Decision MakingThe right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.