Privacy Policy

Welcome to UserHero ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you understand how we collect, use, and safeguard your information. This Privacy Policy explains our data practices for the UserHero service, including our website at userhero.co and our embeddable feedback widget. By using UserHero, you agree to the collection and use of information in accordance with this policy.

We collect different types of information depending on how you interact with UserHero:

We use the information we collect for the following purposes:

• Providing and maintaining the UserHero service, including the dashboard and widget functionality
• Delivering feedback submissions to project owners through their configured channels
• Sending notifications through configured integrations (Slack, email, webhooks) as set up by project owners
• Processing payments and managing subscriptions through our secure payment provider
• Responding to your questions, comments, and support requests
• Analyzing usage patterns to improve our service (aggregated, non-personal data only)
• Detecting, preventing, and addressing technical issues and security threats

UserHero is designed with privacy-first principles. Project owners have granular control over what contextual data is collected from their end-users. These settings can be configured at the project level and further restricted at the widget level:

• Page URL capture: Off, Path only, or Full URL
• Referrer capture: Enable or disable
• Browser information: Enable or disable
• Device information: Enable or disable
• Location capture: Off or Country only (never city or precise location)
• IP address handling: None (not stored) or Hashed (one-way hash, cannot be reversed)
• Email capture: Enable or disable end-user email collection
• Custom metadata: Enable or disable for advanced integrations

We take your privacy seriously and have strict policies about sharing information:

• We never sell your personal information to third parties under any circumstances
• Feedback data is shared with configured integrations (Slack, email, webhooks) only as explicitly set up by project owners
• We use trusted service providers (Firebase/Google Cloud, DodoPay) who are contractually bound to protect your data
• We may disclose information if required by law, court order, or to protect our rights, property, or safety

We implement industry-standard security measures to protect your information:

• All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access to data is restricted to authorized personnel on a need-to-know basis
• Our infrastructure is hosted on Google Cloud/Firebase with SOC 2 Type II compliance
• We continuously monitor for security threats and vulnerabilities

We retain your information only as long as necessary to provide our services:

• Feedback data is retained for the lifetime of your project or until you delete it
• Screenshots and attachments are retained for 90 days by default, then automatically deleted
• Account data is retained while your account is active and for 30 days after deletion request
• You can request deletion of your data at any time by contacting us

We use minimal cookies necessary for the service to function:

• Essential cookies: Required for authentication and security (cannot be disabled)
• Session cookies: Maintain your logged-in state across page visits
• Preference cookies: Remember your theme and language preferences

UserHero operates globally. Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by law, to protect your information during international transfers.

Depending on your location, you may have the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you
• Right to correction: Request that we correct any inaccurate or incomplete information
• Right to deletion: Request that we delete your personal information
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to certain types of processing of your information
• Right to withdraw consent: Withdraw consent where processing is based on consent

UserHero is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or through the UserHero dashboard. We encourage you to review this Privacy Policy periodically.