Privacy & Security

UserExperior's privacy & security guidelines

Privacy Guidelines

UserExperior genuinely cares about users’ privacy, that’s why we give our clients complete control over what data is sent to UserExperior.

Data Collection: UserExperior used by organizations to improve their app experience. We are not an "ad-tech," or "data enrichment" provider; we store and process only the data our customers send to us, and never sell, transfer, or combine that information with data from other sources. UserExperior collects the data for analytics purposes only.

Sensitive data: UserExperior is built keeping privacy at the heart of our business. UserExperior does not explicitly track any PII or sensitive information of the user. It only stores the data that is being sent to UserExperior. We provide APIs that help organizations control what they want to send to UserExperior. We also provide APIs that can block any sensitive information from being captured by UserExperior.

App Store & Play Store Policies
All apps submitted to the app store and play store are reviewed based on different technical, design, and content aspects. Your app should meet their requirements and you’re responsible to meet their compliance requirements. Read more about Apple requirements here . Read more about Google Play store requirements here.

Disclaimer for user's data and privacy:
It is important for organizations to clearly mention the use of any third-party SDKs with whom their data may be shared to be disclosed in their privacy policies. Hence we always recommend our customers to include the use of UserExperior in your privacy policy. Below is the disclaimer that you can include in your privacy policy about UserExperior.

Here is an example which you can reference to include us in your privacy policy. However, please consult your data protection officer and/or lawyer before using it. Only they can guarantee that your privacy policy is compliant with the laws applicable:

THIRD-PARTY SOFTWARE/SERVICE PROVIDERS
We use UserExperior, which is a digital experience monitoring  solution. UserExperior may record: Screens visited, Interaction patterns (such as screen actions, gestures: taps, scrolls), Session Details (such as number of sessions, length of the session, API calls happen in the session), Device details (Type, Version, Model, Operating System). We are using the information collected by UserExperior to improve our app.

UserExperior stores and processes this information on our behalf and may contain personally identifiable information although we proactively remove it where possible.

Types of Data 
As per Apple’s types of data collection policy defined in the privacy policy document, apps that are submitted to the app store have to fully understand and indicate the data types they collect. If you use UserExperior these are the data types you should select when submitting your app: 

Type of Data Required by UserExperior
Contact Information No
Health & Fitness No
Financial Information No
Location No (default), Yes if you send us the location
Sensitive Information No
Contacts No
User Content No
Browsing History No
Identifiers No (default), Yes if you send a user ID
Purchases No
Usage Data Yes
Diagnostics Yes
Other Data No


UserExperior collects only the Usage Data (i.e device interaction) by default, as defined by Apple. While it’s possible to send other types of data through our SDK, that’s not by default and can be defined by our customers. If you wish to send any other information please make sure that you select all the data type options accordingly. E.g. if you send a user ID, you should select Identifiers.


iOS 14.5 Updates ‘AppTracking Transparency‘
After the release of iOS 14.5, all apps must use the AppTracking Transparency framework to request tracking permission from their users to access the iOS advertising identifier (IDFA).

Note: UserExperior does not use the IDFA, therefore our SDK does not require an opt-in dialog.

This permission will be requested via opt-in with a dialog similar to the request to send push notifications or location services. See the screenshot below for reference:

Please note that the App Tracking Transparency guidelines only apply when your app uses or collects the IDFA. Since UserExperior does not use the IDFA, the use of our SDK does not require explicit tracking permission.

What is IDFA?
The Identifier for Advertisers (IDFA) is an anonymized unique identifier—a mobile ad ID (MAID)—assigned by Apple to a user's device that allows an installed mobile application to track user behavior across other companies’ apps, websites or offline properties for the purposes of ad targeting, personalization and measurement.

Instead of using the IDFA, UserExperior uses a Vendor Device ID which is a random UUID tied to the app publisher.

Personally Identifiable Information (PII) Data

Personally Identifiable Information (PII) is any information that can identify and track the individual entity or any other information that is linked to this individual.

According to GDPR, PII is defined as:

“Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Examples of the PII data:
- Name
- Email Address
- Phone number
- Home Address
- ID number
- Date of birth
- Credit card number
- Gender
- Job position

Make sure you identify all the PII data in your app and before sending sessions to UserExperior, mask sensitive views or elements using the masking Sensitive Views API in Android, masking Sensitive Views API in iOS

IP Address Tracking

UserExperior does not track and store the IP address of the users.

Our Approach Towards Privacy & Security

UserExperior takes privacy & security of the data and our assets very seriously and are committed towards privacy & security. We have taken the following steps in implementing our privacy & security policies.

Security Assessment 
UserExperior periodically conducts security testing of its application & infrastructure through third party service providers to get an outside view of the security of our systems.

Data Collection
Our customer has the choice of what data to record. You can and should exclude any PII of the user.

Exclude Sensitive Views
We provide various client-side API, enabling you to block sensitive views to prevent tracking user information.

Data Transmission
UserExperior uses 256-bit AES encryption both at rest and transit and transmits the encrypted data over https call.

Data Storage
UserExperior stores the data in AWS cloud storage.

Compliance & Certifications
UserExperior is GDPR compliant. SOC 2 Type 1 Certified and ISO 27001 certified. Note: Our SOC 2 Type 2 will be completed by November 2022.

Deletion of Customer Data

UserExperior by default deletes all the data collected after a period of 30days. We do not maintain any archives of your customer data. If your customer requests you to delete all their data collected by UserExperior, you need to send an email to support@userexperior.com and request for deleting the data. We will delete all the data and send a confirmation of the deletion.

UserExperior Technologies LLC
2033 Gateway Place, 5th Floor
San Jose, CA 95110
Compliances
UserExperior has successfully completed a System and Organization Controls (SOC) 2 Type I audit, performed by Sensiba San Filippo, LLP (SSF).
Information Security Management System of UserExperior Pvt Ltd has been assessed and found to conform to the requirements of ISO/IEC 27001:2013.

Privacy & Security | Terms & Conditions | GDPR