At Usabilla, we are committed to protecting the security of your data and the privacy of your clients.
Since the inception of our company, we’ve developed our services using Privacy by Design and Privacy by Default philosophies. This means we consider privacy and personal data protection from the beginning of product development all the way through our product development lifecycle, maintaining the standards of the strictest security policies.
With the General Data Protection Regulation (GDPR) going live May 25, 2018, we wanted to reintroduce our commitment to security and share a few new features aimed at making security a breeze.
Where is your data stored?
All data is stored in the AWS Region (Ireland) in the European Union. The customer portal and API are also hosted in the same location. Our widget servers, located in several regions worldwide, never store any data and only provide fast delivery of scripts and feedback reception.
Do I have control over how much personal information Usabilla collects from my clients?
We, as a processor, give you full control over your data to make the best decisions regarding collection and storage of data. Our services are specifically designed to limit personal data collection by default, requiring you as a customer to explicitly enable features that collect personal information.
How long is my client’s data stored for?
Both collection of variables and the duration of data storage are up to you. Our privacy settings enable you to customize your data process, giving you full control over your client’s privacy and data.
Where possible, Usabilla performs processing activities and analysis on anonymised pseudonymised data. We exclude or remove any screenshots, IP addresses, email addresses, free-form (text) responses, or identifiers that link the feedback item to its original version which may contain personal data before processing it.
We took this opportunity to update a few privacy features to ensure your processes are compliant with GDPR:
1. Storing Location Data:
It’s now optional to store a user’s location or IP address when they leave feedback. The option to store location data is off by default
for all newly created buttons and forms.
2. Data retention:
We give our customers the option to set a data retention period so that any collected data will be removed automatically after the set period.
3. Saving form values in Usabilla for Websites:
From now on, form values are not stored by default. We give you the option to store this data.
4. Safer connections:
Full survey URLs in Usabilla for Websites, as well as Usabilla for Email widgets, are using an encrypted connection (HTTPS) by default.
Our dedication to privacy doesn’t end on May 25th. Keeping your data secure will remain a priority for us as we continue to develop and grow our business.
Data Processing Agreement
If you, as a customer, are processing personal data through the Usabilla platform, typically a Data Processing Agreement (DPA) needs to be agreed between your company and Usabilla. We have prepared a standard contract for this purpose, which accurately describes the specific characteristics of our product. If you need a DPA, we strongly urge you to make use of the Usabilla template, since it’s the most efficient option. The template is available through our Customer Success department.