Get in touch today

[email protected]
Start freeLogin

Privacy Policy

Last modified: March 13, 2026

Userback Pty Ltd (“Userback,” “we,” “us”) operates userback.io and provides feedback collection and session replay services. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.

When you use our services, we collect and process your information as described in this Privacy Policy based on various legal grounds explained below. If you wish for your personal data to be permanently removed, please contact us at [email protected].

If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights under the EU General Data Protection Regulation (“GDPR”) with respect to your Personal Data, as outlined below.

Userback Pty Ltd will be the controller of your Personal Data that is provided, collected and/or processed pursuant to this Privacy Policy. If you have any questions about whether any of the foregoing applies to you, please contact us at [email protected].

Information We Collect

We collect Personal Data about you when you provide such information directly to us, when Personal Data is automatically collected during your use of our Services, and when third parties such as our business partners or service providers provide us with Personal Data about you.

Information We Collect From You Directly

We receive Personal Data directly from you when you provide us with such Personal Data, including without limitation the following:

Account Information

When you register for our services, we collect your name, email address, company name, job title, billing details, and payment information.

Information We Automatically Collect When You Use Our Services

Some Personal Data is automatically collected when you use the Services, such as the following:

User Feedback Content

When users submit feedback, surveys, bug reports, or feature requests through Userback widgets and forms on websites and applications, we collect the content they provide. This includes text comments, descriptions, images, screenshots, annotations, and any other information users choose to include in their submissions.

Location and IP Address

We automatically receive and record information from your web browser when you interact with the Services, including your IP address and device ID. This information is used to support the geo-location features in the Services and can be adjusted in your account privacy settings.

Usage and Analytics Data

The Services automatically collect usage information, such as which parts of the Site you use and the number and frequency of visitors. We also use third-party analytics tools to help us measure traffic and usage trends. These tools collect information sent by your browser or mobile device, including the pages you visit, your use of third party applications, and other information that assists us in analyzing and improving the Services. We may use this data in a manner that would identify you personally.

Session Replay Data

Our Services include session replay functionality that may record user interactions on websites where Userback is installed. This technology helps product teams understand user behavior and identify usability issues. Session replays may capture mouse movements, clicks, scrolling behavior, page navigation, and screen activity. By default, session replay does not capture sensitive form fields such as passwords or email addresses.

Users who install Userback on their websites can configure privacy settings to mask sensitive data elements. This includes the ability to block specific fields, pages, or content from being recorded. If you are a Userback account holder, you can control session replay features through your account privacy settings. Website visitors who wish to opt-out of session recording should contact the website owner or use browser extensions that block tracking scripts.

Email Communications

We may receive confirmation when you open an email from us. We use this confirmation to improve our customer service.

Cookies

Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. Your browser stores cookies in a manner associated with each website you visit. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use the Services through the Internet. As noted, we use cookies to identify that your web browser has accessed aspects of the Services and may associate that information with your Account if you have one.

Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways.

This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer. Cookies can either be “session cookies” or “persistent cookies”. Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent cookies” are stored on your device for a period of time after you leave our website or Services. We’ve provided a quick summary of some of the cookie types we and our service providers use on the Service, but for more information about cookies, visit http://www.allaboutcookies.org/.

  • Essential Cookies: Essential cookies are required for providing you with features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Services. Disabling these cookies will make certain features and services unavailable.
  • Functional Cookies: Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Performance/Analytical Cookies: Performance/analytical cookies allow us to understand how visitors use our Services such as by collecting information about the number of visitors to the website, what pages visitors view on our website and how long visitors are viewing pages on the website. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Service’s content for those who engage with our advertising.
  • Retargeting/Advertising Cookies: Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.

EU and UK users can manage their cookie preferences through our cookie consent banner or their browser settings.

Aggregate Information

We collect statistical information about how both unregistered and registered users, collectively, use the Services (“Aggregate Information”). Some of this information is derived from Personal Data. While Aggregate Information is not Personal Data, it may be tied back to you, your Account or your web browser.

Information We Receive From Third Party Sources

We receive information about you from third party services, and from our business and channel partners.

Other Services You Link To Your Account

When you sign up or login to your Userback account using a third party service (eg. Google, Microsoft) we store your profile information (name, email address and profile picture), as authorized by you via your privacy settings at that service.

In addition to signing in and accessing the Userback product, this information is used to send you invoices and other communications regarding your account. We will never sell your personal information to third parties.

Userback’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Other Business and Service Providers

Some third parties, such as our business partners and service providers, (including, but not limited to those who provide services related to customer messaging, surveying, advertising, marketing, social media, and analytics), may provide us with Personal Data about you, such as the following:

  • Platform activity data
  • Survey responses
  • Account information for third party services
  • Information from our advertising partners

How Do We Use Your Information?

We process Personal Data to operate, improve, understand and personalize our Services. For example, we use Personal Data to:

  • Operate, maintain and provide our features and services on the Services;
  • Respond to user inquiries;
  • Provide support and assistance for the Services;
  • Personalize content and communications based on your preferences;
  • Maintain interoperability with third party services;
  • Conduct online behavioral advertising;
  • Remember information so that you will not have to re-enter it during your visit or the next time you visit the Site;
  • Comply with our legal or contractual obligations;
  • Provide and monitor the effectiveness of our Services;
  • Protect against or deter fraudulent, illegal or harmful actions;
  • Serve relevant advertisements;
  • Monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website and our Services;
  • Diagnose or fix technology problems;
  • Complete corporate transactions such as mergers and acquisitions; and
  • Enforce our Terms of Service.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests”, as further described below.

Contractual Necessity

We may process some Personal Data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data.

Legitimate Interest

We may process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties. Examples of these legitimate interests include:

  • Operation and improvement of our business, products and services
  • Marketing of our products and services
  • Provision of customer support
  • Protection from fraud or security threats
  • Compliance with legal obligations
  • Completion of corporate transactions

Consent

In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.

Other Processing Grounds

From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

How Long Do We Retain Your Personal Data?

How long we keep the information we collect about you depends on the type of information, as detailed in the sections below. Once the relevant retention period expires, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

Account Information

We retain your account information while your account is active, plus 30 days after account closure in case you decide to re-activate the Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation.

User Feedback Content

User feedback, session replays, surveys, and other user feedback content submitted through Userback are retained for as long as your account is active, plus 30 days after account closure in case you decide to re-activate the Services.

Archived Projects

Archived projects are stored for 12 months from when they are archived, after which they are automatically deleted.

Marketing Information

If you have chosen to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our products, such as when you last opened an email from us or signed in to your Userback account.

Third Party Disclosure

We do not sell or trade your personal information to outside parties. We do share your information with trusted service providers who assist us in operating our website and services, provided they agree to keep this information confidential.

We may also release your information as required to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Our primary data hosting is provided by AWS in the United States. Data may be transferred to the United States, Australia, and other countries where our service providers operate.

Where we disclose your personal information to third parties, including data processors, we will request that the third party handle your personal information in accordance with this Privacy Policy. The third party will only process your personal information in accordance with written instructions from us. For transfers of personal data from the EU, UK, or Switzerland to countries that do not provide adequate protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other mechanisms set out by applicable data protection laws for the lawful transfer and processing of personal information. When we refer to ‘processing’ in this clause and this Privacy Policy in general, we mean any operation or set of operations which is performed on personal information, whether or not by automated means, such as collecting, recording, organizing, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available personal information. Information about Subprocessors, including their functions and locations, is available at https://userback.io/userback-subprocessors/ (as may be updated by Userback from time to time in accordance with the Data Processing Addendum).

Third Party Integrations

Our Services support connections with third party applications and services, including integrations enabled through APIs and Model Context Protocol (MCP). When you or your account administrator enable these connections, Userback may receive, process, and share information as required to provide the requested functionality.

Information Received Through Integrations

When you connect a third party service to your Userback account, we may receive account and profile information, authentication-related data, and other information that the third party service makes available based on your settings and permissions with that service.

Information Shared Through Integrations

Depending on the integration and features you enable, Userback may share the following categories of information with connected third party services:

  • Feedback and project content (eg. titles, descriptions, workflow status, priority, links, attachments)
  • User collaboration data (eg. reporter and commenter names, assignee information, role metadata)
  • Project and workflow metadata (eg. action and status information for updates and changes)
  • Technical diagnostic data when explicitly requested (eg. console logs, network data)

We apply data minimization controls and only share information necessary for the requested functionality. Certain sensitive identifiers may be redacted or excluded from shared data.

Your Controls

Account owners and administrators control which integrations are enabled, manage permissions, and determine user access to connected features. You can disconnect integrations or adjust settings at any time through your account configuration.

Third Party Terms and Policies

Third party applications operate under their own terms and privacy policies. Information shared with third parties will be governed by their terms and policies. We encourage you to review these before enabling any connection.

Legal Basis

We process data through integrations based on Contractual Necessity (necessary to provide the integration features you’ve requested) and Consent (where you’ve explicitly authorized the connection).

Data Security Incidents

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.

Referral Program

We offer a referral program where customers can invite others to try Userback. When you refer someone, we use their email address solely to send a one-time referral invitation and do not store it in our systems. If your referral signs up for Userback, you receive account credits. You can opt out of participating in the referral program at any time.

Your Privacy Rights

European Union, UK & Switzerland

If you are located in the EU, the United Kingdom, Lichtenstein, Norway, or Iceland, and use or access the Services, you have the following rights with respect to your Personal Data:

Access

You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also directly access some of your Personal Data by logging into your account.

Rectification

If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.

Erasure

You can request that we erase some or all of your Personal Data from our systems.

Withdrawal of Consent

If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.

Portability

You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

Objection

You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.

Restriction of Processing

You can ask us to restrict further processing of your Personal Data.

Right to File Complaint

You have the right to lodge a complaint about Userback.io’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.

How to Exercise Your Rights

To submit a request or for more information about these rights, please email [email protected]. We will respond within 1 month. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

California Residents (CCPA/CPRA)

If you are a California resident, you have specific rights regarding your personal information.

What We Collect

We collect identifiers (name, email, IP address), internet activity (browsing data, session recordings), commercial information (transaction history), and professional information (company name, role). Session recordings may include sensitive personal information depending on what websites record, though we provide tools to mask sensitive data.

Your Rights

  • Right to Know: Request details about the personal information we’ve collected about you in the past 12 months.
  • Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: Update your information anytime by logging into your account and going to the ‘Edit Profile’ page.
  • Right to Limit Use of Sensitive Information: Request that we limit use of your sensitive personal information.
  • Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

How to Exercise Your Rights

Contact us at [email protected]. You may designate an authorized agent to make requests on your behalf by providing written authorization. We will verify your identity by requesting information associated with your account (such as email address and account details) and will respond within 30 days. If we deny your request, you have the right to appeal by replying to our response.

Children’s Online Privacy Protection Act

In accordance with COPPA, we do not intentionally gather personal information from visitors who are under the age of 13. If you are under the age of 13, you are not permitted to submit any personal information to us. If we learn that a child under 13 submits personal information to the Services we will delete the information as soon as possible. If you believe that we might have any personal information from a child under 13, please contact us at [email protected].

Changes to our Privacy Policy

We may amend this Privacy Policy from time to time. This Privacy Policy governs all data we collect and process. If we make any material changes in the way we collect or use information, we will notify you by email. We may also post an announcement on the Services or use other means of notification.

How to Contact Us

We’re always keen to hear from you. If you’re curious about what personal data we hold about you or you have a question or feedback for us on this notice, our websites or services, please get in touch at [email protected].

Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

  • United Kingdom (UK)
  • European Union (EU)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/userback