Summary of Key Points
We do not sell your data.
We transfer personal information to the US, which may be outside the country in which you live. To help protect your personal information, UserTesting complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States. You can read more about Privacy Shield here.
We comply with the GDPR. If you are a resident of the European Economic Area, please see the GDPR Notice that applies to you.
We comply with the CCPA. If you are a resident of California, please see the that CCPA Notice applies to you.
Who we are
UserTesting provides a website (“Site”) where visitors and other members of our community may view Site materials (“Visitors”) and/or access a platform (“Platform”) and related services (“Services”) that enable (i) businesses (“Customers”) to solicit feedback (“Tests”) on any brand, design, content or current or potential offering and (ii) individuals taking part in such Tests (“Participants”) to perform and record Tests. In connection with the Site, Platform and Services, UserTesting may collect, record and analyze information about Visitors, including its Customers and Participants, which may include individually identifiable information that would allow UserTesting to determine the actual identity of, and contact, a specific individual, billing information, account settings and other data (“Personal Data”).
How we collect and use your data
How we collect Personal Data depends on how and why you use the Site, Platform and/or Services.
We collect Personal Data directly when you submit it to us, as a Visitor, Participant or Customer, as well as indirectly, such as through the use of automated technologies or from third parties. We have provided more information about how we collect Personal Data in the sections below.
UserTesting uses your Personal Data for the purposes listed below. We refer to this list as the list of “legitimate business purposes”.
Legitimate business purposes include the following:
to provide you access to and use of the Services, including registering as a Customer or a Participant,
to deliver Services to our Customers, including Recordings created by Participants,
to improve and enhance your experience with the Services, including the content and general administration of the Services,
to retain records as may be required for tax, legal and financial purposes,
to understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services,
to communicate with you,
to provide you with customer support in connection with your use of the Services,
to detect fraud, illegal activities or security breaches,
to receive and make payments,
to provide information to regulatory bodies when legally required
In the sections below, we are more specific about the purposes for which we use each category of data.
Data provided by our Visitors (“Visitor Data”)
When Visitors use or browse our Site, we collect their IP addresses and usage information such as page views, clicks and browser type.
If a Visitor submits a request for a trial on our Site, chats with us for support, requests to watch a webinar, subscribes to our blog or other news, submits a request through our Contact Us form, requests to download a whitepaper or other content, we may also collect the Visitor’s:
- Phone number;
- Company name;
- IP address.
We use this Visitor Data to respond to the Visitor’s requests, provide the Visitor with the information or materials requested, perform analytics on how the Site, Platform and Services are used, and improve the use of the Site, Platform or Services.
Data provided by our Participants (“Participant Data”)
When a Participant creates an account with UserTesting, we will collect the Participant’s name, username and password, zip code, and email address.
We may also ask each Participant to provide us with additional information necessary or helpful for UserTesting to be able to determine which Tests are best directed to that Participant. Examples of information we may collect are: birth year; gender; household income range; country; web expertise; presence of children (including gender and birth years); employment status, industry; company size; job role seniority; gaming genres; web browsers; social networks; languages spoken; devices owned (e.g. computer, smartphone, tablet); and computer operating system.
UserTesting uses Participant Account Data to provide and improve its Services, pay Participants, provide information on how to use our Platform and Services to our Participants, and for other legitimate business purposes.
As a Participant conducts a Test, we make a recording of the Participant’s activities, which may include recordings of the Participant’s voice, video, face, movements, screen, text inputs and device and screen interactions (“Recordings”).
Intellectual property rights in Recordings, which may include personal data, are assigned by Participants to UserTesting under the terms of the Participant Terms of Service in consideration for Participants’ use of the Platform and Services.
UserTesting uses Recordings to provide Services to Customers, to market its products and services, to protect against fraudulent or illegal activity and to improve the UserTesting Platform and Services.
Data provided by our Customers (“Customer Data”)
During a Customer’s use of the Platform and Services, Customers are asked to provide information such as name and contact information, including email address, address, telephone or other relevant Personal Data.
Customer Data is used by UserTesting to identify each Customer and provide them with access to the Platform and Services, to bill Customers, and to meet UserTesting’s contractual obligations. We also use Customer Data to improve our Platform and Services and to provide Customers with notices about improvements and best practices in using the Platform and Services.
It is the Customer’s responsibility to ensure that collection and processing of Recordings from a Test it has created is handled in accordance with applicable law. For Customers in the EEA, please see our GDPR Notice. For Customers in California, please see our CCPA Notice.
Personal Data Collected Indirectly
UserTesting tracks whether a Visitor lands on the UserTesting Site from an external source (such as a link on another website or in an email). UserTesting uses this information to improve the Site, Platform and Services.
Information from Third Parties
UserTesting collects Personal Data and other data from third parties that provide us with lists of potential Customers and their contact information, if such potential Customers give permission to those third parties to share their information with us. UserTesting uses this information for its own marketing purposes.
Visitors have the ability to accept or decline cookies that are not strictly necessary. Most web browsers automatically accept cookies, but individuals can usually modify browser settings to decline cookies. More information about disabling cookies is available at www.allaboutcookies.org. Choosing to decline certain cookies may result in decreased functionality on UserTesting Site, Platform and Services.
“Do Not Track”
UserTesting’s Site, Platform and Services currently do respond to Do Not Track (“DNT”) signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
We collect data when you communicate with us
If you communicate with us directly, we will collect any Personal Data contained in such communications.
Automated decision making
UserTesting may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity or who have not engaged with the us for an extended period of time. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
How we share your personal data
Data Processors and Subprocessors
UserTesting discloses users’ information to our third-party agents, contractors, or service providers who are hired to perform services on our behalf. These providers may operate or support certain functions of the Services, and in some cases collect information directly. Below is an illustrative list of functions for which we may use third-party service providers:
- Analytics services, such as DataDog and NewRelic
- Customer support services, such as ZenDesk
- Billing services and payment gateway providers, such as PayPal
- Hosting and content delivery network services, such as AWS
- Job application/fielding service providers, such as GoogleHire or Greenhouse.
We do not directly collect your payment information and we do not store your payment information. We use a third-party payment processor, such as PayPal, which collects payment information on our behalf in order to complete transactions such as to pay Participants. While our administrators are able to view and track actual transactions via the third-party payment processor customer portal, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information.
As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your Personal Data to a successor entity upon a merger, consolidation or other corporate reorganization in which UserTesting participates, or to a purchaser or acquirer of all or a portion of UserTesting’s assets, bankruptcy included.
Legal Obligations and Security
If we are required to disclose Personal Data by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty).
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
How we store your data
We retain your data in accordance with your instructions, including your agreement to applicable terms of service and your use of the Platform and Services. We also retain Personal Data we collect from you where we have an ongoing legitimate business purpose for doing so. Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing legitimate business purpose to process your personal information, we will either delete or anonymize it. If this is not possible (for example, because your Personal Data has been stored in backup archives), we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your Personal Data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements.
If you have questions about, or need further information concerning, our data retention periods, please send an email at email@example.com.
If you ask UserTesting to delete specific personal information that forms part of your Visitor Data, Participant Data or Customer Data, and for which we are the data controller, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like delivering and billing for our services, calculating taxes, or conducting required audits.
Generally, if Personal Data can no longer be retained or is no longer necessary, it will be deleted within a reasonable period of time.
Data protection (aka privacy) law in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller based on the controller’s instructions.
When UserTesting processes Visitor Data, Participant Data, and Customer Data, we generally act as a controller in most respects but may act as a processor in certain respects.
How you can control your data
Visitors, Participants and Customers who wish to request access to or correction of Personal Data for which UserTesting is the data controller should contact UserTesting at firstname.lastname@example.org. Where UserTesting is the data processor or subprocessor of your Personal Data, Visitors, Participants or Customers should contact the relevant data controller to request access to or correction of that Personal Data.
How we keep your data safe
UserTesting cannot ensure or warrant the security of any information transmitted to UserTesting. All transmissions of information are done at the senders own risk. Once UserTesting is in possession of any information, UserTesting will make reasonable efforts to ensure the security of its systems.
Your personal information and files are stored on UserTesting’s servers and the servers of companies we hire to provide services to us.
UserTesting has adopted physical, technological, and administrative procedures designed to safeguard and secure the information we process. By using this Site, Platform or Services or by providing Personal Data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Site, Platform or Services.
The Privacy Shield program applies to the processing of Personal Data in regards to the collection, use and retention of Personal Data from visitors, participants and customer employees located in Switzerland and the European Union and European Economic Area, as set out by the U.S. Department of Commerce. UserTesting is responsible for the processing of Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf under the Privacy Shield Framework. User Testing complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. UserTesting is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
User Testing encourages you to contact our Head of Privacy and Security at email@example.com should have any Privacy Shield-related (or general privacy-related) complaint. As part of our participation in the Privacy Shield program, we will resolve disputes you have with us in connection with our policies and practices through JAMS ADR. For more information and to contact JAMS ADR directly, visit https://www.jamsadr.com/eu-us-privacy-shield. As a last resort and in limited situations, Swiss and EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details by visiting https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
GDPR- General Data Protection Regulation
CCPA- California Consumer Privacy Act
UserTesting does not sell your personal information pursuant to the definitions under the Nevada law.
660 4th Street #246
San Francisco, CA 94107
Attn: Office of the General Counsel
Last updated: December 31, 2019