Skip to main content

UserTesting Privacy Policy

At User Testing, Inc., your privacy is important to us. This Privacy Policy describes the personal data UserTesting processes, how we process it, and for what purposes we process it.

Summary of Key Points

  • This Privacy Policy explains when we process Personal Data for our legitimate business interests. For more information on how to access and control your data, please see the “How you can control your data” section.

  • We use cookies and other technologies to track the use of our websites and apps. To learn about opportunities to choose not to allow cookies, please see our Cookies section here.

  • We do not sell your data.

  • We transfer personal information to the US, which may be outside the country in which you live. To help protect your personal information, UserTesting complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland, as applicable, to the United States. You can read more about Privacy Shield here.

  • We comply with the GDPR. If you are a resident of the European Economic Area, please see the GDPR Notice that applies to you.

  • We comply with the CCPA. If you are a resident of California, please see the that CCPA Notice applies to you.

Who we are

UserTesting provides a website (“Site”) where visitors and other members of our community may view Site materials (“Visitors”) and/or access a platform (“Platform”) and related services (“Services”) that enable (i) businesses (“Customers”) to solicit feedback (“Tests”) on any brand, design, content or current or potential offering and (ii) individuals taking part in such Tests (“Participants”) to perform and record Tests. In connection with the Site, Platform and Services, UserTesting may collect, record and analyze information about Visitors, including its Customers and Participants, which may include individually identifiable information that would allow UserTesting to determine the actual identity of, and contact, a specific individual, billing information, account settings and other data (“Personal Data”).

How we collect and use your data

How we collect Personal Data depends on how and why you use the Site, Platform and/or Services.

We collect Personal Data directly when you submit it to us, as a Visitor, Participant or Customer, as well as indirectly, such as through the use of automated technologies or from third parties. We have provided more information about how we collect Personal Data in the sections below.

UserTesting uses your Personal Data for the purposes listed below. We refer to this list as the list of “legitimate business purposes”.

Legitimate business purposes include the following:

  • to provide you access to and use of the Services, including registering as a Customer or a Participant,

  • to deliver Services to our Customers, including Recordings created by Participants,

  • to improve and enhance your experience with the Services, including the content and general administration of the Services,

  • to retain records as may be required for tax, legal and financial purposes,

  • to understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services,

  • to communicate with you,

  • to provide you with customer support in connection with your use of the Services,

  • to detect fraud, illegal activities or security breaches,

  • to receive and make payments,

  • to provide information to regulatory bodies when legally required

In the sections below, we are more specific about the purposes for which we use each category of data.

Data provided by our Visitors (“Visitor Data”)

When Visitors use or browse our Site, we collect their IP addresses and usage information such as page views, clicks and browser type.

If a Visitor submits a request for a trial on our Site, chats with us for support, requests to watch a webinar, subscribes to our blog or other news, submits a request through our Contact Us form, requests to download a whitepaper or other content, we may also collect the Visitor’s:

  • Name;
  • Title;
  • Email;
  • Phone number;
  • Company name;
  • Country;
  • IP address.

We use this Visitor Data to respond to the Visitor’s requests, provide the Visitor with the information or materials requested, perform analytics on how the Site, Platform and Services are used, and improve the use of the Site, Platform or Services.

Data provided by our Participants (“Participant Data”)

Account Data

When a Participant creates an account with UserTesting, we will collect the Participant’s name, username and password, zip code, and email address.

We may also ask each Participant to provide us with additional information necessary or helpful for UserTesting to be able to determine which Tests are best directed to that Participant. Examples of information we may collect are: birth year; gender; household income range; country; web expertise; presence of children (including gender and birth years); employment status, industry; company size; job role seniority; gaming genres; web browsers; social networks; languages spoken; devices owned (e.g. computer, smartphone, tablet); and computer operating system.

UserTesting uses Participant Account Data to provide and improve its Services, pay Participants, provide information on how to use our Platform and Services to our Participants, and for other legitimate business purposes.

Recordings

As a Participant conducts a Test, we make a recording of the Participant’s activities, which may include recordings of the Participant’s voice, video, face, movements, screen, text inputs and device and screen interactions (“Recordings”).

Intellectual property rights in Recordings, which may include personal data, are assigned by Participants to UserTesting under the terms of the Participant Terms of Service in consideration for Participants’ use of the Platform and Services.

UserTesting uses Recordings to provide Services to Customers, to market its products and services, to protect against fraudulent or illegal activity and to improve the UserTesting Platform and Services.

Data provided by our Customers (“Customer Data”)

During a Customer’s use of the Platform and Services, Customers are asked to provide information such as name and contact information, including email address, address, telephone or other relevant Personal Data.

Customer Data is used by UserTesting to identify each Customer and provide them with access to the Platform and Services, to bill Customers, and to meet UserTesting’s contractual obligations. We also use Customer Data to improve our Platform and Services and to provide Customers with notices about improvements and best practices in using the Platform and Services.

It is the Customer’s responsibility to ensure that collection and processing of Recordings from a Test it has created is handled in accordance with applicable law. For Customers in the EEA, please see our GDPR Notice. For Customers in California, please see our CCPA Notice.

Personal Data Collected Indirectly

Tracking Data

UserTesting tracks whether a Visitor lands on the UserTesting Site from an external source (such as a link on another website or in an email). UserTesting uses this information to improve the Site, Platform and Services.

Information from Third Parties

UserTesting collects Personal Data and other data from third parties that provide us with lists of potential Customers and their contact information, if such potential Customers give permission to those third parties to share their information with us. UserTesting uses this information for its own marketing purposes.

Cookies

UserTesting uses cookies and page tags on the Site, Platform and Services. Cookies are small bits of data we store on the device that you use to access our Site, Platform and Services so we can recognize repeat users. Depending on our use, certain cookies expire after a certain period of time. Some cookies will remain on a computer’s hard drive until they are deleted manually using browser or operating system software.

Visitors have the ability to accept or decline cookies that are not strictly necessary. Most web browsers automatically accept cookies, but individuals can usually modify browser settings to decline cookies. More information about disabling cookies is available at www.allaboutcookies.org. Choosing to decline certain cookies may result in decreased functionality on UserTesting Site, Platform and Services.

“Do Not Track”

UserTesting’s Site, Platform and Services currently do respond to Do Not Track (“DNT”) signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.

We collect data when you communicate with us

If you communicate with us directly, we will collect any Personal Data contained in such communications.

Automated decision making

UserTesting may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity or who have not engaged with the us for an extended period of time. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.

How we share your personal data

Data Processors and Subprocessors

UserTesting discloses users’ information to our third-party agents, contractors, or service providers who are hired to perform services on our behalf. These providers may operate or support certain functions of the Services, and in some cases collect information directly. Below is an illustrative list of functions for which we may use third-party service providers:

  • Analytics services, such as DataDog and NewRelic
  • Customer support services, such as ZenDesk
  • Billing services and payment gateway providers, such as PayPal
  • Hosting and content delivery network services, such as AWS
  • Job application/fielding service providers, such as GoogleHire or Greenhouse.

We do not directly collect your payment information and we do not store your payment information. We use a third-party payment processor, such as PayPal, which collects payment information on our behalf in order to complete transactions such as to pay Participants. While our administrators are able to view and track actual transactions via the third-party payment processor customer portal, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information.

Business Transfers

As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your Personal Data to a successor entity upon a merger, consolidation or other corporate reorganization in which UserTesting participates, or to a purchaser or acquirer of all or a portion of UserTesting’s assets, bankruptcy included.

Legal Obligations and Security

UserTesting will preserve or disclose your Personal Data in limited circumstances (other than as set forth in this Privacy Policy), including: (i) with your consent; (ii) when we have a good faith belief it is required by law, such as pursuant to a subpoena, warrant or other judicial or administrative order (as further explained below); (iii) to protect the safety of any person; to protect the safety or security of our Services or to prevent spam, abuse, or other malicious activity of actors with respect to the Services; or (iv) to protect our rights or property or the rights or property of those who use the Services.

If we are required to disclose Personal Data by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty).

Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.

How we store your data

Retention

We retain your data in accordance with your instructions, including your agreement to applicable terms of service and your use of the Platform and Services. We also retain Personal Data we collect from you where we have an ongoing legitimate business purpose for doing so. Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.

When we have no ongoing legitimate business purpose to process your personal information, we will either delete or anonymize it. If this is not possible (for example, because your Personal Data has been stored in backup archives), we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your Personal Data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements.

If you have questions about, or need further information concerning, our data retention periods, please send an email at privacy-request@usertesting.com.

Deletion

If you ask UserTesting to delete specific personal information that forms part of your Visitor Data, Participant Data or Customer Data, and for which we are the data controller, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like delivering and billing for our services, calculating taxes, or conducting required audits.

Generally, if Personal Data can no longer be retained or is no longer necessary, it will be deleted within a reasonable period of time.

Additional Rights

If you are an individual in the EEA or a California resident, please see the relevant GDPR Notice and CCPA Notice with respect to exercising your right to deletion.

Data protection (aka privacy) law in certain jurisdictions, like the European Economic Area (EEA), differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information. A processor processes personal information on behalf of a controller based on the controller’s instructions.

When UserTesting processes Visitor Data, Participant Data, and Customer Data, we generally act as a controller in most respects but may act as a processor in certain respects.

How you can control your data

Visitors, Participants and Customers who wish to request access to or correction of Personal Data for which UserTesting is the data controller should contact UserTesting at privacy-request@usertesting.com. Where UserTesting is the data processor or subprocessor of your Personal Data, Visitors, Participants or Customers should contact the relevant data controller to request access to or correction of that Personal Data.

Individuals located in the EEA or residents of California have additional rights as set forth in our relevant GDPR Notice and CCPA Notice.

How we keep your data safe

UserTesting has a data protection officer (“Data Protection Officer”) who is responsible for UserTesting’s compliance with and enforcement of this Privacy Policy. The Data Protection Officer is available to answer questions from any employees, Visitors, Customers, Participants, business partners, vendors, or others who may have questions concerning this Privacy Policy or UserTesting’s data security practices. UserTesting’s Data Protection Officer may be contacted at: data-protection-officer@usertesting.com.

Security

UserTesting cannot ensure or warrant the security of any information transmitted to UserTesting. All transmissions of information are done at the senders own risk. Once UserTesting is in possession of any information, UserTesting will make reasonable efforts to ensure the security of its systems.

Your personal information and files are stored on UserTesting’s servers and the servers of companies we hire to provide services to us.

UserTesting has adopted physical, technological, and administrative procedures designed to safeguard and secure the information we process. By using this Site, Platform or Services or by providing Personal Data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Site, Platform or Services.

Privacy Shield

UserTesting complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. UserTesting has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. To see a more detailed description about our participation with Privacy Shield, please see the Privacy Shield section in our GDPR Notice.

The Privacy Shield program applies to the processing of Personal Data in regards to the collection, use and retention of Personal Data from visitors, participants and customer employees located in Switzerland and the European Union and European Economic Area, as set out by the U.S. Department of Commerce. UserTesting is responsible for the processing of Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf under the Privacy Shield Framework. User Testing complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. UserTesting is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

User Testing encourages you to contact our Head of Privacy and Security at privacy-request@usertesting.com should have any Privacy Shield-related (or general privacy-related) complaint. As part of our participation in the Privacy Shield program, we will resolve disputes you have with us in connection with our policies and practices through JAMS ADR. For more information and to contact JAMS ADR directly, visit https://www.jamsadr.com/eu-us-privacy-shield. As a last resort and in limited situations, Swiss and EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.

You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details by visiting https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en

GDPR- General Data Protection Regulation

If you are located in the European Economic Area (“EEA”), this entire Privacy Policy applies to you as well as the GDPR Notice.

CCPA- California Consumer Privacy Act

If you are a resident of California, this entire Privacy Policy applies to you as well as the CCPA Notice.

Nevada Residents

If you are a resident of Nevada, this entire Privacy Policy applies to you as well as the following. You may direct a business that operates an internet website not to sell certain personal information a business has collected or will collect about you.

UserTesting does not sell your personal information pursuant to the definitions under the Nevada law.

Acceptance

You agree that you have carefully read this document and agree to its contents. If you choose not to agree with this Privacy Policy, then you should refrain from using the Site, Services, and Platform.

UserTesting reserves the right to change our Privacy Policy as necessary. Continued use of the UserTesting Site, Platform and Services after having been presented with any such a revised Privacy Policy indicates acceptance of the revised Privacy Policy. If we make material changes to this Privacy Policy, we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our apps and websites, or by other means consistent with applicable law.

Contact Us

If you have questions, comments, or concerns about UserTesting or this Privacy Policy, please email us at: privacy@usertesting.com.

USER TESTING, INC.
660 4th Street #246
San Francisco, CA 94107 
Attn: Office of the General Counsel

Last updated: December 31, 2019