Summary of Key Points
- We do not sell your data.
- We transfer data across borders, including to and from the US and other locations. Where applicable, we abide by the EU Standard Contractual Clauses for Processors pursuant to the European Commission Decision as of 4 June 2021 for Customer Personal Data exported from the EEA or Switzerland or (ii) the EU SCCs as amended by the UK International Data Transfer Addendum for Personal Data exported from the UK..
- We comply with the General Data Protection Regulation (the "GDPR"), as it applies in the EEA, Switzerland, and the UK and other applicable privacy laws. If you are a resident of the European Economic Area ("EEA"), Switzerland, or the UK, please see the GDPR Notice (https://www.usertesting.com/gdpr-policy) that applies to you.
- We comply with the California Consumer Privacy Act (the "CCPA"). If you are a resident of California, please see the CCPA Notice (https://www.usertesting.com/ccpa-policy) that applies to you.
Who we are
We provide websites ("Sites") where visitors and other members of our community ("Visitors") may learn about our offerings, view Site materials, and/or access our platform ("Platform") and related services ("Services") that enable (i) businesses, including current and prospective customers (collectively "Customers") to solicit feedback ("Tests") on any brand, design, content, or current or potential offering and (ii) individuals taking part in such Tests ("Contributors") to perform and record Tests. In connection with the Site, Platform, and Services, UserTesting may collect, record, and analyze information about Visitors, including its Customers and Contributors, which may include individually identifiable information that would allow UserTesting to determine the actual identity of or contact information of a specific individual, billing information, account settings, and other data ("Personal Data").
Who is my data controller?
Certain data protection and privacy laws, such as the GDPR, differentiate between "controllers" and "processors" of personal information. A "controller" decides why and how to process personal information. A "processor" processes personal information on behalf of a controller based on the controller's instructions.
For Visitors, the Company is the controller, to the extent that we collect or you provide your Personal Data.
For Contributors, the Company is the controller of the personal information collected from you by the Company, except for the information collected by our Customers through a Test.
For Customers, you are the controller of the data collected as part of a test you create using our Platform or Services, except for the IP addresses used to r access the Platform, which we control.
How we collect and use your data
How we collect Personal Data depends on how and why you use our Sites, our Platform, and/or our Services.
We collect Personal Data directly when you submit it to us, as a Visitor, Contributor, or Customer, as well as indirectly, such as through the use of automated technologies or from third parties. To help keep our databases current and to provide you the most relevant content and experiences, we may combine information provided by you with information from third-party sources, in accordance with applicable laws. For example, the size, industry, and other information about the company you work for (where you have provided company name) may be obtained from sources including professional networking sites and information service providers. We provide more information about how we collect Personal Data below.
UserTesting uses your Personal Data for certain legitimate business purposes, including the following:
- to provide you access to and use of the Platform and Services, including registering as a Customer or a Contributor,
- to deliver the Platform and Services to our Customers
- deliver Recordings containing Contributor Personal Data to our Customers,
- to improve and enhance your experience with the Platform and Services, including the content and general administration of the Platform and Services,
- to retain records as may be required for tax, legal, and financial purposes,
- to understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services,
- to communicate with you,
- to provide you with customer support in connection with your use of the Services,
- to detect fraud, illegal activities, or security breaches,
- to receive and make payments, and
- to provide information to regulatory bodies when legally required.
In the sections below, we are more specific about the purposes for which we use each category of data.
Data provided by or collected from our Visitors ("Visitor Data")
When Visitors use or browse one of our Sites, we collect their IP addresses and usage information such as page views, clicks, and browser type.
If a Visitor submits a request for a trial on our Site, chats with us for support, requests to watch a webinar, subscribes to our blog or other news, submits a request through our Contact Us form, or requests to download a whitepaper or other content, we may also collect the Visitor’s: name, title, email, phone number, company name, country and IP address.
We use this Visitor Data to provide the Visitor with the information or materials requested, including marketing materials, newsletters and other related content, perform analytics on how the Site, Platform, and Services are used, improve the use of the Site, Platform, or Services, and for other legitimate business purposes.
Data provided by or collected from our Contributors ("Contributor Data")
When a Contributor creates an account with UserTesting, we will collect the Contributor’s name, username, and password, zip code, and email address.
We may also ask each Contributor to provide us with additional information necessary or helpful for UserTesting to be able to determine which Tests are best directed to that Contributor. Examples of information we may collect are: birth year; gender; household income range; country; web expertise; presence of children (including gender and birth years); employment status, industry; company size; job role seniority; gaming genres; web browsers; social networks; languages spoken; race, ethnicity, sexual orientation, and other sensitive personal data, which may be provided on a voluntary basis and only collected as permitted by applicable law; devices owned (e.g. computer, smartphone, tablet); and computer operating system.
UserTesting uses Contributor Data to provide and improve its Services, pay Contributors, provide information on how to use our Platform and Services to our Contributors, and for other legitimate business purposes.
As a Contributor takes part in a Test, we make a recording of the Contributor’s activities, which may include recordings of the Contributor’s voice, screen content, face recordings, screen recordings, browser content, screen interactions including mouse movement and clicking, text input, device configurations, and any background audio or video content. ("Recordings"). Any personal or health information that appears on a Contributor's screen, or that is mentioned in the audio, may be captured in the Recording. If one of our Customers requests sensitive data from a Contributor as part of a test, we require the Customer to add a notification before the test begins of the specific sensitive data to be requested. The Contributor will then have the opportunity to continue with the test or decline it.
Intellectual property rights in the Recordings, which may include Personal Data and face Recordings, are assigned by Contributors to UserTesting under the terms of the Contributor Terms of Service in consideration for Contributors’ use of the Platform and Services. Recordings are owned by and controlled by the Customer or UserTesting, as applicable.
UserTesting uses Recordings to provide Services to Customers, to market its products and services, to protect against fraudulent or illegal activity, to improve the UserTesting Platform and Services and for other legitimate business purposes.
Privacy for Minors
From time to time, UserTesting’s Customers seek feedback from minor children (as defined by applicable law) using the Platform for Tests specifically designed for children. To facilitate those Tests, we require that a parent or legal guardian consent prior to a child engaging in a Test through their parent’s or legal guardian’s Contributor account. Our Customers are required to ensure that Tests which are specifically designed for children are for age-appropriate products and services and the Recording is limited to only captures the child’s voice. No other information is to be collected about the child by the Customer. The child’s responses may be used for the same purposes and subject to the same obligations, restrictions and conditions as any other similarly-situated Contributor response. By accepting and authorizing a Test for a child, the parent or legal guardian (as applicable) is consenting to such child’s participation in the Tests through the Platform for the benefit of the Customer. We may require that Customers sign additional terms for testing with children. In the event a parent has a reason to believe that their child is participating in a Test administered via the Platform without authorization, or wishes to exercise any of the parental rights set forth in this section or applicable law, including reviewing or deleting information collected in a Recording, such parent may contact UserTesting at 660 4th Street #246, San Francisco, CA 94107, by calling 1 (888) 877‒1882 or by email at COPPAfirstname.lastname@example.org.
Data provided by our Customers ("Customer Data")
During a Customer’s use of the Platform and Services, Customer’s employees are asked to provide information such as name and contact information, including email address, address, telephone, or other relevant Personal Data.
Customer Data is used by UserTesting to identify each Customer and provide them with access to the Platform and Services, to bill Customers, and to meet UserTesting’s contractual obligations. We also use Customer Data to improve our Platform and Services and to provide Customers with notices about improvements and best practices in using the Platform and Services, as well as other legitimate business purposes.
It is the Customer’s responsibility to ensure that collection and processing of Recordings from a Test it has created is handled in accordance with applicable laws. For Customers in the EEA, please see our GDPR Notice (https://www.usertesting.com/gdpr-policy). For Customers in California, please see our CCPA Notice (https://www.usertesting.com/ccpa-policy).
Personal Data Collected Indirectly
Tracking Data, IP Addresses and Device Fingerprints
UserTesting tracks whether a Visitor lands on the UserTesting Sites from an external source (such as a link on another website or in an email), as well as IP addresses from which the site is accessed and information about the computing device (fingerprint) used to access the Sites. UserTesting uses this information to improve the Site, Platform, and Services, as well as to prevent fraud and secure information.
Information from Third Parties
UserTesting collects Personal Data and other data from third parties that provide us with lists of potential Customers and their contact information, if such potential Customers give permission to those third parties to share their information with us. UserTesting uses this information for its own marketing purposes.
Visitors have the ability to accept or decline cookies that are not strictly necessary. Most web browsers automatically accept cookies, but individuals can usually modify browser settings to decline cookies. More information about disabling cookies is available at www.allaboutcookies.org. Choosing to decline certain cookies may result in decreased functionality on UserTesting Site, Platform and Services.
"Do Not Track"
UserTesting’s Site, Platform, and Services may not respond to Do Not Track ("DNT") signals. For more information on DNT settings generally, please visit https://allaboutdnt.com/.
We collect data when you communicate with us
If you communicate with us directly, we will collect any Personal Data contained in such communications.
Automated decision making
UserTesting may use automated decision making using a variety of signals derived from account activity to help identify and suspend accounts sending spam or engaged in other abusive or fraudulent activity or who have not engaged with the us for an extended period of time. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
How we share your personal data
Data Processors and Subprocessors
UserTesting discloses Personal Data to our third-party agents, contractors, or service providers who are hired to perform services on our behalf. These providers may operate or support certain functions of the Services, and in some cases collect information directly. Below is an illustrative list of functions for which we may use third-party service providers:
- Analytics services, such as DataDog and NewRelic
- Customer support services, such as ZenDesk and Intercom
- Billing services and payment gateway providers, such as PayPal
- Hosting and content delivery network services, such as AWS and Google Cloud Platform
- Job application/fielding service providers, such as Greenhouse and Homerun
Unless you and the Company have agreed otherwise, we generally do not directly collect your payment information and we do not store your payment information. We use a third-party payment processor, such as PayPal, which collects payment information on our behalf in order to complete transactions such as to pay Contributors. While our administrators are able to view and track actual transactions via the third-party payment processor’s customer portal, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information.
You understand and agree that, to the extent you share your Personal Data as part of Recording, that Personal Data will be shared with the Customer who prepared the Test.
As we continue to grow, we may purchase websites, applications, subsidiaries, and other businesses or business units. We may share your data among our corporate group companies. Alternatively, we may sell businesses or business units, merge with other entities, and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your Personal Data to a successor entity upon a merger, consolidation or other corporate reorganization in which UserTesting participates, or to a purchaser or acquirer of all or a portion of UserTesting’s assets, bankruptcy included.
Legal Obligations and Security
If we are required to disclose Personal Data by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, our policy is to respond to legal mandates that are properly issued.
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
How we store your data
We retain your Personal Data in accordance with your instructions, including those in the applicable terms of service accepted by you and any terms governing your use of the Platform and Services. We may also retain your Personal Data where we have an ongoing legitimate business purpose for doing so. We must retain information when it is needed for the establishment, exercise or defense of legal claims (also known as a "litigation hold"). In this case, we retain the information as long as needed for exercising respective potential legal claims.
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your Personal Data, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements.
UserTesting will delete Personal Data upon request, unless deletion is prohibited by law. At UserTesting’s option, we may delete Personal Data one year after our business relationship ends, subject to our document retention policies and practices. When we have no ongoing legitimate business purpose to process your Personal Data, we may either delete or anonymize it. Deletion may not be possible if your Personal Data was anonymized. In that case, the anonymized data will not be able to be combined with other data to identify you.
If you ask UserTesting to delete specific Personal Data of yours, and we are the data controller, we will honor your request by deleting or anonymizing the data unless deleting that information prevents us from carrying out necessary business functions, such as delivering and billing for our services, calculating taxes, or conducting required audits and fulfilling contractual obligations to our Customers, Contributors or others.
If you are an individual in the EEA or a California resident, please see the relevant GDPR Notice (https://www.usertesting.com/gdpr-policy) and CCPA Notice (https://www.usertesting.com/ccpa-policy) with respect to exercising your right to deletion.
How you can control your data
Visitors, Contributors, and Customers who wish to request access to or correction of Personal Data for which UserTesting is the data controller should contact UserTesting at email@example.com. Where UserTesting is the data processor or subprocessor of your Personal Data, Visitors, Contributors, or Customers should contact the relevant data controller to request access to or correction of that Personal Data.
Individuals located in the EEA or residents of California have additional rights as set forth in our relevant GDPR Notice (https://www.usertesting.com/gdpr-policy) and CCPA Notice (https://www.usertesting.com/ccpa-policy).
How we keep your data safe
We cannot guarantee, ensure or warrant the security of any information transmitted to the Company. All transmissions of information are done at the sender’s own risk. Once we are in possession of information, we will make reasonable efforts to ensure the security of the information within our systems.
Your personal information and files are stored on UserTesting’s servers and the servers of companies we hire to provide services to us.
UserTesting has adopted physical, technological, and administrative procedures designed to safeguard and secure the information we process. By using this Site, Platform or Services or by providing Personal Data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Site, Platform or Services.
UserTesting complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. UserTesting has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. To see a more detailed description about our participation with Privacy Shield, please see the Privacy Shield section in our GDPR Notice (https://www.usertesting.com/gdpr-policy).
The Privacy Shield program applies to the processing of Personal Data in regards to the collection, use and retention of Personal Data from visitors, Contributors and customer employees located in Switzerland and the EU and EEA, as set out by the U.S. Department of Commerce. UserTesting is responsible for the processing of Personal Data it receives and subsequently transfers to a third party acting as an agent on its behalf under the Privacy Shield Framework. User Testing complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. UserTesting is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
User Testing encourages you to contact our privacy team at firstname.lastname@example.org should you have any Privacy Shield-related (or general privacy-related) complaint. As part of our participation in the Privacy Shield program, we will resolve disputes you have with us in connection with our policies and practices through JAMS ADR. For more information and to contact JAMS ADR directly, visit https://www.jamsadr.com/eu-us-privacy-shield. As a last resort and in limited situations, Swiss and EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. You can find the relevant supervisory authority name and contact details by visiting https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.
UserTesting does not sell your personal information pursuant to the definitions under Nevada law.
USER TESTING, INC.
660 4th Street #246
San Francisco, CA 94107
Attn: Office of the General Counsel
Last updated: April 11, 2022