Privacy Policy

Userz, Inc. ("Userz," "we," "us") operates the Userz feedback-to-implementation platform at userz.ai (the "Service"). This Privacy Policy explains what information we handle, why, and your choices.

For privacy questions or requests, contact [email protected].

This policy applies to the Userz marketing site, dashboard, APIs, embeddable widget, and SDKs. It does not apply to the websites or applications of our customers, even those that embed our widget. When you submit feedback through a customer's app, the customer is the controller of that information; we process it on their behalf as described below.

Account information. When you sign up, we collect name, email address, organization name, identifiers from any authentication provider you choose to sign in with, and optional profile data.

Billing information. We use a third-party payment processor to handle payments. Card details are submitted directly to that processor; we receive only the information needed to manage your subscription (such as a customer reference, subscription status, and invoice metadata).

Customer-provided configuration. Repository URLs, branch and widget settings, and any credentials or tokens you provide so we can integrate with the services you connect (such as your source-code host, AI provider key, or notification channels). Sensitive credentials are encrypted at rest using industry-standard cryptography.

End-user feedback content. When an end user of one of our customers submits feedback through the embedded widget, we receive the information the customer's integration sends, typically a free-text description and, where the customer enables them, optional screenshots, browser console output, page and component context, and general device or browser metadata. End-user identity is included only when the customer's integration provides it.

Source code. When the Service runs an AI agent against a connected repository, the relevant code is fetched into an ephemeral, isolated execution environment that exists only for the duration of that single run and is destroyed when the run ends. We do not retain copies of customer source code outside that environment.

Usage and telemetry. Server logs, product-event metrics, and aggregated usage measurements (such as job counts and durations). Logs are kept at a level of detail needed to operate and secure the Service and do not include request bodies.

Cookies and similar technologies. A small number of first-party cookies for authentication, security, theme preference, and rate-limit identification. We do not use third-party advertising or cross-site tracking cookies.

We use the information above to:

• Provide, operate, and secure the Service, including running AI agent jobs against connected repositories.
• Authenticate users, enforce organization-scoped access, and prevent abuse.
• Process payments and manage subscriptions.
• Send transactional email (account verification, billing notices, security alerts).
• Detect, investigate, and respond to security incidents, including prompt-injection and abuse classifiers applied to end-user feedback before it reaches the AI agent.
• Improve product quality through aggregated, de-identified usage analysis.
• Comply with legal obligations and enforce our Terms of Service.

We do not train AI models on customer data, and we do not permit our AI sub-processors to do so. AI model providers are bound by their own zero-data-retention or data-processing terms; see "Sub-processors" below.

Where the GDPR or UK GDPR applies, we rely on:

• Performance of a contract: to provide the Service to customers.
• Legitimate interests: to secure the Service, prevent abuse, and improve features.
• Consent: where required, e.g., for non-essential cookies (we currently use none).
• Legal obligation: to comply with applicable law.

For end-user feedback, the customer is the data controller and our role is processor. The customer is responsible for establishing the lawful basis for collecting feedback from its users.

We rely on a small set of vetted sub-processors to operate the Service. Each is bound by written terms that require appropriate confidentiality, security, and data-protection obligations, and each is given access only to what is needed to perform its function. The categories of sub-processors we use include:

• Cloud infrastructure and managed-database providers.
• Object-storage providers (for screenshots and operational logs).
• Content-delivery, DNS, and edge-network providers used to serve the marketing site, widget, and APIs.
• AI model providers used for code generation, content classification, and sanitization. Where available, these providers are configured for zero data retention, and we do not permit them to train on customer data.
• Payment-processing providers.
• Transactional-email delivery providers.
• Source-code hosts (only invoked once you connect your own account, and only for the repositories you connect).
• Notification platforms (only invoked once you connect your own integration).

A current, named list of sub-processors is available on request to [email protected]. We give reasonable advance notice of material additions or replacements so that customers with concerns can raise them.

Beyond the sub-processors above, we disclose information only when:

• A customer expressly directs us to (e.g., opening a PR posts data to GitHub on their behalf).
• Required by law, subpoena, court order, or governmental request, where we will use reasonable efforts to notify the affected customer unless legally prohibited.
• Necessary to investigate fraud, abuse, or security incidents, or to protect rights, property, or safety.
• In connection with a merger, acquisition, or sale of assets, in which case we will provide notice and any new owner will honor the commitments in this policy.

We do not sell personal information.

• Account, billing, and configuration data: retained for the life of the account and up to 90 days after closure for backup and reconciliation, then deleted (longer if required by law, e.g., tax records).
• Encrypted secrets and credentials: deleted on disconnect or account closure, and rendered cryptographically inaccessible at account closure.
• End-user feedback (text, logs, metadata): retained for the life of the application unless deleted earlier by the customer.
• Screenshots and operational object-storage artifacts: automatically deleted after 30 days unless the customer marks the underlying feedback for retention.
• Source code processed by an AI agent: destroyed when the run ends.
• Server logs: approximately 30 days, then aggregated or deleted.
• Backups: encrypted backups may persist for a short period (up to 30 days) after the corresponding live data is deleted.

Customers can request earlier deletion via [email protected].

We employ a defense-in-depth approach designed for a service that handles source code and acts on third-party feedback. This includes industry-standard encryption in transit and at rest, isolated and ephemeral execution environments for code-handling workloads, scoped short-lived credentials, restricted network egress for sensitive workloads, least-privilege access controls, and layered defenses against prompt injection in end-user feedback. No system is perfectly secure; you should evaluate our controls against your own risk profile before connecting sensitive repositories. Customers with specific assurance needs can contact [email protected].

Userz is based in the United States, and our infrastructure runs in US and (optionally) EU regions. Where we transfer personal information from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on Standard Contractual Clauses (and the UK Addendum, where applicable).

Depending on where you live, you may have rights to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information ("right to be forgotten").
• Restrict or object to certain processing.
• Receive a portable copy of your information.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email [email protected] from the address associated with your account. For end-user feedback collected through a customer's application, please contact that customer first; we will assist them in fulfilling your request.

California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

We may update this policy from time to time. Material changes will be announced by email to account owners and posted here with a new "Last updated" date at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

Userz, Inc.

Email: [email protected]

For legal notices: [email protected]