Data Collection
Understand what data UserHero collects
Data Collection
UserHero is designed with privacy in mind. Here's exactly what data we collect and how it's used.
What We Collect
User-Submitted Data
Data explicitly provided by users:
| Data | Description | Control |
|---|---|---|
| Feedback text | The message the user writes | Always collected |
| Category | Bug, feature, etc. | Optional field |
| Rating | Star rating or score | Optional field |
| User's email for follow-up | Optional field | |
| Screenshot | Captured viewport image | Optional field |
| File attachments | Uploaded files | Optional field |
Automatic Context
Data captured automatically with feedback:
| Data | Description | Control |
|---|---|---|
| Page URL | Where feedback was submitted | Configurable |
| Referrer | Previous page | Configurable |
| Browser | Browser name and version | Configurable |
| OS | Operating system | Configurable |
| Device type | Desktop, mobile, tablet | Configurable |
| Viewport | Screen dimensions | Configurable |
| Timezone | User's timezone | Configurable |
| Locale | Language preference | Configurable |
| Country | Approximate location | Configurable |
Custom Metadata
Data you explicitly send via setMetadata():
- User ID
- Plan/subscription
- Account info
- Any custom key-value pairs
You control custom metadata: We only store what you explicitly send. Never send sensitive data like passwords or payment info.
What We DON'T Collect
UserHero does not collect:
- ❌ Passwords or credentials
- ❌ Payment information
- ❌ Personal health data
- ❌ Session recordings
- ❌ Keystroke logging
- ❌ Full IP addresses (hashed only, if enabled)
- ❌ Cross-site tracking
- ❌ Advertising data
IP Address Handling
We offer three modes for IP handling:
| Mode | Description |
|---|---|
| None | IP is not stored |
| Hashed | One-way hash for rate limiting |
| Country only | Only country code is derived |
Default: Hashed (for rate limiting, not stored long-term)
Screenshot Privacy
Screenshots include automatic privacy protections:
- Password fields are masked
- Inputs can be auto-masked
- Custom masking via
data-userhero-mask - Exclusion via
data-userhero-exclude
Data Retention
| Data Type | Retention |
|---|---|
| Feedback text | Per your plan (minimum 1 year) |
| Context data | Same as feedback |
| Custom metadata | Same as feedback |
| Screenshots | 90 days |
| Analytics | 90 days |
GDPR Compliance
UserHero supports GDPR compliance:
- Lawful basis: Consent or legitimate interest
- Data minimization: Collect only what you need
- Right to erasure: Delete feedback via dashboard or API
- Data portability: Export feedback as CSV
- Privacy controls: Configure what's collected
User Consent
The widget can be configured to show a consent notice before collecting feedback. Users must acknowledge before submitting.
Cookie Usage
UserHero uses minimal cookies:
| Cookie | Purpose | Duration |
|---|---|---|
uh_session | Prevent duplicate submissions | Session |
No third-party tracking cookies are used.
Third-Party Sharing
We do not sell or share your data with third parties for advertising.
Data is only shared with:
- Infrastructure providers (hosting, storage)
- As required by law
Data Security
- All data encrypted in transit (TLS 1.3)
- Data encrypted at rest
- Regular security audits
- SOC 2 Type II (in progress)
Data Location
Data is stored in:
- Primary: Google Cloud (US)
- Backups: Encrypted, geographically distributed
Enterprise plans can request specific data regions.
Configuring Collection
See Privacy Controls to configure what data is collected for your project.
Data Subject Requests
To handle user requests for their data:
- Search feedback by email or user ID
- Export relevant feedback
- Delete if requested
Or contact hello@appsyogi.com for assistance with bulk requests.