Privacy Policy

Last updated: February 27, 2026

Overview

UserContext (“we”, “our”, “us”) provides an AI-powered observability platform that helps product and engineering teams understand user friction. This Privacy Policy explains what data we collect, how we use it, and the rights you have over your information.

We are committed to privacy by design. Our architecture minimizes data collection and applies automatic PII redaction before data leaves the browser or reaches our servers.

1. Data We Collect

We collect two categories of data:

a) Account Data (from you, our customer)

  • Email address and name (during registration)
  • Role and team size (during onboarding)
  • Project configuration and API keys
  • Billing information (processed by our payment provider)

b) End-User Interaction Data (from your users' browsers)

  • Error logs — JavaScript errors, unhandled promise rejections, and console errors
  • Network failures — Failed HTTP requests (4xx/5xx status codes and network errors only)
  • Click events — Element tag, text, and CSS selector (no form values or input content)
  • Navigation events — Page URL changes
  • Environment metadata — Browser name/version, operating system, viewport size, and connection type

We do not collect passwords, form input values, credit card numbers, health information, or any other sensitive personal data by default. Our widget is designed to capture interaction patterns, not personal content.

2. PII Redaction

UserContext applies multiple layers of PII protection:

  • Client-side scrubbing — Customers can configure high-risk CSS selectors (e.g., .password-field) that are redacted before data leaves the browser
  • Server-side redaction — Our API automatically detects and masks common PII patterns (emails, phone numbers, SSNs, credit card numbers) in all captured data
  • Synthetic data mode — Optionally replace redacted values with AI-generated functional equivalents instead of showing [REDACTED] placeholders

3. How We Use Data

  • Identify user friction and product issues in your application
  • Generate AI-powered analysis of bugs, including root cause identification and revenue impact estimation
  • Provide session replay and user journey timelines
  • Route insights to your existing tools (Slack, Jira, Linear, etc.)
  • Improve our own product and machine learning models

4. Data Storage & Security

All data is stored in PostgreSQL databases hosted on Supabase (AWS infrastructure). Data is encrypted at rest using AES-256 and in transit using TLS 1.3. Access is controlled via row-level security policies — each customer can only access their own project data.

For more details, see our Security page.

5. Third-Party Services

We use the following third-party services to operate UserContext:

  • Supabase — Database hosting, authentication, and real-time subscriptions
  • Google Gemini — AI analysis of anonymized error patterns (no raw PII is sent to AI providers)
  • Vercel — Dashboard hosting and CDN

We do not sell, rent, or trade any data to third parties.

6. Data Retention

Session logs and issue data are retained for the duration of your active subscription plus 30 days. After account cancellation, all project data is permanently deleted within 30 days. Account data (email, name) is retained for up to 90 days for billing and legal compliance purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of all data we hold about you
  • Correction — Request that we correct inaccurate data
  • Deletion — Request that we delete your data (“right to be forgotten”)
  • Portability — Request your data in a machine-readable format
  • Opt-out — Opt out of data processing for marketing purposes

To exercise any of these rights, contact us at privacy@usercontext.com. We will respond within 30 days.

8. Cookies

The UserContext widget uses sessionStorage (not cookies) to maintain session identity within a browser tab. This data is automatically cleared when the tab is closed and is not shared across tabs or domains.

The UserContext dashboard uses essential session cookies for authentication only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice in the dashboard. Your continued use of UserContext after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

UserContext, Inc.
Email: privacy@usercontext.com