Effective Date: 8/26/2024

 

 

Usermuse provides a SaaS platform dedicated to user research, helping businesses gain deeper insights into their products and customers. This privacy policy explains how we collect, use, maintain, and protect personal information through our services.

 

 

Usermuse collects the following types of information:

 

•Personal Identifiable Information (PII): Includes names, emails, and other contact details.

•User-Generated Content: Includes product research notes, project names, call transcripts, and summaries generated from research sessions.

•Calendar Event Metadata: Details related to scheduled research calls, such as time, date, and participants.

•Call Recordings: Audio and video recordings of research sessions.

•App Usage Data: Data on user interactions within the app, collected through direct methods and third-party analytics services.

 

 

The information collected by Usermuse is used to:

 

•Provide and enhance our user research services.

•Generate insights that improve user interaction with products.

•Understand customer needs better and foster empathy within product teams.

 

 

We are committed to transparency and user consent. Before collecting any data, users must review and agree to our terms of service, which includes a summary of our core data collection practices. Consent for specific activities, such as recording calls, is obtained explicitly via in-app prompts or checkboxes.

 

 

Usermuse shares information with third-party services under strict confidentiality agreements to ensure data protection and compliance with relevant laws. These services include:

 

•Data Storage and Processing: Google Cloud, Firebase, and Recall.ai.

•Analytics and AI Processing: Google Analytics, Microsoft Clarity, Google Gemini APIs, Anthropic Claude APIs, OpenAI APIs, Vellum.ai, and Deepgram.com.

 

All third-party providers are SOC2, HIPAA, GDPR, and CCPA compliant, where applicable.

 

 

Usermuse employs robust security measures to protect user data:

 

•Data Encryption:

•Data at Rest: All data stored in Firestore is encrypted using Google’s encryption keys, with the option for customers to manage their own encryption keys via Cloud Key Management Service (KMS).

•Data in Transit: All communications between our app and Firestore are encrypted using HTTPS/TLS protocols.

•Access Control:

•Firebase Authentication enforces user authentication and authorization.

•Firestore Security Rules control database access based on conditions like user authentication status.

•IAM (Identity and Access Management) manages access to Google Cloud resources, including Firestore.

•Monitoring and Logging:

•Cloud Audit Logs provide a detailed record of administrative activities and access attempts.

•Firebase Crashlytics helps monitor and troubleshoot app crashes.

 

 

Users have the right to access, correct, or delete their personal data. To exercise these rights, users can contact our privacy team at [email protected]. We verify the identity of the requester to prevent unauthorized data access. Once a legal right over the data is established, we process the request promptly.

 

 

Usermuse retains data as long as it is necessary to provide our services or until a deletion request is received from the client. All data will be permanently deleted upon request. This includes all call transcripts, recordings, and any associated metadata.

 

 

Usermuse’s platform may be used by clients to conduct research involving individuals under the age of 16. In such cases, it is the client’s responsibility to obtain and verify all necessary parental consents and comply with applicable laws such as COPPA and FERPA.

 

 

Usermuse complies with the GDPR and CCPA regulations. We do not sell or rent Personal User Data and do not use it for surveillance or unauthorized profiling. We ensure that all data processing activities align with the purposes disclosed in this policy and comply with applicable legal frameworks.

 

 

Any changes to this privacy policy will be communicated to all active users via email at least 30 days before the changes take effect. Users are encouraged to review the policy periodically to stay informed about how we protect their data.

 

 

For any privacy-related concerns or inquiries, users can reach out to us at [email protected].