Usermaven privacy policy

Last Updated: March 1st, 2026

Usermaven Inc. ("Usermaven", "we", "us", "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, interact with our marketing pages, or use our products and services (collectively, the "Services").

This Policy is designed to comply with major global privacy laws, including the GDPR (EU & UK), CCPA/CPRA (California), LGPD (Brazil), DPDP Act (India), and other applicable international regulations.

1. Who we are & scope of this policy

1.1 Company details

• Legal entity: Usermaven Inc.
• Address: 16192 Coastal Highway, Lewes, Delaware 19958, USA
• Email: privacy@usermaven.com

1.2 Our roles in data processing

Usermaven operates in different roles depending on how personal data is collected and used.

A. When we act as a data controller

We act as a Data Controller when we determine the purposes and means of processing personal data. This includes situations such as:

• Visitors browsing our website
• Individuals who submit contact forms or request demos
• Sales leads and marketing communications
• Account owners and administrators
• Customer support communications

In these cases, we decide why and how personal data is processed in order to operate, improve, and secure our services.

B. When we act as a data processor

We act as a Data Processor when our customers use Usermaven's analytics tools to collect and analyze data about their own website or application users.

In this context:

• We process data solely on behalf of our customers.
• We act only under our customers' documented instructions.
• We do not determine the purposes for which that data is collected.
• We do not use customer analytics data for our own independent purposes.

Our data processing activities in this role are governed by our Data Processing Addendum (DPA) and applicable agreements with our customers.

Customers are responsible for ensuring they have an appropriate legal basis for collecting and sharing data with Usermaven.

2. Personal information we collect

2.1 Information you provide directly

We collect personal information that you voluntarily provide to us, including:

• Contact data: Name, work email address, company name, and job title.
• Account data: Account credentials and authentication-related information.
• Billing data: Billing and payment information necessary to process subscriptions and transactions. Payment processing is handled by third-party payment providers, and we do not store full payment card details.
• Communications: Information you provide when contacting us for support, submitting inquiries, or managing communication preferences.

2.2 Information collected automatically

When you visit our website or use our services, we automatically collect certain information, including:

• Technical data: IP address, approximate geographic location (derived from IP), browser type, device type, and operating system.
• Usage data: Pages viewed, features accessed, referring URLs, timestamps, and interaction data related to website navigation.
• Diagnostic data: System logs, error reports, and performance metrics used to maintain and improve our services.

3. Cookies & tracking technologies

3.1 Use of cookies and consent

We use cookies and similar technologies to support essential website functionality, security, user preferences, and analytics.

Non-essential cookies, including analytics and marketing-related technologies, are deployed only after users provide consent where required by applicable law.

We use Cookiebot as our Consent Management Platform (CMP) to:

• Display required cookie notices and banners
• Obtain and record user consent choices
• Enable or disable non-essential cookies based on user preferences
• Maintain verifiable records of consent where applicable

Users may modify their cookie preferences at any time.

For detailed information about the cookies and similar technologies we use, please see our Cookie Policy.

3.2 Analytics and marketing technologies

Marketing pages:

On certain marketing-related pages, we may use tracking technologies to measure campaign effectiveness, understand website performance, and improve user experience. These technologies are activated only in accordance with user consent preferences.

Usability & debugging tools:

We may use limited interaction analytics tools (such as heatmaps or session-based usability analysis) to understand aggregate website behavior and improve functionality. These tools:

• Operate on a limited basis
• Mask or exclude sensitive input fields
• Do not capture payment information
• Are not used for behavioral profiling or targeted advertising
• Are not used to identify individual users

4. How we use personal information

We use personal information for the following purposes:

• Service delivery: To operate, maintain, and provide our platform and related services, including managing accounts, subscriptions, authentication, and transactions.
• Customer support: To respond to inquiries, provide technical assistance, and resolve service-related issues.
• Communications: To send service-related notices, account updates, security alerts, and other administrative communications. Where permitted by law, we may send marketing communications, and you may opt out at any time.
• Service improvement & security: To analyze website and platform performance, monitor usage trends in aggregate, improve functionality, prevent fraud, and protect the security and integrity of our systems.
• Legal & compliance: To comply with applicable laws and regulations, respond to lawful requests, enforce our agreements, and protect our rights.

5. Legal foundations

5.1 Legal bases (GDPR/UK GDPR)

Where applicable under the GDPR or UK GDPR, we process personal data based on one or more of the following legal grounds:

• Contractual necessity: Where processing is necessary to provide our services, manage accounts, process subscriptions, or fulfill contractual obligations.
• Legitimate interests: Where processing is necessary for our legitimate business interests, including maintaining platform security, preventing fraud, improving our services, and ensuring operational reliability. We ensure that such interests are not overridden by individuals' rights.
• Consent: Where required by law, including for marketing communications and the use of non-essential cookies or tracking technologies. Consent may be withdrawn at any time.
• Legal obligations: Where processing is necessary to comply with applicable laws, regulatory requirements, or lawful requests.

5.2 AI & machine learning

Usermaven does not train artificial intelligence or machine learning models using customer data or end-user analytics data.

6. Data sharing & international transfers

6.1 Data sharing

We do not sell personal data, nor do we share personal data for cross-context behavioral advertising as defined under applicable privacy laws.

We share personal data only where necessary to operate our services and in accordance with this Privacy Policy, including with:

• Service providers: Trusted third-party providers that support our operations, such as cloud hosting providers, content delivery networks (CDNs), analytics tools, customer support tools, messaging providers, and payment processors. These providers process data only on our behalf and under contractual confidentiality and data protection obligations.
• Affiliates: Affiliated entities under common ownership or control, subject to appropriate confidentiality safeguards.
• Legal & regulatory authorities: Where required to comply with applicable law, enforce our agreements, or protect our rights, property, or safety.

6.2 International transfers

Data is primarily processed within the European Union. For transfers outside the EU or the United Kingdom, we utilize Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

7. Security & retention

We implement appropriate technical and organizational safeguards designed to protect personal data, including encryption in transit and at rest, role-based access controls, authentication measures, and ongoing monitoring of our systems.

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to meet legal, accounting, or reporting obligations.

Customer analytics data processed on behalf of our customers is retained and deleted in accordance with the applicable Data Processing Addendum (DPA) and customer instructions.

When personal data is no longer required, we delete or anonymize it in accordance with our internal retention policies.

8. Your privacy rights

Where required by applicable law, individuals may have certain rights regarding their personal information.

These rights may include:

• Access: The right to request confirmation of whether we process your personal information and, where applicable, obtain access to that information.
• Correction: The right to request correction of inaccurate or incomplete personal information.
• Deletion: The right to request deletion of personal information, subject to legal, contractual, or legitimate business limitations.
• Restriction or objection: The right, in certain circumstances, to request restriction of processing or to object to processing based on legitimate interests.
• Withdrawal of consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
• Data portability (where applicable): The right to receive personal information you provided to us in a structured, commonly used format, where technically feasible and legally required.

Regional specifics

• California (CCPA/CPRA): California residents may have the right to request access to, correction of, or deletion of personal information, subject to statutory exceptions. We do not sell personal information or share it for cross-context behavioral advertising as defined under California law.
• Brazil (LGPD): Brazilian residents may have rights to confirmation of processing, access, correction, anonymization, portability, and deletion, subject to legal limitations.
• India (Digital Personal Data Protection Act, 2023): Indian residents may have rights to access, correction, erasure, and grievance redressal under applicable law.

9. Children's privacy

Our Services are not directed to children and are not intended for individuals under the age of 16, or the equivalent minimum age in the relevant jurisdiction. We do not knowingly collect personal information from children.

If we become aware that personal information has been collected from a child without appropriate authorization, we will take reasonable steps to delete such information.

10. Contact & exercise of rights

To exercise any applicable privacy rights, please contact us at:

Email: privacy@usermaven.com

If your request relates to personal data processed by Usermaven on behalf of one of our customers, we may direct your request to the relevant customer, as they act as the Data Controller for such data.

We may take reasonable steps to verify your identity before responding to your request. We will respond within the timeframes required by applicable law.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date above. Continued use of the Services after changes become effective constitutes acceptance of the updated Policy.