Skip to main content

Data privacy & security

Terms of use & Privacy policy

Are you looking for our terms of use or privacy policy?

DPA (data processing agreement)

Please contact us to request a DPA for your organization.

Technical information

Cookies & localStorage

The Gleap SDK for JavaScript uses the localStorage for remembering users. The following two key / value pairs are used for this:

gleap-id: Used to identify the user

gleap-hash: Used to verify the identity of the user

Since version 8.4.3 of the Gleap JavaScript SDK, we also use cookies to maintain the user's session. Learn how to disable the use of cookies here.

Service providers

We are using the following service providers to securely run our infrastructure.

Microsoft Azure

Used for safely hosting our server, screenshot rendering engine, and static file hosting. Microsoft Azure allows us to scale based on your needs to provide you with high availability.

Location: Amsterdam, Netherlands (EU)

Microsoft Azure & GDPR

MongoDB Atlas

We are using MongoDB as our database. This ensures high scalability, availability & flexibility. The database is hosted within Microsoft Azure.

Location: Amsterdam, Netherlands (EU)

MongoDB Atlas & GDPR


Used to send transactional emails as well as customer feedback replies & received notifications.

Postmark & GDPR


We use Stripe to manage your Gleap subscriptions.

Stripe & GDPR


All API calls from our widget to our servers run through HTTPS with SSL. The data then gets encrypted and stored within our database.

Contact us if you need more information on encryption & architecture.

Data export & deletion

You can delete all your data at any time through our Gleap Dashboard. Data can also be exported as .csv within each project's settings under Data export.

Collected data

The data that is being collected varies depending on your widget settings. It's possible to [exclude data](../configuration/Feedback actions/ from being transmitted. In addition to that, you can enable or disable features like network logs, replays, custom data and custom events to control the data sent with every feedback item.

Depending on the options, a feedback item contains the following data:

  • Form data (depends on what data you collect - typically email & description)
  • Outbound ID (when sent as survey)
  • Priority
  • Status
  • Session ID
  • Project ID
  • Organization ID
  • Screenshot URL / data (for JS)
  • Replay data (for JS)
  • Metadata (including OS info, browser info, ...)
  • Attachments (if activated)
  • Network logs (if activated)
  • Custom data (if set)
  • Action log (if set)
  • Console logs (includes the log of the developer console)

In addition, we do store sessions, which help to associate feedback items to a specific user or guest. Sessions contain the following information:

  • Gleap ID (randomized ID to identify a session)
  • Gleap Session Hash (Hash that provides proof of identity)
  • User ID (if set with the identify() method)
  • Email address (if set with the identify() method OR through form-data)
  • Approximated location (the accuracy allows only to identify the country, due to anonymization of the IP address)
  • Name (if set with the identify() method or extracted from the email address)

Only the Gleap ID and Gleap Session Hash are mendatory and generated by default. All other information is optional and depends on the configuration of your projects.