Data privacy & security
Terms of use & Privacy policy
Are you looking for our terms of use or privacy policy?
DPA (data processing agreement)
Please contact us to request a DPA for your organization.
Technical information
Cookies & localStorage
The Gleap SDK for JavaScript uses the localStorage for remembering users. The following two key / value pairs are used for this:
gleap-id: Used to identify the user
gleap-hash: Used to verify the identity of the user
Since version 8.4.3 of the Gleap JavaScript SDK, we also use cookies to maintain the user's session. Learn how to disable the use of cookies here.
Service providers
We are using the following service providers to securely run our infrastructure.
Microsoft Azure
Used for safely hosting our server, screenshot rendering engine, and static file hosting. Microsoft Azure allows us to scale based on your needs to provide you with high availability.
Location: Amsterdam, Netherlands (EU)
MongoDB Atlas
We are using MongoDB as our database. This ensures high scalability, availability & flexibility. The database is hosted within Microsoft Azure.
Location: Amsterdam, Netherlands (EU)
Postmark
Used to send transactional emails as well as customer feedback replies & received notifications.
Stripe
We use Stripe to manage your Gleap subscriptions.
Encryption
All API calls from our widget to our servers run through HTTPS with SSL. The data then gets encrypted and stored within our database.
Contact us if you need more information on encryption & architecture.
Data export & deletion
You can delete all your data at any time through our Gleap Dashboard. Data can also be exported as .csv within each project's settings under Data export.
Collected data
The data that is being collected varies depending on your widget settings. It's possible to [exclude data](../configuration/Feedback actions/Readme.md#exclude-data) from being transmitted. In addition to that, you can enable or disable features like network logs, replays, custom data and custom events to control the data sent with every feedback item.
Depending on the options, a feedback item contains the following data:
- Form data (depends on what data you collect - typically email & description)
- Outbound ID (when sent as survey)
- Priority
- Status
- Session ID
- Project ID
- Organization ID
- Screenshot URL / data (for JS)
- Replay data (for JS)
- Metadata (including OS info, browser info, ...)
- Attachments (if activated)
- Network logs (if activated)
- Custom data (if set)
- Action log (if set)
- Console logs (includes the log of the developer console)
In addition, we do store sessions, which help to associate feedback items to a specific user or guest. Sessions contain the following information:
- Gleap ID (randomized ID to identify a session)
- Gleap Session Hash (Hash that provides proof of identity)
- User ID (if set with the identify() method)
- Email address (if set with the identify() method OR through form-data)
- Approximated location (the accuracy allows only to identify the country, due to anonymization of the IP address)
- Name (if set with the identify() method or extracted from the email address)
Only the Gleap ID and Gleap Session Hash are mendatory and generated by default. All other information is optional and depends on the configuration of your projects.