User data, security & GDPR

What user data we track

The following data is stored on our servers:

  • User information object - this is the information that you are passing to Product Fruits.
    • The only required information is the username of the current user. It can be any unique identifier of the user, e.g.user database IDs, e-mails, or hashed e-mails.
    • Other user properties are optional and it is up to you what data you will send, e.g. user role, sign up date or other custom properties
  • State of Product Fruits content for the user - we store technical information about what content the user consumed, so our triggers can work properly, e.g.:
    • what tours the user finished or skipped
    • what hints the user displayed
    • what announcements the user read
    • what checklists the user completed or dismissed
    • ...and other similar information
  • Sent feedback - if you use our feedback widget, the gathered feedback is also stored on our servers

Generally, we track only:

  1. Data that we need to technically run Product Fruits 
  2. Data that you want us to track

Content note 

It is highly recommended to not insert any sensitive content (i.e. passwords, other users e-mails, ...) into Product Fruits content (like tours, hints, announcements and others).

Our servers

We use AWS as the server provider. Data are encrypted in the database (AES-256) and we always use HTTPS or other similar secure channels.

EU location

Our servers and all data are stored in the EU region by default. When you sign up, your account is created in the EU region, installation scripts are generated for that region and all tooling is set properly. You don't need to take any action, it all works automatically.

US location

If you need your Product Fruits account to be hosted in the US location, please contact us. The US deployment notes:

  • The Chrome extension works only against the EU region, you have to install our JavaScript snippet into your application to be able to work with the US deployment
  • The JavaScript installation must be adjusted

Testing and monitoring

Product Fruits systems and infrastructure are monitored 24/7 and periodically pen-tested. Our infrastructure is also monitored and tested by AWS.

GDPR ISO

We have ISO 27701, we are compatible with GDPR and we're also open to custom DPAs.