Help Center
Go back to application
Help Center
Go back to application
Getting Started
Getting started with Product FruitsFeatures overview
Testing your content
Examples
Editor
Tutorials
Tours
Hints
Checklists
Announcements
Surveys
Life Ring Button
Feedback Widget
Knowledge Base
Product Fruits Analytics
Developers
Advanced Configuration
Troubleshooting
Privacy, Security & Billing
User data, security & GDPRSOC2 certificationMulti-factor authentication (MFA)Product Fruits Billing

User data, security & GDPR

What user data we track

We are committed to maintaining the highest standards of privacy and data protection. Here is an overview of the data we track and store on our servers.

  • The user information object - This includes the information you pass to Product Fruits.  
    • The only required user information is the username of the current user. A unique identifier is needed to ensure users do not see the same content repeatedly. This can be any string identifier e.g. user database IDs, usernames, emails, or hashed identifiers.
    • Other user properties are optional, e.g. user roles, sign-up dates, or other custom properties.

Learn more about the user identification process here.

  • The state of Product Fruits content for the user - We store information about the content the user has interacted with to ensure our features work. This includes:
    • Tours the user has finished or skipped
    • Hints that have been displayed to the user
    • Announcements the user has read
    • Checklists the user has completed or dismissed
    • Other similar information
  • Sent feedback - If you use our feedback widget, the gathered feedback is also stored on our servers.

Data usage policy

Limited data tracking - We only track data necessary to operate Product Fruits and data that you explicitly consent to us tracking. Consent is granted by passing the information to Product Fruits, meaning that when you provide us with user data, you are giving us permission to store and use that data for the specified purposes.

We highly recommended not to insert any sensitive content (e.g., passwords, other users' emails) into Product Fruits content (such as tours, hints, announcements). Additionally, hashing user data whenever possible enhances security by protecting user identities.

Our servers

We utilize Amazon Web Services (AWS) for our server infrastructure. 

All data is stored in an AES-256 encrypted database. Data transmitted to your end-user browser is encrypted via SSL/TLS.

Product Fruits systems and infrastructure are continuously monitored through automated systems and we are able to detect and respond to potential threats in real-time. Regular penetration tests are conducted by third-party security experts to identify and mitigate vulnerabilities. Our infrastructure is also regularly monitored and tested by AWS.

By default, our servers and all data are stored in the EU region. Your account and associated data are automatically managed within this region. Our default server location is in Ireland. We also provide US-based instances upon request.

GDPR and ISO Compliance

We are fully compliant with GDPR and have ISO 27701, SOC 2 Type 2 certification. Regular audits are conducted by certification authorities for ISO 27001 and SOC 2 Type 2. 

Upon making an account with us, you agree to our Data Processing Addendum.  

For further details, you can download our security certifications:

 

Powered by Product Fruits