User data, security & GDPR

What user data we track

The following data is stored on our servers:

  • The user information object - this is information you pass to Product Fruits.
    • The only required information is the username of the current user. It can be anything that uniquely identifies the user (e.g.user database IDs, e-mails, or hashed e-mails).
    • Other user properties are optional and it's up to you whether or not to send additional data (e.g. user role, sign up date or other custom properties)
  • The state of Product Fruits content for the user - we store technical information about what content the user has consumed in order for our triggers to work properly, e.g.:
    • which tours the user has finished or skipped
    • which hints have been displayed to the user
    • which announcements the user has read
    • which checklists the user has completed or dismissed
    • ...and other similar information
  • Sent feedback - if you use our feedback widget, the gathered feedback is also stored on our servers

Generally, we only track:

  1. Data that we need to technically run Product Fruits 
  2. Data that you want us tracking

Content note 

It is highly recommended not to insert any sensitive content (passwords, other users' e-mails, etc.) into Product Fruits content (such as tours, hints, announcements, and more). 

Our servers

We use AWS as the server provider. Data are encrypted in the database (AES-256) and we always use HTTPS or other similarly secure channels.

EU location

Our servers and all data are stored in the EU region by default. When you sign up, your account is created in the EU region, installation scripts are generated for that region, and all tooling is set properly. You don't need to take any action as it all works automatically.

Testing and monitoring

Product Fruits systems and infrastructure are monitored 24/7 and periodically pen-tested. Our infrastructure is also monitored and tested by AWS.

GDPR ISO

We have ISO 27701 and are compatible with GDPR. Upon making an account with us, you agree to our Data Processing Addendum.