Throughout the document, we may use the following terms:
- We, us: refers to Searchness's parent company, Userstand SAS.
- Visitor: refers to any person browsing any page or screen of the Searchness websites or mobile applications.
- Customer, researcher: refers to a person who has created an account on Searchness in order to do user research.
- Owner: refers to the customer who has the highest level of permissions for their organization inside the Searchness application. They have the ability to manage billing information, user accounts of their organization's members, and the ability to delete the organization account along with all its data.
- Participant: a person who participate in a study recorded with Searchness. They are usually invited by a customer to do so.
- Personal data: following the definition of article 4 of the European Union's General Data Protection Regulation (GDPR), "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Basically, any content a visitor, a customer or a participant sends to Searchness when using the Service.
As a visitor, when you access the Service, we automatically log your Internet Protocol (IP) address along with other technical, non-identifying information about your system: the type and model of the device you are using, the type and version of your operating system and the type and version of your internet browser. Excepted for the IP address, we don't store any of your personal data if you don't use the Service as a customer or as a participant. IP addresses kept in our logs are deleted every seven days.
As a customer, when you sign up for Searchness, we ask for your name, your organization name and your email address. We use this information to personalize your account and to have the ability to contact you when we need to communicate updates that could affect your usage of the Service. We will never use your name or company name outside of your usage of the Service (for example, for marketing or sales purposes) without your permission.
When you upgrade to a paid subscription or use our participant recruiting feature, we ask you for your credit card details and biling information so we can calculate taxes dues, process your payment, create and send you invoices. We never store your credit card number. Your transactions are processed securely by our payment processor and no critical financial information ever touches our servers.
You may also provide us personal information when creating content with Searchness, such as projects, tasks, interview and follow-up questions, audio, video, interaction recordings of research sessions, notes and tags. Or when corresponding with us using email, social media or any other communication channel. In these cases, we use your information to provide you the Service, improve it and provide you support when you have a question or face an issue.
As a participant, when you participate in a study on Searchness, we ask you for a display name in order for the researchers (our customers) to be able to distinguish between study participants.
Depending on the settings of the study set by the researchers, we store your display name, a recording of your session in audio and video, your answers in response to researchers' questions, along with information about your interaction on websites during the session: clicks, entries in form inputs, web pages (URLs) visited. We also store the type and model of the device you are using, your screen resolution and which city approximately you are doing the study from.
Keeping a record of this information is necessary for the researchers to be able to analyze meaningfully the research sessions they conduct with you and access it when needed.
The European Union's (EU) General Data Protection Regulation (GDPR) guarantees several rights to Internet users residing in EU countries. As a data controller for your personal data, we comply with this regulation and apply the resulting rights to all our customers, in any country they may resides in.
As a customer, you have the following rights:
- Right of access: this includes knowing the purpose of us storing and processing your personal data, the kind of personal data we have about you, the recipients we might disclose your personal data to or share it with. This also includes the right to know the period for which your personal data will be stored and knowing the different rights you have about your data.
- Right to rectification: except for IP addresses that are deleted from our logs every seven days, you can autonomously edit any personal information we have about you when you log in into the Searchness application.
- Right to erasure: also known as the right to be forgotten, it guarantees you the erasure of your personal data without undue delays if you request it, when they are no longer necessary and in other circumstances specified in article 17 of the GDPR. If you are the owner of the organization inside the Searchness application, when you log in, the application gives you several tools to delete any personal data you need to delete. If you are not the owner, you may ask the owner to do so for you as some of the information might also be company's property.
- Right to restriction of processing: you can request the restriction of our processing of your personal data and of the purpose of that processing. Since the scope of this type of requests varies depending of the situation, we may have to perform some manual procedures to satisfy your request. In order to request the restriction of processing of your data, you may contact us at the following email address: firstname.lastname@example.org.
- Right to data portability: all information provided to Searchness is automatically exportable to machine-readable files that can be transferred into and used inside other applications. Depending on the level of permissions given to you by the owner of the organization, you can export video recordings, note clips, note boards, project reports and all of the organization's data.
- Right to object: this is your right at any time to object to processing of your personal data. When such a request is made, we shall no longer process your personal data unless we demonstrate compelling legitimate and legal grounds for such processing that could override that right.
- Right not to be subject to automated decision-making: we shall not submit you to any automated decision-making, including profiling that could have significant impact for you, legally or in other ways. This right is not applicable if this processing is necessary for entering into, or performance of the contract between you and us, or if this processing is allowed or authorised by the European Union or a EU country law to which you are subject.
If you have any questions about those rights or need assistance, please contact us at email@example.com.
As a participant, you may have to contact the researchers who directed the study you participated in, to exercise your rights. Searchness acts as a data processor on behalf of its customers. It means that we collect, store and present your information to our customers but do not determine the purpose for which nor the means by which that information is processed.
If you think that one of our customers has breached our Terms of Service or if you need assistance, please contact us at the following email address: firstname.lastname@example.org.
Searchness does not knowingly ask for personal data from children under the age of thirteen years. If such personal information were to be collected and discovered, it would be deleted without delay. Individuals under eighteen (18) years old, should have a written parental consent before using Searchness.
Data storage and location
Searchness stores your data on servers located in France and in the United States. If you are located outside the United-States, be aware that your data maybe be transferred to the United States. For customers and participants located in the European Union, know that in the United States, you data is hosted on a permanent basis by Amazon Web Services (AWS) and Google Cloud, and temporarily (up to a few hours) by Twilio and Vonage.
Amazon, Google and Twilio are certified under the EU-US Privacy Shield. Vonage has signed standard contractual clauses (European Commission Model Contract) for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament. This ensures that we comply with the European Union data protection laws relative to data transfers.
Our policy is to limit as much as possible the extent to which we share any personal data with third-parties. We don't sell your personal data to anyone and never will. The only times we have to share your personal data are:
- With your permission, when it's necessary in order to provide you with the Service in the cases where we rely on a third-party for part of our processing. You can consult our list of data subprocessors.
- In order to investigate cases of violation of our Terms of Service, of fraud, of cyber-security and physical threats and of compliance with law enforcement.
Following article 25 of the GDPR, we ensure that your data is protected by design and by default, using industry security standards and best practices.
All data transmitted from our servers to your browser are encrypted using SSL (HTTPS). Backups of your data are encrypted using Advanced Encryption Standard (AES-256).
No one can guarantee that any information stored on the Internet is 100% secure and that no breach can happen, causing some of the data to be used in inappropriate ways by malevolent actors. However, we implement anything we can to minimize this risk. Consult our security overview to learn more.
We store your personal data as long as necessary to provide you with the Service or to comply with law enforcement, but not longer. As soon as the processing of the data is no longer justified, the data is deleted from our systems. This is why our server logs are automatically deleted every seven days.
When you delete content from your account (a project, a recording, a note etc.), all textual data are immediately deleted and not recoverable. Media files (audio, images and videos) are kept during seven days and then also deleted and not recoverable from this point.
If you are the owner, when you delete your organization's account, similar measures are taken: your organization, its members and all its non-media data will be deleted immediately and the media files will be deleted permanently seven days later. This is why we suggest you download your content before deleting it or before deleting your organization's account.
Policy updates & questions
Last updated: January 20th, 2020