Last updated: June 2026
At Usermaven, privacy and data protection are important parts of how we build and operate our analytics platform. We are committed to helping our customers use Usermaven in a way that supports their obligations under the General Data Protection Regulation, commonly known as the GDPR.
The GDPR is a European data protection law that applies to the processing of personal data in certain situations, including where organizations process personal data in the context of EU/EEA operations, offer goods or services to individuals in the EU/EEA, or monitor the behavior of individuals in the EU/EEA.
Personal data means any information that can directly or indirectly identify a person. This may include names, email addresses, IP addresses, device identifiers, online identifiers, cookie identifiers, account details, behavioral data, and other information connected to an identifiable person.
This page explains how Usermaven approaches GDPR-related responsibilities and how we help customers manage privacy and data protection requests when using our platform.
This page is for general information only. It does not replace Usermaven's Privacy Policy, Terms of Service, Data Processing Agreement, or any other written agreement between Usermaven and its customers.
Usermaven is built to help teams understand customer behavior, marketing performance, product usage, funnels, user journeys, and attribution while keeping privacy and security in mind.
As an analytics provider, we understand the responsibility that comes with processing customer data. Our goal is to keep our platform secure, transparent, and practical for teams that need reliable analytics without unnecessary complexity.
Our GDPR approach focuses on:
When customers use Usermaven to collect and analyze data from their websites, products, users, visitors, leads, accounts, or customers, Usermaven generally acts as a data processor. In this role, Usermaven processes customer data on behalf of the customer and according to the customer's instructions, as set out in the applicable agreement.
In these cases, the customer generally acts as the data controller. The customer is responsible for deciding what personal data is collected, why it is collected, the lawful basis for processing, how long it is retained, and how individuals are informed about that processing.
Usermaven may act as a data controller for personal data we collect and process for our own business operations. This may include account management, billing, customer support, website activity, marketing communications, security, fraud prevention, and service improvement.
Usermaven offers a Data Processing Agreement, also known as a DPA, to help customers address GDPR requirements when using Usermaven as a data processor.
The DPA is intended to set out relevant data protection terms for customer data processed through Usermaven, including processing instructions, confidentiality, security measures, subprocessor handling, assistance with data subject requests, breach notification, international transfer safeguards, and other applicable data protection commitments.
To request a DPA, please email privacy@usermaven.com with your organization's name and plan details.
The GDPR gives individuals certain rights over their personal data. Depending on the situation, these rights may include the right to access, correct, delete, restrict, object to processing, request portability of personal data, withdraw consent, or lodge a complaint with a data protection authority.
When Usermaven acts as a data processor, customers are responsible for receiving, verifying, and responding to requests from their own users, visitors, leads, customers, or other individuals. Usermaven will provide reasonable assistance to customers in responding to valid data subject requests, as required by applicable law and the applicable Data Processing Agreement.
If you are an end user of a website, product, or service that uses Usermaven, please contact the owner or operator of that website, product, or service directly. They are usually the data controller for your personal data.
If you are a Usermaven customer and need help with a data request, please contact support@usermaven.com.
Usermaven provides options to help customers manage their data, including data export and deletion support.
Customers can request help with exporting or deleting customer data by contacting support@usermaven.com. We will respond to valid requests in accordance with applicable law, our contractual obligations, and the customer's account permissions.
Where Usermaven acts as a processor, deletion and export requests are handled based on the customer's instructions, unless applicable law requires otherwise.
Usermaven retains personal data only for as long as reasonably necessary for the purposes described in our agreements, privacy notices, product settings, and internal policies, unless a longer retention period is required or permitted by law.
Where Usermaven acts as a processor, customer data retention may depend on the customer's subscription plan, account settings, product configuration, instructions, and applicable agreement.
Customers can request assistance with data deletion by contacting support@usermaven.com.
Usermaven uses technical and organizational measures designed to protect customer data against unauthorized access, loss, misuse, alteration, and disclosure.
These measures may include access controls, secure infrastructure practices, encryption where appropriate, monitoring, internal policies, vendor review, and controls designed to support the confidentiality, integrity, availability, and resilience of our systems.
No system can be guaranteed to be completely secure. However, we continue to review and improve our security practices as our product, infrastructure, and privacy requirements evolve.
Usermaven may use trusted vendors and subprocessors to help provide, secure, support, maintain, and improve our services. These may include providers for hosting, infrastructure, communications, customer support, billing, analytics, security, and operational workflows.
Before working with vendors that may process customer data, Usermaven reviews relevant privacy and security practices and uses contractual safeguards designed to protect customer data.
Where Usermaven acts as a processor and engages subprocessors to process customer data, we do so in accordance with applicable law and the applicable Data Processing Agreement. Subprocessor terms, notice, authorization, and objection rights, where applicable, are handled as set out in the relevant agreement or documentation.
If Usermaven becomes aware of a personal data breach affecting customer data, we will notify affected customers without undue delay, as required by applicable law and the applicable Data Processing Agreement.
Where Usermaven acts as a data processor, we will notify the relevant customer after becoming aware of a personal data breach affecting that customer's data.
Where Usermaven acts as a data controller and regulatory notification is required, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
If a breach is likely to result in a high risk to affected individuals, Usermaven will take steps required by applicable law, which may include communicating relevant information to affected individuals where Usermaven is responsible for doing so.
Initial breach notifications may be updated as additional information becomes available.
Usermaven may process or transfer personal data in countries outside the EU/EEA where necessary to provide, maintain, support, secure, or improve our services.
When personal data is transferred internationally, Usermaven uses appropriate transfer safeguards where required. These safeguards may include adequacy decisions, Standard Contractual Clauses, contractual protections, and supplementary measures where applicable.
Data transfer commitments, where applicable, are governed by Usermaven's agreements, Data Processing Agreement, and relevant privacy documentation.
Usermaven is designed with European data protection needs in mind and may use EU-based infrastructure for certain product data or services where applicable.
Some operational data, such as billing, support, communication, security, or service-related data, may be processed by approved vendors or subprocessors in other regions under appropriate contractual and transfer safeguards.
Any specific data residency commitments, if applicable, are governed by the customer's agreement with Usermaven or related data processing documentation.
Customers with specific data residency requirements can contact privacy@usermaven.com to discuss their needs.
Usermaven is built to provide useful analytics while supporting privacy-aware data practices. Our platform helps teams understand website activity, product usage, customer journeys, funnels, attribution, and conversions without making analytics harder than it needs to be.
We believe analytics should be accurate, understandable, and responsible. That means giving teams clear insights while helping them manage data in a more thoughtful way.
If you have any questions about GDPR, privacy, security, data processing, or Usermaven's Data Processing Agreement, please contact us at: privacy@usermaven.com
For product support or data export and deletion requests, please contact: support@usermaven.com