Usermaven & GDPR compliance

Last updated: April 7, 2022

The General Data Protection Regulation (GDPR) is the world's most stringent privacy and security law. Despite the fact that it was designed and passed by the European Union (EU), it imposes duties on organizations anywhere that target or collect data about EU citizens. On May 25, 2018, the regulation went into effect. Usemaven is committed to complying with all the regulations under GDPR.

GDPR protects personal data, which includes any information that can be used to identify an individual, either directly or indirectly. Personal information such as names and email addresses are obvious but can include things like ethnicity, gender, biometric data, religious beliefs, web cookies, and political leanings.

Usermaven’s approach to GDPR compliance

The safety and security of our customers' data is always our first priority as a provider of behavioral analytics services. Customers can rely on us to keep up with new developments in the digital privacy landscape, in addition to achieving and maintaining GDPR compliance.

Comprehensive review of vendors

When it comes to evaluating the vendors we use to help us provide services to our customers, we recognize that we bear a great deal of responsibility. Our GDPR readiness plan includes ensuring that our contracts adequately address the security, privacy, and confidentiality of our customers' data; you can rest assured that our vendors have undergone a thorough privacy and security review by Usermaven's legal and security team.

Breach notifications

When and how will Usermaven notify customers if there is a data breach affecting Customer data with the Usermaven service? That is a great question. If a proven data breach of any kind occurs, Usermaven will notify Customers as soon as possible via email. The time duration from confirmation must not exceed 96 hours. As soon as information about the breach becomes available, it will be made public in accordance with GDPR. In addition to email notification, Usermaven uses in-app notifications for important updates and changes.

Data deletion and export features

The GDPR gives "data subjects," or people whose information has been collected, more control over who has access to it. We already provide a robust data export feature as well as the ability to delete customer information. Requests for data deletion and export should be sent to

Data protection officer

Identifying and appointing a Data Protection Officer (DPO), Data Controller, and Data Processor, is all part of GDPR. Usermaven has identified these roles internally, and has measures in place to understand the responsibilities of each of these roles.

Data processing agreement (DPA)

Usermaven offers a GDPR Data Processing Addendum to aid you or your organization in the compliance process. Simply request a DPA by sending us an email with your organization name and plan details to

International data transfers

Usermaven agrees to abide by the standard contractual clauses where data is transferred from the EU to the US. Our Privacy Program implements standard contractual terms as well as extra security measures to ensure that the data you submit with us is protected by laws that are comparable to those in Europe.

European data hosting

Currently, all of our servers and data is hosted in EU-based data centers. This enables our customers with European data residency requirements to process and store their data in the EU.

If you have any other questions regarding GDPR, privacy or security, feel free to contact us by sending an email to