SupaStory Logo

Privacy Policy

Last updated: January 23, 2026

1. Introduction

Welcome to SupaStory ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered session recording and analysis service (the "Service").

By using SupaStory, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Data

When you create an account or use our Service, we may collect:

  • Name and email address
  • Payment and billing information
  • Company name and job title
  • Profile information and preferences
  • Communication preferences

2.2 Usage Data

We automatically collect information about how you interact with our Service, including:

  • IP address and location data
  • Browser type and version
  • Device information and operating system
  • Pages visited and time spent on pages
  • Referral sources and search terms
  • Session recordings and user interactions

2.3 Technical Data

To provide our AI-powered analysis service, we collect technical data from your applications, including:

  • User session recordings and interactions
  • Error logs and performance metrics
  • Application events and user flows
  • Code and configuration data (when you integrate our SDK)

3. How We Use Your Information

We use the collected information for various purposes:

  • To provide, maintain, and improve our Service
  • To process payments and manage your subscription
  • To analyze user sessions and identify UX issues using AI
  • To generate code fixes and pull requests
  • To communicate with you about your account, updates, and support
  • To send promotional materials and product updates (with your consent)
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms
  • To conduct research and analytics to improve our AI models

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

We work with third-party service providers who help us operate our Service, including cloud hosting providers, payment processors, analytics services, and AI model providers. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Cookies and Tracking Technologies

SupaStory is designed with a privacy-first approach. Our session recording SDK does not use cookies to track end users of your application. We rely on cookieless, anonymized session identifiers to provide our analysis service.

For our own website and dashboard application, we use only essential cookies that are strictly necessary for:

  • Authenticating your account and maintaining your session
  • Remembering your preferences and settings

We do not use third-party tracking cookies or advertising cookies. You can control cookies through your browser settings, but disabling essential cookies may limit your ability to use certain features of our Service.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure data centers and infrastructure
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

Session recordings and analysis data are retained according to your subscription plan and may be deleted upon account termination or upon your request, subject to our legal obligations.

9. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the Contact section below.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. Third-Party Websites

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through our Service for significant changes.

Your continued use of our Service after any changes to this Privacy Policy constitutes acceptance of those changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@supastory.com