Privacy Policy

Last updated: February 2026

UserTold.ai ("we", "us", "our") operates the UserTold.ai platform at app.usertold.ai. This policy explains how we collect, use, and protect your data.

At a Glance

  • You own interview and project data
  • Your data is used to deliver interviews and build evidence, and to improve Service quality (processing, ranking, and prompt quality) in aggregate.
  • We may contact you about your experience and product usage — you can opt out any time
  • You can delete sessions or entire projects at any time
  • BYOK keys are encrypted and deletable from Project Settings

What We Collect

Account Data

When you sign in with Google, we receive your name, email address, and profile picture. We use this to create and manage your account.

Interview Data

When participants complete interviews through the UserTold.ai widget, we collect:

  • Audio recordings — voice conversations with the AI interviewer
  • Screen recordings — if enabled by the study configuration
  • Transcripts — generated from audio recordings
  • Chat messages — text-based interview responses
  • User interactions — clicks, navigation events during observation
  • Screener responses — qualification answers

Billing Data

We process payments through Polar.sh. We do not store credit card numbers. We retain billing event records (amounts, dates, status) for accounting purposes.

Usage Data

We collect standard server logs (IP addresses, request paths, timestamps) for security and debugging.

How We Use Your Data

  • Deliver the service — conduct interviews, extract signals, generate tasks
  • Process payments — track usage and billing
  • Improve service operations — aggregate anonymized and pseudonymized analytics for reliability, quality, and product analytics
  • Security — detect abuse, prevent fraud

We do not use your data to train internal or third-party AI models for other customers or generalized model datasets. We may use aggregated, de-identified service telemetry to refine our interview processing logic, scoring systems, and prompts.

Data Use and AI Model Terms

  • Data collected through interviews and signals is used for product operations and service quality improvements:
    • running interviews,
    • generating transcripts and pain-point evidence,
    • creating tasks and integrations,
    • and measuring impact within your workspace.
  • By default, we do not use Customer Data to train internal or third-party models.
  • We do use aggregated, de-identified data to improve proprietary processing algorithms, ranking, and prompts used by the Service.
  • If you require alternative processing terms (for example, enterprise model-training terms or custom data-retention terms), contact support@usertold.ai.

BYOK (Bring Your Own Key)

UserTold.ai uses a Bring Your Own Key model for AI inference. Your API keys (OpenAI) are:

  • Encrypted at rest
  • Used only to make API calls on your behalf
  • Never shared with third parties
  • Deletable at any time from Project Settings

AI inference calls go directly to the provider (OpenAI, Google AI) using your keys. We do not proxy, log, or cache the content of these calls beyond what is needed to deliver the service (transcripts, signals).

Third-Party Services

ServicePurposeData Shared
Google OAuthAuthenticationEmail, name, profile picture
OpenAIInterview AI, signal extraction, voice transcription, realtime conversationInterview transcripts and audio data (via your API key)
Polar.shPayment processingEmail, billing amounts
CloudflareInfrastructure, CDNRequest metadata

Data Ownership

You own your data. This includes all sessions, signals, tasks, recordings, and transcripts. We are a data processor, not a data owner.

Data Retention

  • Account data — retained while your account is active
  • Interview data — retained until you delete it. You can delete individual sessions or entire projects.
  • Billing records — retained for 7 years for accounting compliance
  • Server logs — retained for 30 days

Data Deletion

You can delete your data at any time:

  • Sessions — delete from the Sessions page or via API
  • Projects — delete from Project Settings (removes all associated data)
  • Account — contact support@usertold.ai to request full account deletion

Product Communications

We may contact you about your use of the Service — for example, to check in on your onboarding, ask for feedback, or invite you to a brief research call. These messages are sent by us directly; we do not share your contact details with third parties for this purpose.

The legal basis for this is legitimate interest (EU/UK) and the existing business relationship exemption (US CAN-SPAM). We have a genuine interest in understanding how customers use the product, and these communications are directly related to the service you signed up for.

You can opt out of product communications at any time using the unsubscribe link in any email we send. Opting out does not affect transactional messages (billing receipts, security alerts, material changes to these policies).

GDPR

For users in the European Economic Area:

  • Legal basis — we process data based on your consent (signing in) and legitimate interest (service delivery)
  • Data portability — contact us to export your data
  • Right to erasure — delete your data through the dashboard or contact us
  • Data location — data is processed on Cloudflare's global network

Security

See our Security page for details on how we protect your data.

Changes

We may update this policy. Material changes will be communicated via email to account holders.

Contact

Questions about privacy or custom terms? Email us at support@usertold.ai.