Last Updated: May 13, 2026
Welcome to Usero. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our feedback collection and GitHub automation service.
Usero is operated by Will Smith (will@usero.io). This policy applies to all users of our web application, API, and feedback widget.
When customers enable session replay, our widget records a short snapshot of the end-user's browser session (typically the last ~30 seconds before feedback is submitted) using the open-source rrweb library. This may include:
Input fields, passwords, and elements marked sensitive by the customer are masked before transmission. Customers using session replay are responsible for disclosing it to their end-users and obtaining any required consent.
To group multiple recordings from the same browser, the widget stores a random anonymous device identifier in your browser's localStorage (not a cookie). This identifier is scoped to the customer's site, is not shared across customers, and is not used for advertising. Clearing your browser storage removes it.
We derive approximate location (country and city) from your IP address at the moment a recording starts. We do not store the IP ourselves.
If the customer using Usero calls our identify API from their application, we receive and store the customer-supplied user id, and optionally email, display name, and a small set of traits (e.g. plan, signup date). This lets the customer's team see all recordings and feedback from the same end-user across sessions and devices. The customer is responsible for ensuring they have a lawful basis to share this data with us.
When a customer triggers AI pull-request generation, the connected repository is temporarily cloned into an ephemeral sandbox so an AI agent can read and edit files. Repository contents are sent to Anthropic for processing for the duration of that job and the sandbox is destroyed when the job completes. We do not retain repository contents after the PR is opened.
We use the collected information to:
Only authorized personnel have access to user data, and all access is logged and monitored.
We use the following third-party services that may collect or process your data:
Handles all payment transactions. View their privacy policy.
Authenticates users and creates pull requests. View their privacy policy.
Classifies feedback (category, urgency, sentiment, summary) and powers AI pull-request generation. Feedback content, and for PR generation the cloned repository contents, are sent to Anthropic's API for the duration of each job. Anthropic does not train models on this data. View their privacy policy.
Generates vector embeddings of feedback text so we can group semantically similar items into clusters. Feedback text is sent to OpenAI's embeddings API; no other data is shared. OpenAI does not train models on API data. View their privacy policy.
Hosts our infrastructure and provides DDoS protection. View their privacy policy.
Monitors application errors and performance. View their privacy policy.
Feedback data is retained for 30 days. After this period, data is automatically deleted.
Unlimited data retention while your subscription is active.
Account information is retained while your account is active. Upon account deletion, personal data is removed within 30 days, except where required by law.
Transaction records are kept for 7 years for tax and legal compliance purposes.
Anonymous device identifiers and the recordings they group follow the same retention as the customer's plan above. Identified end-user records (created when a customer calls our identify API) persist while that customer's subscription is active, and are deleted with the rest of their data on account closure.
You have the following rights regarding your personal data:
To exercise these rights, contact us at will@usero.io. We will respond within 30 days.
We use cookies to understand how you use our service. This helps us improve the product and fix issues. You can disable these through your browser settings.
When session replay is enabled by the customer, our widget stores a random anonymous device identifier in your browser's localStorage. This is technically not a cookie and is not sent to any third-party domain. It is used only to group recordings from the same browser so the customer's team can review them together. Clearing site data removes it.
We do not use advertising cookies or sell your data to third parties for marketing purposes.
Usero is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately and we will delete the information.
Your data may be stored and processed in data centers located worldwide through Cloudflare's global network. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable laws.
For users in the European Economic Area (EEA), UK, or Switzerland, we comply with GDPR requirements and ensure adequate protection when transferring data internationally.
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:
Your continued use of Usero after changes are posted constitutes acceptance of the updated policy.
If you have questions, concerns, or requests regarding this privacy policy or your data, please contact us:
Usero - Privacy Inquiries
Email: will@usero.io
We aim to respond to all privacy inquiries within 30 days.
usero persists message contents only for messages a user explicitly forwards to usero via the wrench or pushpin reaction, the Send to usero message shortcut, or the /usero slash command. Every other message the bot observes via channels:history is ignored at ingestion. Uninstalling the app deletes the bot token and scrubs Slack author ids from captured feedback rows.
usero subscribes to a narrow set of bot events. Slack invokes the app only on these events, and each is scoped to the single message or input the user explicitly directed at usero.
For every message a user explicitly forwards, usero stores:
All of the above lives on the existing Feedback row under source = 'slack' and is subject to usero's standard retention (the same retention as feedback captured from the web widget or GitHub).
The Slack bot token is encrypted at rest with AES-GCM using a 32-byte key. Plaintext bot tokens are never persisted.
When the workspace admin uninstalls usero (app_uninstalled event), usero performs the following within 60 seconds:
The text content of previously captured feedback rows is retained under the workspace owner's usero account, subject to usero's standard retention and deletion controls. To delete the text content too, the workspace owner can delete the rows individually from the inbox or close the usero account, which triggers full deletion per usero's standard data-deletion policy.
Privacy questions and data deletion requests: support@usero.io (use subject "Slack data deletion" for deletion requests).
For users in the EEA, UK, or Switzerland, we comply with the General Data Protection Regulation (GDPR). You have additional rights including data portability, restriction of processing, and the right to lodge a complaint with your local data protection authority.
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell your personal information.
For formal data protection inquiries, contact our DPO at will@usero.io
We're here to help. Reach out anytime if you have questions or concerns about how we handle your data.
Contact Us