Upscope and the GDPR

This covers key questions you may have on Upscope's measures for the GDPR.

Upscope acts as both a data controller with regard to data about our own customers and as a data processor with regard to data about your end users.

Your end users' data

By installing Upscope on your website, we collect some information about your end users. This is limited to metadata such as their IP address, page URL, and timestamps. The data is automatically deleted permanently after 30 days of inactivity, or whenever you ask us to delete it through a dedicated page.

What personal information do we store?

Upscope has no core need to store any personally identifiable information (PII) for the long term.

We store your end user's IP address, last activity timestamp, last visited url, and (optionally) user id and any identity information (such as name or email) for 30 days after they last visit your website.

You can delete this data manually at any point. By going to the delete visitor data page. If you have REST API access you can also delete data from the API.

In your activity log we store the user id of the users you screen share with indefinitely. If the user ID you provide looks like an email address we mask it in your activity log.

ℹ️ Hiding specific page content
With Upscope, you have the ability to hide portions of the page. By doing this you can ensure that no PII ever touches our servers. You can apply this to form fields (such as a credit card number input), or to entire portions of the page. When you enable this feature, the hidden portions are never touched by Upscope.

⚠️Data stored indefinitely
As part of your activity log, we store everything that happens with your account indefinitely. This includes the user unique ID you provide of your end users, therefore it is essential you do not send us PII through the unique ID.

Where is data stored, how is it processed?

Metadata is stored in a secure AWS data centre in North Virginia.

When screen sharing is initiated, Upscope transmits the content of the page the end user is on and sends it to the agent's browser for rendering. Upscope never stores page content, and our servers only act as proxy.

After screen sharing ends, no additional data is sent from the user's browser to our servers.

Do we share information with 3rd party data processors?

We don't share your end user's data with 3rd party data processors. The data and our servers are hosted by AWS and MongoDB, Inc.

Our customers' data

By creating an Upscope account or visiting our website, we collect data about you, your company and your computer. This data is used for access control, marketing and business intelligence purposes.

What personal information do we store?

When you create an account, we store information such as your name, email address, phone number in our data center.

The same data is also collected for all the team members you invite to your Upscope account.

All your activity on Upscope is stored indefinitely within your Audit Log. This can only be deleted by contacting our team.

Where is data stored, how is it processed?

All our customers' data in a secure AWS data centre in North Virginia.

Do we share information with 3rd party data processors?

Our customer's data will be shared for processing with the following companies:

• Intercom, Inc. (https://intercom.com/)

• AWS, Inc. (https://aws.amazon.com/)

• Stripe, Inc. (https://stripe.com/)

• Xero Ltd (https://xero.com/)

• ChartMogul Ltd (https://chartmogul.com)

• Sentry, Inc. (https://sentry.io)

Information might also be collected by:

• Google, Inc (https://google.com/)

• New Relic, Inc (https://newrelic.com/)

Privacy policy, DPO and breaches

We've updated our privacy policy including assigning a data protection officer and the procedure for notifying customers of any breach. We'll notify customers of any major changes to the privacy policy. 

You can find our terms and conditions and privacy policy here https://upscope.io/legal/