Skip to content


Effective Date: May 2023

This CCPA Data Processing Addendum (the “Addendum”) reflects the requirements of the California Consumer Privacy Act of 2018 and its implementing regulations, as amended or superseded from time to time (California Civil Code §§ 1798.100 to 1798.199) (the “CCPA”). This Addendum makes clear that Userlytics is acting as a Service Provider for CCPA purposes.

This Addendum is an addendum to the Customer Terms of Service (“Agreement”) and its incorporated Customer Data Processing Agreement (the “DPA”) between Userlytics Corporation (“Userlytics”) and the Customer (each a “Party”; collectively the “Parties”) and is in effect for so long as Userlytics maintains Personal Information (as defined in and to the extent protected by the CCPA) provided by Customer or which is collected on behalf of Customer by Userlytics (hereinafter, the “Personal Information”), and was not previously collected by Userlytics independently of Customer. This Addendum shall only apply and bind the Parties if and to the extent Customer is a Business under the CCPA. This Addendum prevails over any conflicting terms of the Agreement or DPA, but does not otherwise modify the Agreement or DPA. All capitalized terms not defined in this Addendum shall have the meanings set forth in the CCPA. Customer enters into this Addendum on behalf of itself and, to the extent required under the CCPA, in the name and on behalf of its Authorized Affiliates (defined below).

1.1. “Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
1.2. “Authorized Affiliate” means any of Customers’ Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Agreement.2. Scope and Applicability of this Addendum.

2.1. This Addendum applies to the collection, retention, use, and disclosure of the Personal Information to provide Services to Customer pursuant to the Agreement or to perform a Business Purpose.
2.2. Customer is a Business and appoints Userlytics as a Service Provider to process the Personal Information on behalf of Customer. Customer is responsible for compliance with the requirements of the CCPA applicable to Businesses.
2.3. Userlytics’s collection, retention, use, or disclosure of Personal Information for its own purposes independent of providing the Services specified in the Agreement are outside the scope of this Addendum.

3.1. Userlytics is prohibited from retaining, using, or disclosing the Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Customer, as set out in this Addendum, or as otherwise permitted by the CCPA.
3.2. Userlytics shall not further collect, sell, or use the Personal Information except as necessary to perform the Business Purpose. For the avoidance of doubt, Userlytics shall not use the Personal Information for the purpose of providing services to another person or entity, except that Userlytics may combine Personal Information received from one or more entities to which it provides similar services to the extent necessary to detect data security incidents, or protect against fraudulent or illegal activity.

4.1. Customer represents and warrants that it has provided notice that the Personal Information is being used or shared consistent with Cal. Civ. Code 1798.140(t)(2)(C)(i).

For individuals who are California residents, the California Consumer Privacy Act requires certain disclosures about the categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it.

Depending on how they interact with us, Userlytics may collect the following categories of information as summarized in the table below.

All of the categories of personal information we collect about (as detailed below) come from the following categories of sources:

  • Any user of our services, including through both use of our services and completing forms on our website
  • Automatically collected through usage (such as IP, browser …)
  • Third parties (When someone provides information about a user in our website)
Categories of Personal Information we CollectCategories of Third Parties with Whom we Share that Information
General information completed in our platform on sign up (Such as: name, last name, email address, Full Address, Country…)Hosting Providers (Amazon)
Automatic Information (such as device connected, IP, Browser…) To track, log files & protect the server.Hosting Providers (Amazon)
Test & Studies launched on our platformHosting Providers (Amazon)

All of the categories of personal information we collect about (as detailed above) are used for the following purposes:

  • Communicate with with a prospect for offering our User Experience optimization services
  • Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity
  • Bug detection, error reporting, and activities to maintain the quality or safety of our services
  • Customize the experience or showing information that is only relevant because of demographics or personal preferences.
  • Communicate with to notify changes in our platform or new features we have launched that may be interesting.

This section describes how to exercise those rights and our process for handling those requests, including our means of verifying identity. For further information regarding legal rights under applicable law or for exercising any of them, we may be contacted by emailing us at

Right to request access to your personal information:

California residents have the right to request that we disclose what categories of personal information that we collect, use, or sell about them. They may also request the specific pieces of personal information that we have collected about them. However, we may withhold some information where the risk to them, their personal information, or our business is too great to disclose the information.

Right to request deletion of your personal information:

They may also request that we delete any personal information that we have collected from/about them. However, we may retain personal information as authorized under applicable law, such as personal information required as necessary to provide our services, protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, as necessary for us, or others, to exercise their free speech or other rights, comply with law enforcement requests pursuant to lawful process, for scientific or historical research, for our own internal purposes reasonably related to their relationship with us, including if they have been paid for participating in market research and user experience studies and have agreed to our ownership of the intellectual property of such study results, or to comply with legal obligations. We need certain types of information so that we can provide our services to them. If they ask us to delete such information, they may no longer be able to access or use our services.

Userlytics shall provide reasonable assistance to Customer in facilitating compliance with Consumer rights requests.

Upon direction by Customer and within a commercially reasonable amount of time, Userlytics shall delete the Personal Information.

Userlytics shall not be required to delete any of the Personal Information to comply with a Consumer’s request directed by Customer if it is necessary to maintain such information in accordance with Cal. Civ. Code 1798.105(d), in which case Userlytics shall promptly inform Customer of the exceptions relied upon under 1798.105(d) and Userlytics shall not use the Personal Information retained for any other purpose than provided for by that exception.

How to exercise access and deletion rights:

California residents may exercise their California privacy rights by submitting their request at

For security purposes, we may request additional information from them to verify their identity when they request to exercise their California privacy rights.

7.1. In the event that either Party shares Deidentified Information with the other Party, the receiving Party warrants that it: (i) has implemented technical safeguards that prohibit reidentification of the Consumer to whom the information may pertain; (ii) has implemented business processes that specifically prohibit reidentification of the information; (iii) has implemented business processes to prevent inadvertent release of Deidentified Information; (iv) will make no attempt to reidentify the information.

8.1. In the event that either Party transfers to a Third Party the Personal Information of a Consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the Third Party assumes control of all or part of such Party to the Agreement, that information shall be used or shared consistently with applicable law. If a Third Party materially alters how it uses or shares the Personal Information of a Consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the Consumer in accordance with applicable law.

9.1. Notwithstanding any provision to the contrary of the Agreement, the DPA or this Addendum, Userlytics may cooperate with law enforcement agencies concerning conduct or activity that it reasonably and in good faith believes may violate international, federal, state, or local law.

Company name: Userlytics Corporation
Address: 1200 Brickell Avenue, Suite 1950, Miami, Florida, 33131 (USA)
Phone Number: +1 888-809-0047
Contact email:

User Testing International SL (Spain)

Additional questions about our
Terms of Service?

Analytics tells you what,
Userlytics tells you WHY.

discover our blog