By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Security, Privacy & GDPR

Screeb is The Only GDPR Compliant

Analytics & Customer Feedback Software

We know, that's a pretty bold statement. But here's why it's true:

We don't collect any private data

We don't collect any private data about your users. We don't track their IP address and we don't use any cookie. We respect their privacy, by design, and our full platform works without the need of collecting any private information.

A lot of our competitors track private data, sometimes without consent. Choosing Screeb is a guarantee to respect the privacy of your users.

A French company, hosted in France, by French hosting providers

Since day one, we've decided to be hosted by European providers (French, actually) so as not to depend on partners subject to a third-party extraterritorial law. This is the only way to guarantee that your users' data is well protected and thus to comply with the GDPR (as the French regulator reminded).

In other words, this means that we are not hosted on Amazon AWS like the vast majority of other solutions on the market, but on Clever Cloud, OVH and Scaleway.

Legal Information:

Record of processing activities
tl;dr: Screeb collects details like name, email, and usage actions for its own users (customers). For your users, we gather technical data and responses, without tracking personal information.

Screeb is a multitenant platform, hosting data for 2 data subjects:

  • Screeb users/customers (creating the surveys)
  • End users: website/app users, survey respondents

By design, we do not track personal data for the second category.

Here is the complete list of data we collect:

Screeb users (Screeb being the Data Controller):

  • First name
  • Last name
  • Email address
  • Language
  • Company
  • Job title
  • Last connection date
  • Actions made in our solution (usage data)

End users (Screeb being the Data Processor):

  • Online identifier or unique personal identifier.
  • Locale
  • User Agent
  • Timezone
  • Device (Desktop/Tablet/Mobile)
  • Device OS and version (mobile only)
  • UTM parameters in URL
  • Survey responses

Some of our customers may collect personal data in surveys or via our tag and SDKs, in accordance with their own GDPR policy:

  • visitor properties
  • event tracking
  • visitor grouping
  • ...

Those data are used for:

  • targeting surveys to the right audience, according to rules defined by our customer
  • customizing surveys
  • pre-fill some survey responses
  • responses visualization (reports)
  • application usage visualization (reports)
  • feedback summarisation
  • transcribe recorded media
  • response translation

Screeb SDK can be used anonymously by our customers. In that case, end-user data and survey responses are associated with a random and unique visitor identifier.

Screeb does not run any real-person identification (such has facial recognition) on recorded media.

Javascript, Android, and iOS SDKs:
tl;dr: Screeb's SDK allows customers to display surveys and collect user data without using cookies. Data is stored locally (web or mobile) and only pushes data to Screeb servers, ensuring user privacy and security.

The Screeb widget libraries are third-party code snippets. It allows Screeb customers to collect end-user data and display surveys.

Screeb SDK does not use cookies.

Some information are stored locally in browser's local storage or mobile memory. It can be accessed by any code running on the same domain name.

Local-Storage (web), device memory (mobile)

Here is the full list of data stored locally:

  • Screeb end-users identifier
  • Customer end-users identifier (if applicable)
  • List of surveys displayed or responded to:
  • survey identifier
  • response identifier
  • response date (if applicable)
  • response status (displayed only, response partial, response full, closed)

The Javascript SDK cannot fetch data available on Screeb servers (push only). Having access to a valid end-users identifier does not allow an attacker to extract private information.

Our targeting engine has been built with security by design.

Targeting rules manipulating visitor information are executed server-side, with no way for attackers to "guess" visitor private data by dichotomy.

For caching purposes, our targeting engine may provide to the browser the date of the last response to a survey.

It is the responsibility of the Screeb Customer to ensure malicious data won't be sent to Screeb over Javascript SDK.

As soon as a response is ended or timed out, the response session won't be recoverable. Session time-out is currently 7 days.

Infrastructure
tl;dr: Screeb processes and stores data in Clever Cloud, OVH and Scaleway datacenters in France with encryption. Data transmission uses Cloudflare's secure CDN, ensuring regional data doesn't leave its origin. While we utilize several third-party services, only OpenAI, Deepl, and Gladia receive end-user data for specific, optional tasks.

Updated on 09/15/2023

Storage

  • Data processing from Screeb customers and end-users are located in Scaleway and OVH datacenters (France). See their complete Security Policy below, which also applies to Screeb.
  • Data from Screeb customers and end-users are hosted in Scaleway datacenters in France.  https://www.scaleway.com/en/security-and-resilience/
  • Static files (widget icon, audio/video responses and Javascript SDK) are hosted in Scaleway datacenters in France.  https://www.scaleway.com/en/security-and-resilience/
  • In our datacenter, data are encrypted before being persisted to disk.

Networking

  • The communication layer has been built on top of Cloudflare, a global CDN. Private data about end-users will be transferred over their network to Clever Cloud, based on the visitor region. It means that if visitors are in Europe, their data won't leave Europe. Cloudflare has an ISO /IEC 27701:2019 certification proving their compliance with GDPR. Read more on their dedicated GDPR website section.
  • Our websocket gateway is hosted at Scaleway an OVH, in France. Data is not persisted.
  • There is no caching of private data in our CDN.
  • Network communications are secured with TLS 1.2 or 1.3, the best-in-class encryption. Certificates are provided by Cloudflare and LetsEncrypt.

Third-party:

No end-user data is sent to these third-party providers except OpenAI, Deepl and Gladia, only for optional, features. We use them to monitor the usage of our own users in Screeb and to manage our customer relationships.

Privacy Policy
tl;dr Summary of Screeb's Privacy Policy:

Roles:
Data Controller:
When you're a user or prospect of SCREEB.
Data Processor:
When you're an end-user responding to surveys. SCREEB doesn't intend to collect personal data unless clients do so under their own policies.

Data Collection:
Only relevant data for SCREEB's services. Includes identification, professional contact details, and customer relations history.

Usage:
Data is used for account creation, commercial relations, answering queries, and solution usage. SCREEB doesn't sell your data.

Retention: Data kept for the duration of the contractual relationship. Deleted within 30 days if account is inactive for 2 years or upon closure request.

Data Transfer: Data may be shared with subcontractors under strict conditions or public/private bodies as per regulations. Some subcontractors are outside the EU, but SCREEB ensures data protection.

Updated on 09/26/2023

The Privacy Policy adopted by SCREEB protects the personal information you provide to us as a data controller : Screeb, a société par actions simplifiée (SAS), registered in the Commercial Register of Nantes under No. B848 258 018, with an authorized capital of €13 762,09. the registered office is located at 4 Rue Voltaire, 44000 NANTES, France.

- If you are a prospect or User of our Solution: as part of our commercial or contractual exchanges, via our site by creating an account or via the use of our Solution by creating surveys. In these cases, SCREEB is the data controller. 

- If you are an End-User of our Services :  by responding to the survey. In this case, SCREEB is data processor and by design of our Solution, we do not plan to collect personal data about you. If our Clients decide for themselves to collect personal data about End Users, they will do so in accordance with their own privacy policy.

We invite you to contact our Client who sent you the survey to complete in order to find out more about the processing of your personal data by the latter.

About placing cookies on your terminal, you will find all the information in our Cookies Policy (below).

Data you provide us when using the Site or the Solution  is subject to this Privacy Policy, and you will be prompted to read and accept it.

What data do we collect?

Only data that is relevant and strictly necessary for the use of our Solution and Services is collected, stored and updated. The storage of your personal data in our systems is primarily the result of a decision on your part to provide us with this data; under no circumstances do we collect it without your knowledge.

- You are a Customer, prospect or User of our Solution: 

In the scope of our commercial activities or from the online account creation form, we may collect various categories of personal data concerning you, such as identification data (surname, first name, title), professional contact details (addresses, telephone numbers, e-mail address, job title) as well as a customer relations history (appointment, satisfaction mark, complaint, response to satisfaction surveys, etc.). 

If you use our Solution, the contract binding us includes an Appendix relating to data processing which details the data, the purposes of processing, the operations carried out, the retention periods and the security measures implemented by us as a processor.

How do we use your data? 

We process your personal data for the following purposes and on the following legal bases:

- Customer account creation, on the basis of the execution of pre-contractual measures;

- Management of our commercial relations, based on the performance of the Contract;

- Answering your questions, on the basis of our legitimate interests in providing you with an adequate response;

- Use of our Solution, based on the performance of the Contract;

We do not sell your personal data to any third parties.

How long do we keep your data?

Your data is kept only as long as necessary. We only keep your data for the duration of the contractual relationship.

If your account is inactive for a period of 2 years, or if you request that your customer account be closed, we will delete your data within 30 days. Your account and data then become inaccessible.

How do we protect your data?

SCREEB guarantees the security, availability and integrity of your data. It is our responsibility to prevent any inappropriate disclosure of your data. 

For this reason, access to personal data on all our systems is subject to strict implementation conditions: 

- A limited group of people with access to SCREEB databases;

- Use of "MFA" ;

- application of a strict password policy;

- Encrypted device (laptop, smartphone);

- Up-to-date tools, devices and software databases;

- Our team is regularly trained in security issues.

Your data is stored in France in the Clever Cloud, OVH and Scaleway datacenters, offering every guarantee of optimum service quality and enhanced performance. 

In these datacenters, your data is encrypted before being stored. 

To whom do we transfer your data? 

SCREEB ensures that your data continues to benefit from an adequate level of protection in terms of security and confidentiality throughout its processing. We take particular care to ensure that our subcontractors are able to guarantee the security and confidentiality of the data we entrust to them.

The transmission of data to third parties may be justified:

- When the circumstances of the assignment require it: transmission to subcontractors who are themselves bound by contractual clauses guaranteeing the security and confidentiality of your data. Such transmission is specified in the Contract. 

- Communication to public or private bodies, when provided for by law: These transfers are carried out in compliance with current regulations.

Some of our subcontractors are located outside the European Union. When they are located in a country that does not offer an adequate level of protection for personal data, we implement appropriate guarantees to govern transfers.

How can you exercise your rights to your data? 

In accordance with current regulations, you have the right to access, limit, port, delete and rectify your personal data. 

You may also, for legitimate reasons, object to the processing of your personal data. 

Finally, you may withdraw your consent to the processing of your data in the future. In this case, any processing carried out prior to the withdrawal will be deemed lawful. 

You can exercise your rights by writing to the following address:

SCREEB

Data Protection Department (DPO)

4 Rue Voltaire

44000 Nantes

France

Or by email: contact@screeb.app  

In the interests of confidentiality and data protection, we invite you to write to us at the e-mail address linked to your Account.

In the event of an unsatisfactory response from us, you may lodge a complaint with the “Commission Nationale de l'Informatique et des Libertés” (CNIL).

Cookies Policy
tl;dr Summary of Screeb's Cookies Policy:

Purpose: Help users navigate, perform functions, marketing, personalization, and analysis.
Authorization: Some essential cookies are auto-deposited. Others need your approval.

We use cookies for optimal site function, preferences, analytics, and marketing. Cookies are managed by third parties like Google, Segment, and Intercom.

Cookie Lifespan: Non-essential cookies last up to 13 months and won't auto-extend with new visits.
User Rights: Modify cookie preferences anytime via the cookies banner or the cookie icon on site pages.

Always refer to the full policy for comprehensive details.

Updated 09/26/2023

Cookies are small text files placed on your computer by the websites you visit, in this case by SCREEB on screeb.app; admin.screeb.app, help.screeb.app, developers.screeb.app or any other address that may replace them (hereinafter the “Site”). The Site uses cookies to help users navigate and perform certain functions efficiently, as well as for marketing, personalization and analysis purposes.

Cookies required for the effective performance of the Site may be deposited without your authorization. All other cookies must be authorized before they can be processed by your browser.

Here are the different types of cookies used on the SCREEB website and their purposes:

Essential cookies: those cookies required to ensure you can access the Site and browse it securely. They enable basic Site functions. Screeb and its partners may therefore use this type of cookies to manage user login and account registration, make payments, prevent fraud, ensure security, memorize visitor information on the site, for example: language, time zone, enhanced content, provide necessary documentation and vidéo tutorials. The Site cannot be used properly without strictly necessary cookies.

Personalization cookies: these are used to personalize the Site's editorial content or to customize the display of products and services according to those previously viewed.

Site Provider Purpose
screeb.app Hubspot, Inc CRM

Analytics Cookies : cookies that measure Site use, cookies used for tracking, monitoring, and analyzing how you browse and interact with the site and our services. They reveal usage trends as well as which users upgrade the services rendered by us and how is this done. 

Site Provider Purpose
admin.screeb.app (Screeb Customers) Segment, a Twilio Company Real User Monitoring (REM)
Screeb In-App Surveys & In-App Messages
Intercom R&D Unlimited Company Customer Support

Marketing Cookies : they are used to identify visitors between different websites, e.g. content partners, banner networks. These cookies can be used by third parties  to create a profile of visitors' interests or display relevant advertising on other sites.

Site Provider Purpose
admin.screeb.app (Screeb Customers) Google Ireland Limited Ad Targeting, GTM
LinkedIn Ad Targeting
Hubspot, Inc CRM

Duration of retention of non-essential cookies

In any case, cookies stored in your terminal for analysis and targeting purposes will have a lifespan limited to 13 months maximum, this duration not being automatically extended during your new visits to the site.

Your rights

You can modify your preferences at any time by clicking on the cookies banner or by accessing the cookie icon at the bottom left of the pages of our Site.