Privacy & security
This page describes what UXScore stores and how the system is designed to avoid cross-tenant data leaks.
What data is stored
Accounts and auth
- Your email address (as your login identifier)
- Session/token hashes (UXScore stores hashes, not raw tokens)
Workspaces and projects
- Workspace name and owner
- Memberships (user ↔ workspace + role)
- Projects (name, created time, workspace association)
- Runs (name, status, start/close timestamps)
Survey responses
For each submitted response, UXScore stores:
- q1–q10 (integers 1–5)
- computed
susScore(0–100) submittedAttimestamp- optional comment (if enabled)
What is not stored (by default)
- UXScore does not need to store participant identity.
- The public survey flow is designed to be anonymous.
- Rate limiting is “best effort” and uses IP headers in-memory; it doesn’t persist IPs to the database in the current implementation.
Email delivery (Postmark)
UXScore uses Postmark to send magic-link emails.
Tenant isolation
- Private routes require a valid session.
- Workspace/project/run reads and writes are guarded by membership checks.
- Public surveys are accessed by a public survey id and then resolved to the correct project/run server-side.
Retention & deletion (MVP)
In the current MVP, retention policies and self-serve deletion tools may be limited, but are planned for future releases.
In the case of the following:
- Per-workspace export
- Per-project archive/delete
- Per-run delete
- Account deletion
Please contact privacy@uxscore.app to request these actions are applied manually.
Last updated on