UXScore
App

Privacy Policy

Last updated: 27 March 2026

UXScore is a product of DOWLSOFT ("we", "us", "our"), based in Scotland, United Kingdom. This policy explains what personal data we collect when you use UXScore, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where applicable, we also follow the principles of the EU GDPR for users in the European Economic Area.

If you have any questions, contact us at privacy@uxscore.app.

1. Data we collect and why

Account data

When you sign in or create an account, we collect your email address. This is the only piece of personal data we require to identify you. We use it to send your magic-link login emails and, if you are a paying customer, to associate your subscription with your account.

Legal basis: Performance of a contract (providing the UXScore service you have signed up for).

Workspace, project, and survey data

When you use UXScore, we store the workspace names, project names, run names, and SUS survey responses (integer scores 1–5 per question, the computed SUS score, submission timestamp, and optional free-text comment) that you and your team create. This content is yours — we store it solely to provide the service.

Legal basis: Performance of a contract.

Billing data

If you subscribe to a paid plan, your payment is processed by Stripe. We do not store your card details. We store a Stripe customer ID, subscription status, billing interval, and invoice records (amount, currency, PDF URL) to manage your subscription and send payment receipts.

Legal basis: Performance of a contract; compliance with financial record-keeping obligations.

Analytics and usage data

With your consent, we use PostHog to collect anonymised page-view and interaction data so we can understand how UXScore is used and where it can be improved. This includes pages visited, approximate session duration, and feature interactions. No data is sold to third parties for advertising.

Legal basis: Consent. You can withdraw consent at any time via the cookie banner or by clearing your browser's local storage.

Email delivery data

We use Postmark to send transactional emails (magic links and payment receipts). If an email cannot be delivered — for example, because of a hard bounce or a spam complaint — we record the suppression reason against your account to avoid repeatedly emailing an invalid address.

Legal basis: Legitimate interests (maintaining email deliverability and protecting our sending reputation).

2. Third-party processors

We share data with the following sub-processors solely to deliver the service:

  • Stripe, Inc. (United States) — payment processing and subscription management. Stripe is certified under the EU–US Data Privacy Framework and uses Standard Contractual Clauses for UK transfers.
  • Postmark / Wildbit, LLC (United States) — transactional email delivery. Transfers are covered by Standard Contractual Clauses.
  • PostHog, Inc. (United States / EU) — product analytics, used only with your consent. Transfers are covered by Standard Contractual Clauses.

We do not sell your data to third parties or share it for advertising purposes.

3. Data retention

We retain your account and workspace data for as long as your account is active. If you request deletion of your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (for example, invoice records may be retained for up to 7 years under UK accounting rules).

Session tokens are invalidated on logout. Login tokens expire after a short period whether or not they are used.

4. Cookies

We use a session cookie to keep you signed in, and — with your consent — analytics cookies from PostHog. See our Cookie Policy for full details.

5. Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure ("right to be forgotten") — ask us to delete your personal data, subject to legal retention requirements.
  • Data portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to pause processing of your data while a complaint or query is being resolved.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent (analytics), you can withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@uxscore.app. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

6. International data transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK ICO (the International Data Transfer Agreement or Addendum).

7. Changes to this policy

We may update this policy as the service evolves. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of UXScore after a change constitutes acceptance of the updated policy.

We use cookies to keep you signed in and, with your consent, to understand how UXScore is used so we can improve it. Cookie Policy.