SensorsData Limited ("UX Agent", "we", "our", or "us") provides an AI-powered platform that helps businesses analyze and improve their website's user experience. Protecting your privacy is our top priority. This policy explains how we collect, use, store, and protect personal information. By using the UX Agent service, you agree to the practices described in this policy.

If you are a resident of California, Colorado, Virginia, Utah, Connecticut or other U.S. states with comprehensive privacy laws, please see the "Your U.S. State Privacy Rights" section below for additional information about your specific rights. For purposes of the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), we do not "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA. We also do not process sensitive personal information for the purpose of inferring characteristics about consumers.

This Privacy Policy applies to all interactions with UX Agent, including:

• Our website and platform.
• Our data collection scripts and AI analysis modules.
• APIs and third-party integrations.

This policy covers data related to the following key terms and concepts:

• Client: A business or organization that signs up for and uses the UX Agent service.
• End User: An individual who visits a Client's product where the UX Agent service is installed.
• Personal Data/Personal Information: Any information that relates to an identified or identifiable individual.
• Session Replay Data: Technical and interactional data collected from an End User's session on a Client's product, such as page views, DOM structure, mouse movements, clicks, and scrolling activity. This data is processed to generate aggregated insights and is not used to individually profile End Users.

We use the data we collect for the following purposes:

• To Provide and Optimize Our Service: We process End User Session Replay Data to generate AI-powered, aggregated insights and recommendations (e.g., identifying common user friction points, analyzing interface interaction patterns, and suggesting usability improvements) that help our Clients understand aggregate user behavior and improve their product. We do not use this data to make decisions about individual End Users.
• To Maintain Our Platform: We use data to operate our platform, provide client support, bill for our services, improve platform security, and prevent fraud.
• On Behalf of Our Clients: All End User data is processed strictly as a data processor on behalf of and under the instruction of our Clients, who are the data controllers. UX Agent does not sell, rent, or share End User personal information for cross-context behavioral advertising, nor do we use it for our own independent marketing or profiling purposes.

For our Clients, our processing is based on:

• Contractual necessity (Article 6(1)(b) GDPR): to fulfill our service agreement with you.
• Legitimate interests (Article 6(1)(f) GDPR): for security, fraud prevention, and service improvement.
• Legal obligation (Article 6(1)(c) GDPR): where required to comply with applicable laws.

For End User data, the Client is the data controller, responsible for establishing a valid legal basis, which may include:

• Consent (Article 6(1)(a) GDPR)
• Legitimate interests (Article 6(1)(f) GDPR)

• Client Data: We retain your account data as long as your account is active with us. Upon account cancellation or termination, all associated Client Data and End User Data will be scheduled for permanent deletion from our production systems within 30 days. Backups containing such data will be overwritten in accordance with our standard backup cycle. We may retain certain data where required by law to comply with legal obligations, resolve disputes, or enforce our agreements. Aggregated or anonymized data, which can no longer be used to identify an individual, may be retained indefinitely for analytical purposes.
• End User Data: Session Replay Data is retained for a maximum period of 5 years from the date of collection, to enable Clients to conduct user experience analysis over meaningful timeframes. After this period, the raw session data is automatically and permanently deleted from our active systems.

We only share data with trusted sub-processors necessary to deliver our service, including cloud hosting providers, payment processors, customer support tools, and analytics providers.

AI Processing: We use third-party AI models (e.g., Google Gemini) to analyze anonymized Session Replay Data. No personally identifiable information (PII) is intentionally sent to or used for the training of these external AI models. We implement technical measures (including pre-processing filters and post-generation reviews) to detect and redact PII patterns from the data before processing and in the AI-generated outputs. Our agreements with AI providers prohibit them from using our data for model training or other purposes.

We implement appropriate technical and organizational security measures to protect any personal information we store from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. In particular, we have implemented and maintain an incident response plan. Should a security breach resulting in the compromise of personal data pertaining to our Clients or their End Users be confirmed, we shall notify the impacted Client(s) — in their capacity as the data controller(s) — without undue delay and, in any event, within any statutory deadline prescribed by applicable law (such as the 72-hour requirement under the GDPR). Our notification will outline the nature and scope of the incident, the types of personal data likely affected, and the corrective actions implemented or advised, to support the Client in discharging its legal obligation to notify competent authorities and affected individuals. However, no company or service, including SensorsData Limited, can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of your personal information at any time. Your account is protected by a password for your privacy and security, and you must prevent unauthorized access to your account and personal information by, among other practices, selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

As a Hong Kong–based company, data is stored on servers located in Singapore. For processing purposes, data may also be transferred to the United States, China, and other locations where our sub–processors operate. All such transfers are governed by appropriate legal mechanisms, such as the European Commission's Standard Contractual Clauses (SCCs) and the UK's International Data Transfer Agreement (IDTA), to ensure an adequate level of data protection.

A. Clients (Data Subjects): You may request access to, correction (rectification), export, deletion, restriction of processing, or portability of your account data. You may also object to processing based on legitimate interests, or withdraw your consent at any time where processing is based on consent. You can manage some of this information directly within your account settings or by contacting us. If you are in the EEA or UK, you also have the right to lodge a complaint with a supervisory authority.

B. End Users: UX Agent acts as a data processor for End User data. If you are an End User and wish to exercise your privacy rights, please contact the Client (the owner of the website or application you visited). We will provide reasonable assistance to our Clients to help them respond to your requests in accordance with applicable law.

C. Response Time: We will respond to all verified requests from Clients within the timeframe required by applicable law, typically within one month for GDPR requests.

If you are a resident of California, Colorado, Virginia, Utah, Connecticut, or another state with a comprehensive privacy law, you may have the following rights regarding your personal information:

• Right to Know/Access: The right to request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources, purposes, and third parties with whom we share it.
• Right to Delete: The right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out: The right to opt-out of the "sale" of personal information or "sharing" of personal information for cross-context behavioral advertising. As stated above, we do not engage in such activities.
• Right to Limit Use of Sensitive Personal Information (California): The right to limit the use and disclosure of your sensitive personal information to purposes necessary to provide the services. We only process sensitive personal information as a service provider/processor on behalf of our Clients, and not for inferring characteristics about you.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

How to Exercise Your U.S. State Rights: To exercise any of the above rights, please submit a verifiable request to us by: Emailing us at: support@uxagent.top.

We will need to verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf. We will respond to verifiable requests within 45 days, unless extended as permitted by law.

Our service is not directed at children. We do not knowingly collect personal information from children under the age of 13 (or the higher applicable age in your region, such as 16 in some EU countries). Clients are responsible for ensuring their products comply with all applicable child data protection laws, including obtaining parental consent where required. If you believe we have mistakenly or unintentionally collected personal information of a child without appropriate consent, please contact us immediately using the information in the 'Contact Us' section below and we will take steps to delete such information from our systems.

Our Website: We use cookies for authentication, security, and session management on our own website and platform. You can manage your cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.

We may update this Privacy Policy periodically. We will post any changes on this page with a new "Last Updated" date. For material changes that expand our use of personal information or reduce your rights, we will provide more prominent notice, such as via email to our Clients or a banner on our website, where required by law and feasible.