Privacy Policy

Introduction

Featurely, Inc. ("Featurely," "we," "us," or "our") is committed to protecting your privacy and handling your personal information with care. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our AI-powered SaaS platform for synthetic user testing and behavioral simulations. It also explains your rights and choices regarding your personal data and how you can exercise them. We adhere to the California Consumer Privacy Act (CCPA) and maintain compliance with SOC 2 standards to ensure robust data security and privacy controls. We also design our practices to align with the principles of the EU General Data Protection Regulation (GDPR) and ISO 27001, to be forward-compatible with future regulatory compliance goals. By using Featurely's website and services ("Services"), you agree to the practices described in this Privacy Policy.

‍

Scope


This Privacy Policy applies to personal information processed by Featurely through your use of our Services, including our websites, platform, and related online services. It covers information provided by you, information collected automatically (such as through cookies), and information obtained from third parties. This policy does not apply to any third-party websites or services that we do not control, even if linked to or integrated with our Services. We are not responsible for the privacy practices of those third parties.

‍

Information We Collect


We collect various types of information in order to provide and improve our Services. This includes:

• Personal Information: When you create an account or use Featurely, we collect personal identifiers and contact details such as your name, email address, and account login credentials. We may also collect your organization or company name and any profile information you choose to provide. If you contact us for support or sign up for newsletters, we collect your contact details and any information you send us in those communications.
• Billing Information: If you purchase a subscription or paid feature, our third-party payment processor (e.g. Stripe) will collect your payment card details and billing address on our behalf. We receive limited billing information such as your name, contact info, and transaction confirmations (e.g. payment amount and status). We do not store full credit card numbers or payment account numbers on our systems.
• User Content (Uploaded Data): Our platform allows you to upload or submit documents, designs, prototypes, or other content for synthetic user testing. Any information, including text, images, or other data you choose to upload to Featurely is user-controlled content. This content may include confidential or non-public product information belonging to you or your organization. You are solely responsible for the content you provide and should only upload information that you have the right to use. We do not access or use your uploaded content for any purpose except to provide the Services at your direction (for example, to simulate user tests on your prototypes) and as otherwise described in this Policy. Featurely disclaims liability for the contents of the data you upload, including any confidential or personal information contained therein, to the fullest extent permitted by law. (In other words, you are responsible if you include sensitive or confidential information in the content you upload.) We will treat user content as confidential to you and will not disclose it to others except as instructed by you or as required to provide the Services.
• Metadata and Usage Data: We automatically collect certain technical data and usage information when you interact with our Services. This may include: your Internet Protocol (IP) address and general location inferred from it, device and browser type, operating system, unique device identifiers, pages or screens you access, actions you take on the platform, and the dates/times of your visits. We also log metadata about the simulations and tests you run (e.g. timestamps and system responses) and how you interact with synthetic personas. This usage data helps us understand platform performance, improve our features, and secure our Services. Usage data is generally aggregated or associated with a pseudonymous user ID; we do not use it to identify you personally in our analytics.
• Cookies and Tracking Information: Featurely uses cookies and similar tracking technologies to enhance your experience and gather information about usage of our website (and we may expand such use in the future). Cookies are small text files placed on your device that allow us to recognize your browser or device and remember certain information. For example, we may use:
  • Strictly Necessary Cookies: to enable core functionality like user authentication and security.
  • Analytics Cookies: to collect information about traffic to our site and how users use our Service. The information collected via analytics cookies is typically aggregated or pseudonymous (not directly identifying you). For instance, we may use Google Analytics to understand user interactions in the aggregate.
  • Functional Cookies: to remember your preferences and settings to enhance your experience (e.g. keeping you logged in).

‍

We do not currently use cookies for advertising, but in the future we may introduce cookies or third-party tags for marketing or personalization. If we do so, we will update this Policy and provide any required opt-outs or consents. You can control or delete cookies through your browser settings. However, note that disabling cookies may affect certain features of our Service (for example, you may need to log in again if cookies are disabled).

‍

How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Improve the Service: We process your personal information and uploaded content to operate the Featurely platform and deliver our features to you. For example, we use your information to create and manage your account, to run synthetic user tests on your uploaded prototypes as instructed, and to generate behavioral simulation results. We analyze usage data and feedback to improve the accuracy and performance of our AI simulations and to develop new features.
• To Communicate with You: We use contact information (like your email) to send you service-related communications, such as confirmations, invoices, technical notices, updates, security alerts, and support responses. We may also send you occasional product announcements, newsletters, or marketing communications about new features or offers, but only in accordance with applicable law. You can opt out of marketing emails at any time by clicking the unsubscribe link or contacting us (we will still send essential service emails).
• To Ensure Privacy and Compliance: Featurely's AI-driven synthetic personas and simulations are designed in a privacy-first manner that does not use real user data. We use technical measures (like data anonymization and content access controls) to ensure that any personal data in user-uploaded content is protected and handled according to this Policy. Our use of your information is aligned with our compliance obligations under frameworks like CCPA, and we are continually working to meet stringent privacy and security standards (such as GDPR requirements and ISO 27001 certification in the future).
• To Facilitate Payments: If you make a purchase, we use your billing and transaction data to process payments and manage subscriptions (through our third-party payment processor). This includes sending receipts, performing accounting, and handling any payment-related issues.
• For Security and Fraud Prevention: We use information (including automated log data and IP addresses) to monitor for suspicious or fraudulent activity and to detect, prevent, and respond to potential security incidents. This helps protect our platform as well as your account.
• To Comply with Legal Obligations: We may use or disclose your information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For example, we can retain and use certain data to respond to subpoenas or fulfill reporting obligations (see **"How We Share Your Information"**below for more).
• Other Purposes with Your Consent: If we want to use your information for a purpose not described in this Policy, we will request your permission. For instance, with your consent we might feature a customer testimonial or case study that includes your personal information.

How We Share Your Information

We do not sell your personal information to data brokers or third parties for their own marketing purposes. We only share your information in the following circumstances, and with appropriate safeguards:

• Service Providers: We share personal information with third-party companies and individuals that provide services on our behalf (often called "processors" or "sub-processors"). These include hosting and cloud infrastructure providers, data storage services, analytics providers, email delivery services, customer support software, payment processors, and other IT or security vendors. These service providers may need access to personal data only to perform their tasks (for example, storing data, sending emails, processing payments) and are contractually bound to protect it and use it only as instructed by Featurely. They must also implement appropriate security measures to safeguard your information.
• Business Partners (Future integrations): If Featurely offers integrations or partnerships that you choose to use (for example, an option to import data from a third-party tool or to use a single sign-on via another service), we will share data at your direction with those partners as needed for the integration. Such sharing will only occur with your consent or request, and the third party's use of your data will be governed by their privacy terms.
• Analytics and Tracking: We may share certain limited data with analytics services (like Google Analytics) to help us understand how users engage with our platform. This typically involves cookies or tracking codes that collect usage data and device identifiers (as discussed in "Cookies and Tracking" above). These third-party analytics providers process data on our behalf to produce aggregated insights. You can opt out of analytics as described in the Cookies section.
• Legal Compliance and Protection: We may disclose your information to government authorities, regulators, or other third parties if required to do so by law or legal process. For example, we will respond to valid subpoenas, court orders, or requests from law enforcement or government agencies where we have a good-faith belief such disclosure is legally necessary. We may also share information in order to protect our rights and property, or the rights, property, and safety of our users or others (for instance, to detect and address fraud, security, or technical issues). This includes exchanging information with other companies and organizations for cybersecurity or fraud protection.
• Corporate Transactions: If Featurely is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed or transferred as part of that transaction. We would only transfer the data under assurances that the acquirer or successor will honor the commitments of this Privacy Policy (or you will be given notice and a chance to opt-out of the transfer).
• With Your Consent: In any situation not covered above, if we need to share your personal information, we will do so only if you have authorized it. For example, if you request that we share data with a third-party consultant or if you intentionally share content publicly (such as by generating a shareable link or inviting external collaborators to a simulation), we will share accordingly at your direction.

When we share data with third parties, we only share the minimum information necessary for those purposes and, whenever feasible, we use aggregated, anonymized, or de-identified data (which cannot reasonably identify you). For example, we may publish aggregated statistics about platform usage or testing trends, but without personal details.

‍

Your Rights and Choices

‍

You have important rights regarding your personal information. Featurely is committed to honoring these rights and providing you with control over your data. Your principal rights include:

• Right to Access: You may request confirmation of whether we are processing your personal information and obtain a copy of the personal data we hold about you. This allows you to see what information we have collected. We will provide this in a readily usable format, usually electronically.
• Right to Correction: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. You can also review and update most of your account information by logging into your Featurely account settings.
• Right to Deletion: You have the right to request deletion of your personal information, subject to certain exceptions (for example, we may retain data as required by law or for legitimate business purposes). If you request deletion, we will erase your personal data from our active systems and inform our processors to do the same, unless retention is legally permitted or required. Note that content you have uploaded may be deleted by removing it in the platform; after you delete content, we follow the retention schedule outlined below to eventually remove it from all systems. Account information will be deleted or anonymized when you delete your account or upon request, again with some exceptions for legal compliance. We will confirm with you once your deletion request is completed.
• Right to Data Portability: You can request a copy of personal data you provided to us in a structured, commonly used, machine-readable format. Where technically feasible, you may also request that we transmit that data directly to another service provider at your direction. This right applies to data we process based on your consent or on a contract with you, and when processing is carried out by automated means.
• Right to Opt-Out of Sale/Sharing: Featurely does not sell personal information to third parties for monetary consideration. In addition, we do not share your personal information for cross-context behavioral advertising (targeted advertising) as defined under California law, at this time. If in the future we ever engage in such practices, California residents (and others where required by law) will have the right to opt out. We will provide a clear method to exercise this right (such as a "Do Not Sell or Share My Personal Information" link) in that event, in accordance with CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we will not deny you our Services, charge you different prices, or provide a lesser quality of service because you exercised your rights under the CCPA or other privacy laws. The Services provided to you will remain the same even if you make a data request.
• Right to Restrict or Object (GDPR applicable): If you are in a jurisdiction like the EU/EEA or UK with GDPR-like rights, you may have the right to restrict certain processing of your data or to object to processing based on our legitimate interests. For example, you can request that we limit use of your data (beyond mere storage) in certain circumstances -- such as while we address a data accuracy dispute or verify a deletion request. You may also object to any direct marketing (you can unsubscribe from marketing emails as noted above). If we are processing your data based on legitimate interests, you can object if you feel it impacts your rights; we will then consider whether we have compelling grounds to continue the processing.
• Other Region-Specific Rights: Privacy laws in some jurisdictions (such as the EU, UK, certain U.S. states, etc.) may provide additional rights, such as the right to withdraw consent (where we rely on consent), or the right to lodge a complaint with a supervisory authority. Featurely's policy is to respect all applicable rights in the regions we serve. Residents of California can also request certain information about our disclosure of personal data to third parties for their own direct marketing (under California's "Shine the Light" law) -- however, as noted, we do not share data with third parties for their independent marketing use without consent. If you have questions about specific rights in your location, you can contact us for more information.
• Exercising Your Rights: You may contact us at any time to exercise the rights above or ask questions about your rights. (See the Contact Us section below for how to reach us.) For security, we will need to verify your identity before fulfilling certain requests, typically by confirming information associated with your account or requesting additional identification. We will respond to your request within the timeframe required by law (generally within 30 days for most rights requests, with the possibility of a reasonable extension when necessary). There is no fee for making a request unless it is excessive or unfounded, in which case we will explain the situation. If we cannot comply with your request for a specific legal reason, we will inform you of that reason.

If you have an authorized agent (under CCPA, for example) to exercise rights on your behalf, we will require proof of authorization and also verify your identity directly with you, as required by law.

‍

User Content and Synthetic Personas — Important Information

Featurely's core service involves synthetic user personas that provide simulated feedback or behavior in response to your uploaded scenarios or prototypes. It is important to understand:

• Fictional Nature of Synthetic Personas: All "users" or personas generated by Featurely's AI are entirely fictional and do not correspond to any real individuals. The behaviors, feedback, comments, or other outputs produced in a simulation are simulated results for testing purposes only. They are designed to help you anticipate how users mightbehave or respond, but they are not actual user research data. These outputs should not be interpreted as real user feedback or factual data about real people. They are hypothetical and for illustration and analytical purposes. Featurely ensures privacy by not using any real-person data in creating these personas -- the synthetic respondents are generated in a manner that avoids using or exposing real-world personal data, thus eliminating privacy risks from test feedback.
• AI Model and Data Retention Disclosure: Featurely's synthetic personas and behavioral simulations are powered by AI models that do not train on or retain knowledge from user-uploaded content. Simulation outputs are generated statelessly based on generalized persona logic and do not influence future simulations. However, Featurely does retain user-uploaded content and simulation data until explicitly deleted by the user or account administrator. Clients maintain full control over their data and can delete individual assets, projects, or entire accounts at any time using the platform interface or by request. Until such deletion is initiated, the data remains accessible for re-simulation, reporting, and historical comparison. Featurely does not use retained customer data to train global models, personalize synthetic personas across accounts, or improve platform algorithms outside the customer's own workspace. All data processing is confined to customer-specific environments and governed by strict access controls.
• Confidential Information in Content: You may upload proprietary, confidential, or non-public product information into Featurely to conduct tests (for example, unreleased designs or strategies). We understand the sensitivity of such content. While we implement strong security controls to protect all user-provided content, we emphasize that you maintain control over what you upload. Please refrain from uploading information that is highly sensitive or not necessary for testing purposes. By using our Service, you acknowledge that Featurely is not liable for any loss or exposure of confidential information contained in the content you provide, except to the extent caused by our breach of this Privacy Policy or our negligence. We will follow your instructions on handling your content and will not use or disclose it except as needed to provide the Service or as required by law. However, you are responsible for managing access to your content (for instance, using our sharing settings appropriately) and for any consequences of including particular information in the content. If you have any concerns about the confidentiality of data you plan to upload, please contact us to discuss potential arrangements (such as a separate confidentiality agreement or specific security measures).
• AI Ethics and Human Oversight: Featurely is committed to ethical AI practices. We do not use your personal information to train our AI models in any way that would compromise your privacy. The synthetic personas operate within the parameters of the data you provide and public knowledge encoded in the AI; they do not have access to your private personal details. We also incorporate human oversight in developing our simulations to ensure that outputs remain respectful and unbiased. If you ever encounter any output from our Service that raises concerns, please notify us so we can address it.

‍

Data Retention

‍

We retain personal information and user content for only as long as necessary to fulfill the purposes outlined in this Policy or as required by law, whichever is longer. Retention periods vary depending on the type of data:

• User-Uploaded Content: Any documents, files, or other content you upload for simulation (including any data derived from it during tests) will remain stored on our systems for as long as your account is active, so that you have ongoing access. If you delete a specific piece of content from the platform, it will become inaccessible to you and others immediately. However, residual copies of deleted content may be retained in our backup systems for up to 30 days after deletion. This short retention allows us to recover data in case of accidental deletion or system failure. After approximately 30 days, deleted content is purged from all backups and systems and is unrecoverable. Similarly, if you delete your account entirely, we will delete or anonymize the content associated with your account within 30 days (aside from any content we must retain for legal reasons as noted below).
• Account Information and Metadata: We retain your basic account information (name, email, login credentials, and settings) and associated usage metadata for a brief period after you deactivate or delete your account, in case you decide to reactivate or there is a dispute to resolve. Account data is generally retained for 90 days following account deletion, after which it is erased or anonymized. During this 90-day window, your account is inactive and information is not accessible on the platform, but we may use contact information if needed to reach you regarding any account closure issues or refunds. Operational logs and metadata (such as system logs and audit trails) may also be retained for around 90 days for integrity, audits, troubleshooting, and security monitoring.
• Financial and Transaction Records: We retain billing records, invoices, payment history, and other transaction data for 7 years or as required by tax and accounting regulations. Keeping such records for seven years is a common legal requirement and business practice to comply with financial laws, audits, and anti-fraud regulations (for example, U.S. financial regulations and IRS guidelines often mandate record retention for 7 years). This data may include your name, contact, and transaction details, but will not include full payment card numbers (as we do not store those). After the retention period, we securely delete or anonymize these financial records.
• Legal Obligations and Disputes: Notwithstanding the retention periods above, we may retain information for longer if required to comply with our legal obligations or to resolve disputes. For instance, if we receive a legal hold, court order, or are involved in litigation or government investigation, we will retain any data that is necessary to comply with those requirements for as long as needed. We also keep a record of your privacy requests and our responses (for at least a couple of years) to demonstrate compliance with regulations.

After the expiration of the applicable retention periods, we will either delete your personal information or convert it into an anonymized form so that it can no longer be linked to you. When deleting data, we take measures to ensure the data is irrecoverable (for example, by securely overwriting or de-identifying it). Please note that due to the nature of distributed and cached storage, there might be latency in removal from all servers; however, we will ensure that no retained data remains in active use beyond the stated retention timelines.

‍

Data Security

‍

Featurely takes the security of your data seriously. We have implemented a range of administrative, technical, and physical security measures to protect your personal information and content from unauthorized access, disclosure, alteration, or destruction. These measures include, for example:

• Encryption: We use encryption to protect data in transit and at rest. All communications with the Featurely platform are encrypted using HTTPS/TLS. Sensitive data and personal information are stored in encrypted form in our databases or cloud storage.
• Access Controls: We limit access to personal data strictly to those employees, contractors, and service providers who need it to operate or support the Service. Access is controlled through role-based access controls, authentication checks, and regular audits. All personnel with access to personal information are bound by confidentiality obligations.
• Network & Application Security: Our infrastructure is secured with firewalls and intrusion detection systems. We regularly update our software and apply security patches to address vulnerabilities. We employ threat monitoring and run penetration testing on our applications to identify and fix potential weaknesses.
• SOC 2 Compliance: Featurely maintains a security program that meets the SOC 2 Trust Services Criteria for security, availability, and confidentiality. This means our controls and processes have been audited by independent experts to verify that we have effective safeguards in place for your data. Our commitment to SOC 2 standards signals that we follow industry best practices in how we handle and protect your information, giving you additional assurance about our data security.
• ISO 27001 Readiness: In line with our goal of continuous improvement, we are aligning our information security management with ISO 27001 standards. This international standard involves rigorous risk assessment, security policy, and governance procedures. While we pursue formal certification, we are implementing ISO 27001 principles to ensure a comprehensive approach to data security and resilience.
• Monitoring and Testing: We continuously monitor our systems for possible attacks or anomalies. Security logs are collected and analyzed for signs of unauthorized access. We also perform regular security assessments and have an incident response plan ready. Our team receives training on data protection and security practices.

Despite our efforts to safeguard your information with high standards of security, no system can be guaranteed 100% secure. The transmission of information via the internet is not completely without risk, so we cannot warrant absolute security of data. However, we will promptly notify you and the appropriate authorities of any data breach that involves your personal information, as required by law. We also continually evaluate and update our security measures in light of new risks and developments. By using Featurely, you acknowledge that you understand these security measures and limitations.

‍

International Data Transfers

‍

Featurely is based in the United States, and the personal information we collect is primarily stored and processed on servers located in the U.S. If you are located outside of the United States, be aware that your information will be transferred to, stored, and processed in the U.S. (and potentially other countries) which may not have the same data protection laws as your home jurisdiction. We take steps to ensure that appropriate safeguards are in place to protect your data during such transfers and that any international data transfer is compliant with applicable law. These steps may include:

• Standard Contractual Clauses: For users in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, we rely on EU-approved Standard Contractual Clauses (SCCs) or equivalent legal mechanisms to legitimize transfers of personal data from those regions to the U.S. Our Data Processing Addendum incorporates such clauses to protect European personal data.
• Data Privacy Framework: We are evaluating participation in frameworks like the EU-U.S. Data Privacy Framework (DPF) as they become applicable. While not yet certified, Featurely intends to adhere to the principles of notice, choice, accountability for onward transfer, security, data minimization, access, and recourse/enforcement as outlined in the DPF for cross-border data handling. Once we join an approved transfer framework or obtain certification (such as Privacy Shield's successor or binding corporate rules), we will update this Policy accordingly.
• Agreements with Service Providers: Any third-party service providers (subprocessors) that process personal data on our behalf in other countries are required by contract to provide comparable protection to your data. We conduct due diligence on our vendors' security and privacy practices and include data protection clauses in our agreements with them. If we transfer personal data to them internationally, we ensure there is a lawful transfer mechanism in place (such as SCCs between us and the provider).

By using the Services or providing us with information, you explicitly consent that your personal data may be transferred to and processed in the United States and other countries as explained above. We will of course handle your personal information securely and in accordance with this Privacy Policy regardless of where the processing takes place. If you have questions about our international data practices, please contact us.

Children's Privacy

Our Services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age (or under 16, if applicable law provides a higher age threshold). Featurely is a business-oriented service generally designed for adult professionals and organizations. We do not market to or target minors. If you are under 13 (or under 16 in certain regions), please do not use our Service or provide any personal information to us.

‍

In the unlikely event that we have inadvertently collected personal data from a child without proper consent, we will delete that information as soon as possible. If you believe that we might have any information from or about a child under 13 (or relevant age of consent), please contact us immediately so that we can take appropriate action. Parents or legal guardians should supervise children's internet usage and can contact us to request deletion of any information inadvertently collected from minors.

‍

Changes to This Privacy Policy

‍

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make material changes to this Policy, we will notify you by prominently posting a notice on our website or within the platform, or by emailing you (if you have provided an email address for contact). The notice will indicate when the changes will become effective. Minor updates (such as clarifications) may be posted without additional notice. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The "Effective Date" at the top indicates when this Policy was last revised. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms (to the extent permitted by law). If you do not agree to any updated terms, you should stop using the Services and may delete your account at any time.

‍

Contact Us

‍

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We will respond as promptly as possible.

Email: privacy@featurely.com


You may also contact us by mail at the address above for any privacy or data protection inquiries, including to exercise your rights or to request further information about our privacy compliance. For security reasons, please do not include sensitive information (like passwords or full credit card numbers) in any email to us.

‍

Governing Law

‍

This Privacy Policy and any disputes related to it or our handling of personal information are governed by the laws of the State of California, U.S.A., without regard to conflict of law principles. By using our Services or providing us with your information, you acknowledge that this Privacy Policy is subject to California law. We also adhere to applicable federal U.S. privacy laws and regulations. If you are a user located outside of California or the U.S., please note that by using Featurely, you are agreeing that California law will apply to any issues that arise relating to privacy or data protection, except where otherwise required by local law.

‍

We appreciate the trust you place in Featurely to handle your information. We are continually working to maintain that trust through robust privacy and security practices. If you have any questions or feedback about this Privacy Policy, please reach out to us. Thank you for using Featurely and enabling us to help you with synthetic user testing in a privacy-conscious way!

‍

Last Updated: August 3, 2025

Your privacy is important to us — thank you for reading our Privacy Policy

‍