Privacy Policy

Netizen Labs (“we”, “our”, or “us”) respects your privacy and is committed to protecting the personal data you provide when using our AI-powered user research platform.

We support different types of users:

• Project teams/account holders who create and manage research projects
• Session-only respondents, such as research respondents who join specific studies via invite
• Session guests, like observers or interpreters, who are granted access to selected sessions

This Privacy Policy explains how we collect, use, and protect data for all users. By accessing our platform, you agree to the practices described below.

1. Who We Are

Netizen Labs is based in Malaysia and operates primarily in Southeast Asia, including Singapore, Vietnam, and Indonesia. We comply with the Malaysia Personal Data Protection Act (PDPA) and strive for alignment with the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect different types of data depending on your role and activity:

a) Account & usage information:

Applies to: Account holders

• Name, email, and login credentials
• Company name (if provided)
• Project metadata (e.g., study names, invited team members)
• Team collaboration actions (e.g., comments, edits)
• IP address, browser, and device info

b) Session participation data:

Applies to: Research respondents, observers, and interpreters

• Audio and video recordings
• Screenshare (if enabled)
• Auto-generated transcripts
• Technical metadata (device/browser)

Note: We do not record mouse movements or detailed on-screen interactions unless explicitly introduced in future feature updates.

c) Website & app interaction data:

Applies to: All users (including website visitors and logged-in users)

• Cookies for functionality and performance
• Usage analytics (e.g., via Microsoft Clarity/Google Analytics)
• Page views, clicks, scrolls, and session duration

3. How We Use Your Data

• Provide session recording, transcription, and AI-powered analysis
• Generate insights and summaries from sessions
• Deliver technical support and product improvements
• Monitor aggregate usage trends for product improvement

We do not sell your data for advertising, and never use your research data to train AI models.

4. Use of AI and Automation

We use AI (e.g., OpenAI) to generate summaries and analysis based on session data. However:

• Your research data is never used to train or improve any third-party AI models
• Session data (recordings, transcripts) is accessible only to you, your invited team, or session guests for research purposes
• Our internal team accesses content only with your explicit permission (e.g., for support or troubleshooting)
• We do not use your personal data for automated decision-making that produces legal or similarly significant effects

5. Data Access and Privacy Controls

a) Workspace and project access

Only invited team members can access workspace/project data. Session guests (observers, interpreters) only see the sessions for which they are explicitly invited and cannot view other data without project owner authorization.

b) Respondent consent and session access

We recommend project teams inform all participants of recording or data handling practices and obtain explicit consent where required. By joining a session, respondents acknowledge and consent to recording, transcription, and analysis for research purposes.

6. Data Storage and Security

Your data is stored on ISO 27001-compliant AWS infrastructure:

• Encrypted at rest (AES-256) and in transit (TLS/SSL)
• We implement administrative, technical, and physical safeguards to protect data against loss, misuse, or unauthorized access

Refer to the documents below for more information:

• AWS Data Protection – DynamoDB
• AWS Data Durability – S3

7. Third-Party Services

We work with trusted third-party service providers to enable our platform, including:

• AWS (infrastructure)
• OpenAI (AI-powered features)
• Speech-to-text services
• Microsoft Clarity, Google Analytics (analytics)

All third parties are contractually required to process your data securely and only as necessary to deliver services.

8. Data Retention

Research data is retained for 12 months after your last project activity. You may request deletion or deactivation of your account at any time:

• Upon deletion, all associated data is permanently erased
• If deactivated, we retain your data for a 30-day grace period (for potential recovery). After 30 days, your data will be permanently deleted unless otherwise required for legal or regulatory reasons

9. Your Rights

Depending on your location and applicable laws (e.g., PDPA, GDPR), you may have the right to:

• Access, correct, or delete your personal data
• Request restriction of data processing
• Object to certain uses of your data
• Withdraw consent where applicable
• File a complaint with your local data protection authority

To exercise these rights, contact: support@netizenlabs.com. Deactivating or deleting your account will result in the permanent removal of your data according to our retention policy.

10. Cross-Border Data Transfers

As we use global providers such as AWS and OpenAI, your data may be processed or stored outside your country. We ensure adequate safeguards for cross-border transfers, especially for users in GDPR-compliant regions.

11. Cookie Policy

When you visit our website, we may record data about your web session and assign you some “cookies”. Cookies are small text files placed on your hard disk by your web browser. The main purpose is to save you time by eliminating the need to repeatedly enter the same information (such as login on every page) and to display content that is personalized for you.

Cookies will be stored permanently on your computer unless you configure your web browser to clear it out after every session. You can choose to accept or decline cookies by configuring your browser settings. However, by declining cookies, you may not be able to fully enjoy all of our tools and services.

12. Children’s Privacy

Our platform is not intended for individuals under 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy periodically for operational, legal, or regulatory reasons. If changes are material, we will notify users via email or website notice. We encourage you to check this page regularly for updates.

14. Complaints

If you have concerns or wish to file a complaint about our data handling, please contact support@netizenlabs.com. We will do our best to respond promptly. If unsatisfied, you may also escalate to your relevant data protection authority (such as Malaysia’s Personal Data Protection Department or Singapore’s PDPC). If you are a resident of the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority at any time.

15. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and, if required, the relevant supervisory authority in accordance with applicable law.

16. Contact Us

For privacy questions, data requests, or feedback, reach us at: support@netizenlabs.com