aftyr
Buy now

Privacy Policy

Last updated: May 17, 2026

This Privacy Policy explains how aftyr ("we", "us", "our") collects, uses, and protects information when you use the aftyr platform and its products: Replay, Pulse, Chat, Desk, and Voice.

1. Two types of data we handle

aftyr operates in two roles depending on the data involved.

Your account data (we are the data controller)

Data you provide directly to aftyr when creating and managing your account — your name, email, billing details, and configuration settings. We determine how this data is used and protected.

Your end-users' data (we are the data processor)

Four of our products — Replay, Chat, Desk, and Voice — process data belonging to your end-users on your behalf. You are the data controller for that data; we process it only as instructed by your use of the product. You are responsible for having appropriate notices and consents in place with your own end-users. This is covered further in your aftyr Terms of Service.

2. What we collect

Account data (all products)

DataWhy we collect it
Name and email addressAccount creation and communication
Hashed passwordAuthentication — never stored in plain text
Billing confirmationPayment records — we never store card numbers
Usage logs (features used, timestamps)Platform operation and improvement

Product-specific data

aftyr Replay (session recording)

Captures session replays of your end-users as they use your product. This includes mouse movements, clicks, scrolls, keystrokes, and page events. aftyr automatically masks known sensitive fields such as passwords and common PII fields. You are responsible for identifying and marking any additional sensitive fields in your implementation to prevent them from being captured.

aftyr Pulse (uptime and metric monitoring)

Stores the service endpoints, URLs, and alert configurations you define. Collects uptime check results, response times, and metric snapshots for your services. Alert notifications are sent to the contact addresses you configure.

aftyr Chat (live chat)

Stores chat transcripts between your support agents and your end-users, including any names, email addresses, or other details shared during a conversation. Chat history is accessible to your team and, where applicable, to the end-user who initiated the chat.

aftyr Desk (helpdesk and ticketing)

Stores support tickets, correspondence, and any attachments your end-users or agents submit. This may include names, email addresses, and the content of communications. All ticket data is stored on your behalf.

aftyr Voice (user testing and surveys)

Stores survey questions you create, text responses submitted by your participants, and screen recordings made during testing sessions. No audio or video of participants is recorded. All response and recording data is stored on your behalf.

3. How we use your data

We use account data to:

  • Provide, maintain, and support the aftyr platform
  • Send transactional emails (account alerts, billing receipts, uptime notifications)
  • Respond to support requests
  • Investigate security incidents

We use end-user data (Replay, Chat, Desk, Voice) only to deliver the product features you have configured. We do not analyse, mine, or access end-user data for any other purpose.

We do not use any data for advertising. We do not sell or rent any data to any third party, ever.

4. Data security

We protect your data with multiple layers of encryption. All data is encrypted in transit via TLS/SSL. Sensitive data — including credentials and authentication tokens you configure for monitoring — is additionally encrypted at rest using application-layer encryption (AES-256-GCM) before being written to the database. Our infrastructure also applies disk-level encryption at the storage layer.

Access to production systems is restricted to authorised personnel only. Payment card data is handled entirely by our payment processor — we never store card numbers or billing credentials.

5. Data sharing

We share data only with third-party service providers required to operate the platform, specifically for hosting and infrastructure, and for payment processing. No other parties receive your data or your end-users' data. We do not share data with advertisers, brokers, or analytics platforms.

6. Data retention and deletion

We retain your account data and all product data for as long as your account is active.

When you close your account, all data — including your account details, configuration, and all product data (Replay recordings, Chat transcripts, Desk tickets, Voice responses, and Pulse history) — is permanently deleted within 30 days.

After that window, data is purged from production systems and from backups on their normal rotation cycle.

You may request deletion of specific data at any time through our contact page.

7. Data export

You may request a full export of your account and product data at any time. Contact us and we will provide a machine-readable copy within 14 days.

8. Your responsibilities as a customer

For products that process your end-users' data (Replay, Chat, Desk, Voice), you are the data controller for that data. You are responsible for:

  • Disclosing to your end-users that session recording, chat, ticketing, or testing tools are in use
  • Obtaining any consents required by applicable law
  • Ensuring your own privacy policy accurately reflects your use of these tools

We process end-user data only on your behalf and delete it when your account is closed or on your earlier request.

9. Cookies

We use cookies for authentication and session management. We may also use cookies in the future for analytics purposes; if and when we do, we will update this section accordingly. We do not use third-party advertising or tracking cookies.

10. Children

aftyr is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

11. Your rights

You may at any time:

  • Access the data we hold about you
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your data in a portable format

To exercise any of these rights, contact us.

GDPR — European users

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies.

Lawful basis for processing. We process your account data on the basis of contractual necessity — it is required to provide the services you have signed up for. We process usage data on the basis of our legitimate interests in operating and improving the platform.

Your data subject rights. In addition to the rights listed above, you have the right to restrict processing, to object to processing based on legitimate interests, and to lodge a complaint with your local data protection authority.

International transfers. aftyr stores data on servers located in the United States. By using aftyr, you acknowledge that your data may be transferred to and processed in the United States.

CCPA — California residents

We do not sell your personal information. California residents have the right to know what personal information we collect, to request deletion, and to not be discriminated against for exercising these rights. To make a request, contact us.

12. Changes to this policy

We may update this policy from time to time. The latest version is always available at aftyr.dev/privacy. Your continued use of aftyr after any update constitutes acceptance of the revised policy.

13. Contact

For privacy questions, data requests, or to report a concern, visit our contact page.

Governing law: This policy is governed by the laws of the United States.