Privacy policy

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal provisions of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG 2003). With this data protection agreement, we inform you about the most important aspects of data processing within the framework of our website and when using our services.

Person responsible / Contact us

Gleap GmbH, Dr. Walter-Zumtobel-Straße 2, 6850-Dornbirn, Austria processes personal data as a data controller within the meaning of the GDPR.

You can contact us using the form on the website ( or by e-mail ( The data you provide will be stored by us for twelve months for the purpose of processing your inquiry and in case of follow-up questions. We will not pass on this data without your consent.

Our product

Gleap GmbH offers its customers bug reporting and customer feedback software for mobile applications and websites. In particular, our company offers (i) Bug Reporting, (ii) Crash Reports, (iii) Live Chats, (iv) Features Requests, (v) Surveys, (vi) Chat Messages (direct communication), (vii) Emails (same technology as Surveys and Chat Messages), (viii) News & Release Notes, and (ix) a Help Center.

Our powerful platform also provides customers with detailed technical insights, including console and network logs, environment data, event tracking, and visual feedback, greatly increasing troubleshooting efficiency.

Categories of data subjects

  1. visitors to our website; and
  2. customers and potential customers as well as their employees who use or wish to use our service.

Legal provisions / GDPR

The processing of your personal data is based on the following legal provisions:

  1. Consent given in accordance with Article 6 para 1 lit a GDPR;
  2. For the fulfilment of our contractual obligations in the context of our services, the implementation of pre-contractual measures, which is based on your request. Furthermore, for the fulfilment of our contractual obligations to process for personalized advertising pursuant to Article 6 para 1 lit b GDPR;
  3. on the basis of our legal obligations pursuant to Article 6 para 1 lit c GDPR; and
  4. for the protection of our legitimate interests, such as the enforcement and defense of claims and the performance of contracts with third parties, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail pursuant to Article 6(1)(f) of the GDPR.

Which data are processed by us

Visiting the website

  1. Detection of the device used
  2. Detection of the operating system

The data we collect may depend on the individual settings of your device and software. We encourage you to review the policies of your device manufacturer or software provider to learn what information you provide to us.

Registration via website/ Ordering the newsletter/ Contacting for support

  1. E-mail address
  2. Password
  3. In case of Google authentication (Google account and login data)
  4. Web browser standard data (IP address, version of the browser, time and date, the visited pages of the homepage)
  5. First and last name
  6. user profile
  7. profile picture
  8. Date of birth
  9. Address
  10. Telephone number
  11. VAT number
  12. Payment method details (bank/account details, credit card details)
  13. Information on previous experience with Customer Success Tools
  14. Company name
  15. Email addresses of team members
  16. Names of management


Chat messages:

  1. Date
  2. Message
  3. Attachment (file, optional)
  4. Session ID

Every ticket inquiry comes with the following data:

  1. Form data (depends on what data you collect - typically email & description)
  2. Date created
  3. Outbound ID (when sent as survey)
  4. Priority of the inquery
  5. Status of the inquery
  6. Session ID (used to identify the user)
  7. Project ID
  8. Organization ID
  9. Screenshot data (for JS)
  10. Replay data
  11. Steps to reproduce data
  12. Clicks (used to reproduce the issue)
  13. Metadata (including OS info, browser info, ...)
  14. Attachments (if activated)
  15. Network logs (if activated)
  16. Custom data (this is data set by our customer - we don't know what it includes)
  17. Action log (if set)
  18. Console logs (includes the log of the developer console)

The Gleap session data includes:

  1. Gleap ID (randomized ID to identify a session)
  2. Gleap Session Hash (Hash that provides proof of identity)
  3. Name (if set with the identify() method)
  4. User ID (if set with the identify() method)
  5. Email address (if set with the identify() method OR through form-data)
  6. Approximated location (the accuracy allows only to identify the country due to anonymization of the IP address)
  7. IP-address (not directly stored but used for rate limiting to protect our infrastructure)
  8. Name (if set with the identify() method or extracted from the email address)
  9. Value of the customer
  10. Custom data (this is data set by our customer - we don't know what it includes)

Only the Gleap ID and Gleap Session Hash are mandatory and generated by default. All other information is optional and depends on the configuration of the customer's project.

Events (Gleap allows customers to track events like "signedUp" or "loggedIn" - - events are used for debugging purpose & to trigger surveys & outbound messages)

  1. Date
  2. Session ID
  3. Event name
  4. Custom event data (this is data set by our customer - we don't know what it includes)

For further development of the website

When you use the website, errors may occur in the background that you may not even notice. We automatically collect information about the error and the circumstances of its occurrence. This data may include technical details about your device, attempted actions, and other technical information related to the problem. You may not receive notifications about such errors, even if they are occurring. Please note that this information is not personally identifiable in and of itself and is used solely for Gleap GmbH's improvement of the Site.

What we process your data for

  1. To communicate with you in the context of the website and services and to provide our services to you;
  2. to improve and optimize our offers and services;
  3. to be able to keep you informed with advertising (in particular for marketing and personalized promotional activities and the management, including sending, of electronic advertising (email, push messages);
  4. for the production of statistics and graphics;
  5. for security purposes (identity verification, for the security and operation of this website and our software, fraud detection and prevention, detection of security breaches, traceability of security measures, technical support, traceability of access);
  6. to enforce any claims (reminders, enforcement and defence of claims, preservation of evidence);
  7. for the fulfilment of legal obligations / retention obligations.

We process, as described above, data in the context of your use of the website. This includes the categories, (i) visiting the Website, (ii) registering, logging in and using the Website, and (iii) using the chatbot. We process this data for our own purposes in accordance with data protection regulations.

As a data processor, we also process data for our customers who use our services. The controller/customer is solely responsible for assessing the permissibility of the processing in accordance with Article 6(1) GDPR and for safeguarding the rights of the data subjects in accordance with Articles 12 to 22 GDPR.

Marketing / E-Mail advertising

If you agree to receive electronic advertising, your e-mail address will be added to our distribution list. Until you withdraw your consent, we are entitled to send newsletters or electronic advertising to this address. You may also unsubscribe from receiving electronic advertising or newsletters at any time by clicking on the unsubscribe link at the bottom of any advertising/newsletter email from us with immediate effect.

Deletion of data

From the moment reasons arise that no longer entitle us to process your data, such as (i) processing that goes beyond the scope of your consent to the processing, (ii) expiry of legal retention obligations or (iii) our legitimate interest in data processing no longer exists, we will delete your personal data three years after the end of the calendar year in which you deleted your Gleap account.

The collected data will not be stored for longer than is necessary to fulfil the above purposes. With the deletion of the user profile in the login area of the website, all personal data of the website user will be deleted, unless the retention of the personal data requires longer for reasons or compliance with legal requirements.

Protective measures

In order to maintain our organizational quality and, in particular, to comply with data protection requirements, we have established organizational and technical protective measures. These are evaluated and, if necessary, adapted to the changed conditions.

By means of access controls, we ensure that your personal data is only viewed by authorized persons and that we are able to track and verify this. If this is possible during data processing, data is processed in pseudonymized form.

We protect your data to the best of our knowledge and belief against loss, destruction, falsification, manipulation, unauthorized access and unauthorized disclosure. We point out that data transmission on the Internet can have security gaps and it is regrettable that in certain cases it is not possible to protect your data completely from access by third parties.

Linking to other sites/homepages

In the event that our website contains links to third-party websites and services, please note that these websites and services have their own privacy policies. If you follow a link to third-party content, you should read their privacy policies to learn how they collect and use personal information. This Privacy Policy does not apply to your activities after you leave our website.

Please note that we have no control over the content and policies of these websites and cannot accept any responsibility or liability for their privacy practices.

Data protection/children

We provide our services exclusively to persons who have already reached the age of eighteen.


Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do not cause any damage.

We use cookies to make our offer user-friendly. Some cookies remain stored on your end device until you delete them. You enable us to recognize your browser on your next visit.

If you do not wish this, you can set your browser so that it informs you about the setting of cookies and allows this only in individual cases.

Please note that if you disable cookies, the functionality of our website may be limited.

Web analysis

Our website uses functions of the web analysis service Google Analytics. Cookies are used for this purpose, which enables an analysis of the use of the website by your users. The information generated by this is transferred to the provider's server and stored there.

You can prevent this by setting up your browser so that no cookies are stored.

We have concluded a corresponding contract with the provider for order data processing.

Your IP address is recorded, but immediately pseudonymized (e.g. by deleting the last 8 bits). This means that only a rough localization is possible.

The relationship with the web analytics provider is based on the EU "Privacy Shield".

Data processing is carried out on the basis of the legal provisions of Article 96 (3) TKG as well as Article 6 (1) lit a (consent) and/or f (legitimate interest) of the GDPR.

Our concern in terms of the DSGVO (legitimate interest) is the improvement of our offer and our web presence. Since the privacy of our users is important to us, the user data is pseudonymized [pseudonymization is recommended for the legal reason "legitimate interest"; this must be clarified with the web analytics service].

The user data is stored for a period of 14 months.

Data protection officer

We have appointed a data protection officer to safeguard the data that we process for our own purposes or on behalf of our customers.

Data protection officer/contact details:

Lukas Böhler

Gleap GmbH

Dr.-Walter-Zumtobel-Straße 2

6850 Dornbirn



Phone: +43 5572 401104

Your rights

With regard to your data stored by us, you are generally entitled to information (pursuant to Article 15 of the GDPR), rectification (pursuant to Article 16 of the GDPR), deletion (pursuant to Article 17 of the GDPR), restriction (pursuant to Article 18 of the GDPR), data portability (pursuant to Article 20 of the GDPR), revocation and objection (pursuant to Article 21 of the GDPR). If you are of the opinion that the processing of your data violates data protection regulations or that your data protection rights have otherwise been violated in some way, you can complain to us at or to the data protection authority. We can be reached at at any time for questions or your revocation.

The revocation does not affect the lawfulness of all processing carried out on the basis of the express consent until the revocation. In the event of revocation, you will no longer be able to use the services offered by us.

Changes to the data protection agreement

We reserve the right to update this data protection agreement on the basis of new legal developments or changed company procedures. The new version will apply from the time it is made available on our website. Please check our privacy agreement regularly.

The last change was made on February 17, 2023.