Skip to main content

Privacy Policy

Last updated: 31 March 2026

What we collect

When you use Experiously, we collect:

  • Account information: your name, email address, password (stored as a secure hash, never in plain text), and optional profile details you choose to add (such as your role, company, location, industry, bio, LinkedIn URL, and website URL)
  • Content you create: Experiences you submit, messages you send, and your profile picture if you upload one
  • Reputation score: an activity-based score (XP) computed from your contributions and interactions, displayed on your profile and Experience cards
  • Usage data: which pages you visit and which Experiences you view (logged-in users only, used for private contributor analytics)
  • Device information: if you enable push notifications, we store a subscription endpoint for your device

How we use it

  • To operate the platform: display your Experiences, enable messaging, manage credits
  • To review submissions for quality and safety
  • To send you notifications about messages (email and push, both opt-out)
  • To send password reset emails when you request them
  • To show contributors private view and conversation counts on their own Experiences
  • To detect and prevent abuse (rate limiting, spam detection)

What we don't do

  • We don't sell your data to anyone
  • We don't show ads or use tracking pixels
  • We don't share your email address with other users. Messaging is in-app only
  • We don't track non-registered visitors beyond standard server logs
  • We don't use your content to train AI models

Third-party services

We use a small number of third-party services to operate the platform:

  • Anthropic (Claude AI):submissions are sent to Claude for quality review. Content is processed per Anthropic's privacy policy. Anthropic does not use API submissions to train models.
  • Resend: for transactional emails (password resets, message notifications). Only your email address is shared.
  • Stripe:for payment processing (starter pack purchases). Payment details are handled entirely by Stripe. We never see or store your card information. Stripe's privacy policy is available at stripe.com/privacy.
  • Upstash (Redis):for rate limiting to prevent abuse. Only your IP address or email is used as a temporary key. No personal data is stored permanently. Upstash's privacy policy is available at upstash.com/trust/privacy.
  • Sentry:for error monitoring. When an unexpected error happens in your browser or on our server, Sentry receives a technical report containing the stack trace, the URL you were on, and your browser type. We have IP address collection disabled and we strip email, username, and authentication headers before reports leave the browser. Data is stored in the European Union. Sentry's privacy policy is available at sentry.io/privacy.

Data visibility

Here's what different people can see:

  • Everyone: your name, profile picture, XP score, approved Experiences, and any optional profile fields you have toggled to visible (you control each field from your Profile settings)
  • Registered users: full Experience content (unregistered visitors see a preview)
  • Only you: your email, credits, view counts, and conversation counts
  • Your conversation partner: messages within your shared thread
  • Admins: account details, all submissions (including rejected), and messages if investigating reported abuse

Cookies

We use two cookies:

  • Authentication cookie (httpOnly, secure): keeps you logged in. Contains a secure token. Expires after 7 days.
  • Referral cookie: if you arrive via a referral link, we store a short code so we can credit the person who shared the Experience with you. Expires after 30 days.

No tracking cookies, no analytics cookies, no third-party cookies.

Your rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data. You can download a complete copy of your data as a JSON file from your Profile settings page at any time
  • Rectification. You can edit your name, email, and all profile information directly from your Profile settings page
  • Erasure. You can delete your account and all associated personal data from your Profile settings page. Deletion is immediate
  • Data portability. The data export from your Profile settings page provides your data in a structured, machine-readable JSON format
  • Object to processing of your personal data
  • Lodge a complaint with a supervisory authority (in the UK, this is the Information Commissioner's Office)

All of these rights are available as self-service from your Profile settings page. If you need help or want to exercise a right that isn't covered there, email us at hello@experiously.com and we will respond within 30 days.

Your choices

  • You can turn off email notifications from your profile settings. Push notifications are managed through your browser's notification settings
  • You can toggle whether you're open to conversations on each Experience
  • You can upload, change, or remove your profile picture at any time

Data retention

We retain your data for as long as your account is active. You can delete your account at any time from your Profile settings page. When you delete your account, your personal data is removed immediately. Anonymised, aggregated statistics (such as category counts and platform trends) may be retained after deletion as they cannot be linked back to you.

Data storage and security

Your data is stored securely. Passwords are hashed using bcrypt. Authentication tokens are stored in httpOnly cookies that can't be accessed by JavaScript. We use rate limiting and input validation to protect against abuse.

Changes to this policy

If we make significant changes to this policy, we'll let you know via email or a notice on the platform. The "last updated" date at the top tells you when it was last revised.

Contact

Questions about your data or this policy? Email us at hello@experiously.com.