Skip to main content

Privacy Policy

Last updated: 31 March 2026

What we collect

When you use Experiously, we collect:

  • Account information: your name, email address, password (stored as a secure hash, never in plain text), and optional profile details you choose to add (such as your role, company, location, industry, bio, LinkedIn URL, and website URL)
  • Content you create: Experiences you submit, messages you send, and your profile picture if you upload one
  • Reputation score: an activity-based score (XP) computed from your contributions and interactions, displayed on your profile and Experience cards
  • Usage data: which pages you visit and which Experiences you view (logged-in users only, used for private contributor analytics)
  • Device information: if you enable push notifications, we store a subscription endpoint for your device

How we use it

  • To operate the platform: display your Experiences, enable messaging, manage credits
  • To review submissions for quality and safety
  • To tell you when something happens to your account. We do this three ways: an in-app notification bell that always works, an optional daily summary email per category, and optional browser push alerts for new messages and nudges
  • To send password reset emails when you request them
  • To show contributors private view and conversation counts on their own Experiences
  • To detect and prevent abuse (rate limiting, spam detection)

What we don't do

  • We don't sell your data to anyone
  • We don't show ads or use tracking pixels
  • We don't share your email address with other users. Messaging is in-app only
  • We don't track non-registered visitors beyond standard server logs
  • We don't use your content to train AI models

Third-party services

We use a small number of third-party services to operate the platform:

  • Anthropic (Claude AI):submissions are sent to Claude for quality review. Content is processed per Anthropic's privacy policy. Anthropic does not use API submissions to train models.
  • Resend: for transactional emails (password resets, the daily notification summary, account security alerts, and a small set of emails that are always sent regardless of your preferences, such as password change confirmations and Exchange reschedule notices). Only your email address is shared.
  • Stripe:for payment processing (starter pack purchases). Payment details are handled entirely by Stripe. We never see or store your card information. Stripe's privacy policy is available at stripe.com/privacy.
  • Upstash (Redis):for rate limiting and fraud prevention. Your IP address, browser identifier, and email are used as short-lived keys (minutes, not days) to block abusive registration patterns and referral fraud. Values are hashed before storage where possible. No personal data is stored permanently. Upstash's privacy policy is available at upstash.com/trust/privacy.
  • Sentry:for error monitoring. When an unexpected error happens in your browser or on our server, Sentry receives a technical report containing the stack trace, the URL you were on, and your browser type. We have IP address collection disabled and we strip email, username, and authentication headers before reports leave the browser. Data is stored in the European Union. Sentry's privacy policy is available at sentry.io/privacy.

Data visibility

Here's what different people can see:

  • Everyone: your name, profile picture, XP score, approved Experiences, and any optional profile fields you have toggled to visible (you control each field from your Profile settings)
  • Registered users: full Experience content (unregistered visitors see a preview)
  • Only you: your email, credits, view counts, and conversation counts
  • Your conversation partner: messages within your shared thread
  • Admins: account details, all submissions (including rejected), and messages if investigating reported abuse

Cookies

We use two cookies:

  • Authentication cookie (httpOnly, secure): keeps you logged in. Contains a secure token. Expires after 7 days.
  • Referral cookie: if you arrive via a referral link, we store a short code so we can credit the person who shared the Experience with you. Expires after 30 days.

No tracking cookies, no analytics cookies, no third-party cookies.

Your rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data. You can download a complete copy of your data as a JSON file from your Profile settings page at any time
  • Rectification. You can edit your name, email, and all profile information directly from your Profile settings page
  • Erasure. You can delete your account and all associated personal data from your Profile settings page. Deletion is immediate
  • Data portability. The data export from your Profile settings page provides your data in a structured, machine-readable JSON format
  • Object to processing of your personal data
  • Lodge a complaint with a supervisory authority (in the UK, this is the Information Commissioner's Office)

All of these rights are available as self-service from your Profile settings page. If you need help or want to exercise a right that isn't covered there, email us at hello@experiously.com and we will respond within 30 days.

Your choices

  • You can turn off the daily email summary per category from your profile settings (Messages, Milestones, Exchanges, Engagement). Security and account alerts are always on and cannot be silenced
  • You can turn browser push alerts on or off from your profile settings. Push covers new messages and nudges only
  • The in-app notification bell cannot be switched off. It's how the platform tells you things have happened, and it keeps working even when every other channel is silenced
  • You can toggle whether you're open to conversations on each Experience
  • You can upload, change, or remove your profile picture at any time
  • As a logged-in member, you are findable by name to other members of Experiously. Anonymous visitors cannot search by name. You can turn off name search in profile settings without affecting your public profile

Data retention

We retain your data for as long as your account is active. You can delete your account at any time from your Profile settings page. When you delete your account, your personal data is removed immediately. Anonymised, aggregated statistics (such as category counts and platform trends) may be retained after deletion as they cannot be linked back to you.

Data storage and security

Your data is stored securely. Passwords are hashed using bcrypt. Authentication tokens are stored in httpOnly cookies that can't be accessed by JavaScript. We use rate limiting and input validation to protect against abuse.

Changes to this policy

If we make significant changes to this policy, we'll let you know via email or a notice on the platform. The "last updated" date at the top tells you when it was last revised.

Contact

Questions about your data or this policy? Email us at hello@experiously.com.