Custory
Start free
  • Pricing
  • Blog
Log inStart free
Product
Customer journeysAI & Automations
Integrations
Collaborative editorsCommunicationProduct management
Resources
PricingBlogChangelog

Privacy Policy

How we collect, use, and protect your data when you use Custory.

Last updatedMarch 29, 2026

Last updated: March 29, 2026

Introduction

Custory ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer experience mapping application.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Workspace information
  • Authentication credentials (managed securely through WorkOS)

Journey Map Data

We store the customer journey maps you create, including:

  • Journey titles, descriptions, and personas
  • Steps, touchpoints, and pain points
  • Items, comments, and attachments
  • Metadata such as creation dates and ownership

Integration Data

When you connect third-party integrations (Jira, Linear), we collect:

  • OAuth access tokens (encrypted with AES-256-GCM)
  • Integration metadata (workspace names, team IDs)
  • Linked task information

Usage Information

We automatically collect certain information when you use Custory:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and feature interactions

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process your requests and transactions
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve user experience
  • Protect against fraudulent or illegal activity

Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using HTTPS/TLS
  • OAuth tokens are encrypted at rest using AES-256-GCM
  • Authentication is managed through WorkOS AuthKit
  • Regular security audits and updates
  • Access controls and role-based permissions

Third-Party Integrations

When you connect third-party services (Jira, Linear), you authorize us to access specific data from those services on your behalf. We only request the minimum permissions necessary to provide the integration functionality.

You can revoke these integrations at any time from your workspace settings.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you delete your account, we will delete your data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications
  • Revoke third-party integration permissions

Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at our contact page.

Create experiences that

your customers love.

Get startedPricing
ProductCustomer journeysAI & AutomationsIntegrationsChangelog
ResourcesPrivacy policyTerms of service
CompanyContact Blog