Legal

Privacy Policy

Last updated: March 2026

1. Privacy Commitment

Krystal Unity Pty Ltd (“Krystal Unity”, “we”, “us”, “our”) is an Australian company committed to protecting the privacy rights of individuals. We operate KrystalView, a session replay and analytics platform (“the Service”).

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). This policy explains what information we collect, how we use it, and your rights in relation to it. By using KrystalView you agree to the practices described here.

2. What We Collect

We collect information in two contexts: details you provide as a KrystalView customer, and analytics data collected by the KrystalView tracker installed on your website.

Account information (customers):

  • Name and email address
  • Company or organisation name
  • Billing information — processed securely via Stripe; we do not store card numbers
  • Account preferences and settings
  • Support and communications history

Analytics data collected by the tracker on your websites:

  • DOM snapshots captured via rrweb for session replay reconstruction
  • Click coordinates and cursor movement for heatmap generation
  • Page URLs and in-session navigation paths
  • Browser user agent strings
  • Viewport dimensions and device type
  • Scroll positions and depth
  • Session duration and event timestamps

3. What We Don’t Collect

KrystalView is designed with privacy as a default. No cookies are set on visitor browsers. No personally identifiable information about your website’s visitors is collected by default.

  • No cookies are used by the KrystalView tracking script
  • No personally identifiable visitor information is collected by default
  • Password input fields are automatically masked and never recorded
  • Any HTML element marked with the data-kv-no-record attribute is excluded from recording entirely
  • No cross-site tracking is performed
  • No data is sold to or shared with advertising networks

4. How We Use Data

We use the information we collect for the following purposes:

  • To deliver, maintain, and improve the KrystalView session replay and analytics services
  • To process payments and manage your subscription
  • To send service communications including usage reports, billing notices, and important product updates
  • To respond to support requests and enquiries
  • To detect and prevent fraud, abuse, or security incidents
  • To improve our product based on aggregated, anonymised usage patterns

We do not use your analytics data for our own marketing or advertising purposes.

5. Data Sharing

We do not sell your personal information or your analytics data to third parties under any circumstances.

We may share information with:

  • Our employees and contractors who require access to deliver the service
  • Professional advisers including legal, accounting, and auditing professionals, where necessary
  • Infrastructure and hosting providers as required for service delivery, subject to confidentiality obligations
  • Payment processor Stripe for billing and subscription management
  • Authorities where required by applicable law or valid legal process

Any third parties we engage are required to handle your information in accordance with applicable privacy laws and our written instructions.

6. GDPR Compliance

For customers and visitors located in the European Economic Area, United Kingdom, or other jurisdictions with equivalent data protection laws, the following applies:

  • Legal basis: We process personal data on the basis of legitimate interest (providing the analytics service you have contracted) and, where required, explicit consent
  • Right to access: You may request a copy of the personal data we hold about you
  • Right to erasure: You may request deletion of your personal data, subject to any legal retention obligations
  • Right to portability: You may request your data in a structured, machine-readable format
  • Right to object: You may object to certain processing activities where we rely on legitimate interest
  • Data Processing Agreements (DPAs): Available upon request for enterprise customers to satisfy Article 28 GDPR requirements

To exercise any of these rights, contact us at hello@krystalunity.com. We will respond within 30 days.

7. Data Retention

Analytics data is retained according to your subscription plan:

  • Free plan: 7 days
  • Pro plan: 90 days
  • Enterprise: Custom retention period as agreed at time of contract

Data is automatically and permanently deleted after the applicable retention period expires. Account information is retained for the duration of your account and for a reasonable period thereafter to satisfy legal obligations or resolve disputes.

8. Security

We implement appropriate physical, electronic, and managerial safeguards to protect your information against unauthorised access, disclosure, alteration, or destruction.

  • Data is hosted within Australia on infrastructure meeting Australian data sovereignty requirements
  • All data is encrypted in transit using TLS 1.2 or higher
  • Data is encrypted at rest
  • Access to production systems is restricted to authorised personnel on a need-to-know basis
  • Security practices are reviewed on a regular basis

While we take all reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights

You have the right to access, correct, or request deletion of personal information we hold about you. You may also export your analytics data at any time through the KrystalView console.

To make a privacy request, contact us at hello@krystalunity.com. We will acknowledge your request within 5 business days and respond fully within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Changes become effective upon posting to this page.

We will notify registered customers of material changes by email or via an in-app notice before they take effect. We encourage you to review this policy periodically. The “Last updated” date at the top of this page indicates when the policy was most recently revised.