Terms of Service

By accessing or using the Webrec service ("Service"), including our website at webrec.app, APIs (api.webrec.app), SDKs (webrec), and related tools, you agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you and Rouic Ltd ("Webrec", "we", "us", "our"), a company registered in England and Wales.

If you are using the Service on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms, and "you" refers to both you individually and the organisation.

In these Terms, the following definitions apply:

To use the Service, you must create an account by providing accurate, current, and complete information. You agree to update this information promptly if it changes.

• Eligibility: you must be at least 18 years old to create an account.
• Individual accounts: each account is for use by a single individual. You may not share your login credentials with others. Multiple individuals should use separate accounts within a shared Organisation.
• Authentication: you may register using email and password, or via Google or GitHub OAuth. You are responsible for maintaining the confidentiality of your authentication credentials.
• Security: you must notify us immediately at support@webrec.app if you become aware of any unauthorised access to your account.
• Responsibility: you are responsible for all activity that occurs under your account, whether or not authorised by you.

Webrec provides a session recording, replay, error tracking, heatmap analytics, and web analytics platform that helps website and application owners understand how their users interact with their products. The Service includes:

• Session recording and replay: the SDK captures DOM mutations, user interactions, network requests, and console output for faithful session replay
• Error tracking: automatic capture of JavaScript errors, stack traces, and console logs with session context
• Heatmaps: click, scroll, and attention heatmaps generated from recorded session data
• Web analytics: page views, user journeys, and engagement metrics
• Performance monitoring: Core Web Vitals (LCP, CLS, INP) and page load performance
• AI features (optional): AI-powered session summaries, error analysis, and insights (where enabled)
• Self-hosted option: the ability to deploy Webrec on your own infrastructure for full data control

We offer a free plan with the following limitations:

• Up to 100 recorded sessions per month
• 7-day data retention
• Single project
• Limited feature set as described on our pricing page

6.1 Subscription

Paid subscriptions are billed in advance on a monthly or annual basis via Stripe, our payment processor. By subscribing to a paid plan, you authorise us to charge the applicable fees to your chosen payment method.

6.2 Metered Usage and Spend Limits

Certain plans include metered usage for sessions beyond the plan's included allowance. Overage charges are calculated based on the number of additional sessions recorded during the billing period and are billed at the end of each billing cycle.

You may set a spend limit in your account settings to cap overage charges. Once the spend limit is reached, recording will pause for the remainder of the billing cycle unless you increase the limit or upgrade your plan.

6.3 Price Changes

We may change our pricing with at least 30 days' written notice. Price changes will take effect at the start of your next billing cycle following the notice period. If you do not agree to a price change, you may cancel your subscription before the new pricing takes effect.

6.4 Refunds

All fees are non-refundable except as expressly stated in these Terms or as required by applicable law. If you believe you have been incorrectly charged, contact us at support@webrec.app within 30 days of the charge.

6.5 Failed Payments

If a payment fails, we will attempt to charge your payment method again over the following days. If payment remains unsuccessful after reasonable attempts, we may downgrade your account to the free plan or suspend your access to the Service.

7.1 Uptime Commitment

For customers on paid plans, Webrec targets the following monthly uptime percentages for the hosted Service (dashboard and ingest API):

7.2 Scheduled Maintenance

Scheduled maintenance windows are excluded from uptime calculations. We will provide at least 48 hours' advance notice of scheduled maintenance via email and our status page. Maintenance will be scheduled during low-traffic hours (typically 02:00 -- 06:00 UTC on weekdays) whenever possible.

7.3 Service Credits

If we fail to meet the uptime target for your plan in any given calendar month, you may request a service credit. Credits are applied to your next billing cycle and must be requested within 30 days of the month in which the downtime occurred. The maximum credit in any month shall not exceed 30% of your monthly subscription fee. Credits are your sole and exclusive remedy for downtime.

7.4 Exclusions

The uptime commitment does not cover downtime caused by:

• Force majeure events (natural disasters, war, pandemics, government actions)
• Failures of third-party services, networks, or infrastructure outside our control
• Customer-side issues (misconfigured SDK, firewall rules, DNS)
• Planned maintenance with advance notice
• Abuse or excessive load generated by the Customer in violation of acceptable use terms

7.5 Self-Hosted Deployments

If you deploy Webrec on your own infrastructure using the self-hosted option, uptime and availability are entirely your responsibility. This SLA applies only to the Webrec hosted Service.

For Session Data collected via the Webrec SDK, the following roles apply:

• Customer = Data Controller: you determine the purposes and means of collecting End User data via the SDK. You decide what data to collect, which users to record, and how to configure privacy controls.
• Webrec = Data Processor: we process Session Data solely on your behalf and in accordance with your instructions, as set out in our Data Processing Agreement (Section 19).

For Customer account data (your profile, billing, and dashboard usage), Webrec acts as the Data Controller. See our Privacy Policy for full details.

As a Customer deploying the Webrec SDK on your website or application, you are responsible for:

• Legal compliance: complying with all applicable laws and regulations, including GDPR, UK GDPR, CCPA/CPRA, the ePrivacy Directive, and any other relevant data protection legislation
• Notice to End Users: informing your End Users that session recording is active, what data is collected, and how it is used. This must be done through your own privacy policy and, where required, through a cookie or consent banner
• Consent and opt-out: obtaining any consents required by applicable law before recording End Users, and providing a mechanism for End Users to opt out of recording
• Sensitive data: ensuring that sensitive personal data (payment card numbers, health records, government IDs, passwords) is excluded from recordings using the wr-block class, input masking, or other SDK configuration options
• Data subject requests: responding to data subject access, rectification, erasure, and portability requests from your End Users. We provide tools to assist with these requests
• Children: not using the SDK to record sessions of users known to be under 16 without verifiable parental consent where required by law

The Webrec SDK includes the following privacy controls that Customers should configure appropriately:

You agree not to use the Service to:

• Illegal activity: engage in any illegal activity or violate any applicable law or regulation
• Sensitive data collection: collect sensitive personal data (e.g., payment card numbers, health records, government IDs) without implementing appropriate safeguards and obtaining required consent
• Recording minors: record sessions of users who are minors without parental consent where required by law
• Scraping and crawling: scrape, crawl, or systematically access the Service for purposes other than using its intended features, including automated data extraction from the dashboard, replay pages, or API beyond your plan's limits
• Reverse engineering: attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code of the Service (except where permitted by applicable open-source licences or mandatory law)
• Service disruption: interfere with, disrupt, or overload the integrity or performance of the Service or its underlying infrastructure, including denial-of-service attacks, intentional load testing without prior written approval, or exploiting vulnerabilities
• Competitive use: use the Service to develop a competing product or service, or benchmark the Service for publication without our prior written consent
• Usage manipulation: exceed the usage limits of your subscription plan through automated, fraudulent, or abusive means, including inflating session counts, creating multiple free accounts to circumvent limits, or spoofing API keys
• Malware and harmful code: transmit malware, viruses, worms, ransomware, or any other harmful code through the Service, or use the Service to host or distribute phishing content
• Impersonation: impersonate another person or entity, or misrepresent your affiliation with a person or entity
• Surveillance: use session recordings for employee surveillance, keystroke logging of individuals without their knowledge, or any purpose that violates applicable workplace monitoring laws
• Resale: resell, sublicense, or redistribute access to the Service to third parties without our prior written consent, except where you are embedding Webrec as part of a platform offering with appropriate agreements in place
• Credential sharing: share API keys, login credentials, or authentication tokens with unauthorised parties, or publish them in public repositories or client-side code

12.1 Authentication

All API requests must be authenticated using a valid API key (prefixed wr_) issued through your project settings. API keys are scoped to individual projects and must not be shared, embedded in client-side code, or committed to public repositories.

12.2 Rate Limits

API requests are subject to per-plan rate limits to ensure fair usage and platform stability:

If you exceed your rate limit, the API will return 429 Too Many Requests with a Retry-After header indicating when you may retry.

12.3 Permitted Use

The API may be used to:

• Retrieve session recordings, analytics data, and error reports for your projects
• Manage projects, team members, and SDK configurations programmatically
• Integrate Webrec data into your own internal tools, dashboards, and workflows
• Export your data for backup, migration, or compliance purposes

12.4 Prohibited Use

The API must not be used to:

• Bulk-export data for use in a competing product or service
• Circumvent usage limits, billing, or access controls
• Perform automated testing or load testing against the production API without prior written approval
• Access or attempt to access data belonging to other customers

12.5 Versioning and Deprecation

We will provide at least 90 days' notice before deprecating any API endpoint or introducing breaking changes. Deprecated endpoints will continue to function during the notice period to allow migration. Major version changes will be communicated via email and our developer documentation.

13.1 Our Property

The Service, including all proprietary software, algorithms, designs, user interfaces, documentation, trademarks, and brand features, is owned by Rouic Ltd and protected by intellectual property laws. These Terms do not grant you any right, title, or interest in the Service beyond the limited right to use it in accordance with these Terms.

13.2 Your Data

You retain all ownership rights to your Customer Data and Session Data. By using the Service, you grant us a limited, non-exclusive, worldwide licence to process, store, and display your data solely to provide and improve the Service. This licence terminates when you delete your data or close your account.

13.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a non-exclusive, royalty-free, perpetual, irrevocable licence to use and incorporate such feedback into the Service without obligation or compensation to you.

Portions of the Webrec software, including the SDK and replay engine, are released under open-source licences. Your use of these components is subject to their respective licence terms. These Terms govern your use of the Webrec hosted Service, not the open-source software itself. Where there is a conflict between these Terms and an applicable open-source licence, the open-source licence prevails for the relevant component.

We strive to maintain high availability of the Service but do not guarantee uninterrupted access. We may perform scheduled maintenance with reasonable advance notice. We are not liable for any downtime, data loss, or service interruptions caused by factors outside our reasonable control, including but not limited to force majeure events, third-party service outages, network disruptions, or acts of government.

For paid plans, service level commitments are described in Section 7 (Uptime and Service Level Agreement) above and form part of these Terms.

16.1 Exclusion of Indirect Damages

To the maximum extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, goodwill, or business opportunities, arising from or related to these Terms or the use of the Service, regardless of the cause of action or theory of liability (whether in contract, tort, negligence, or otherwise), even if the party has been advised of the possibility of such damages.

16.2 Cap on Liability

Our total aggregate liability for any and all claims arising from or related to these Terms or the Service shall not exceed the greater of: (a) the total amount you paid to us in the twelve (12) months preceding the event giving rise to the claim, or (b) fifty pounds sterling (£50).

16.3 Exceptions

Nothing in these Terms shall limit or exclude either party's liability for: (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any other liability that cannot be lawfully limited or excluded.

You agree to indemnify, defend, and hold harmless Rouic Ltd, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

• Your use of the Service in violation of these Terms
• Your violation of any applicable law, regulation, or third-party right
• Your deployment of the SDK without adequate notice, consent, or privacy controls as required by applicable law
• Any claim by an End User or third party arising from your collection or use of Session Data
• Content or data you upload, store, or process through the Service

18.1 Termination by You

You may terminate your account at any time through the account settings in the dashboard. Upon termination, you will lose access to the Service and all associated data. If you are on a paid plan, no refund will be issued for the remaining period of your current billing cycle unless required by applicable law.

18.2 Termination by Us

We may suspend or terminate your access to the Service if:

• You breach these Terms and fail to remedy the breach within 14 days of written notice (where the breach is capable of remedy)
• You fail to pay applicable fees after reasonable notice and opportunity to cure
• We reasonably believe your use poses a security risk to the Service or other users
• We are required to do so by law
• We cease to offer the Service (with at least 90 days' notice)

18.3 Effect of Termination

Upon termination:

• Your right to use the Service ceases immediately
• We will retain your Customer Data and Session Data for 30 days, during which you may request an export
• After 30 days, we will permanently delete all your data in accordance with our data retention policies
• Sections that by their nature should survive termination (including Limitation of Liability, Indemnification, Governing Law, and Dispute Resolution) shall survive

19.1 Scope and Purpose

The Data Processor processes personal data solely for the purpose of providing the Service as described in these Terms. The subject matter is the recording, storage, replay, and analysis of End User sessions on the Data Controller's websites or applications.

19.2 Categories of Personal Data

The categories of personal data processed include:

19.3 Categories of Data Subjects

Data subjects are End Users of the Data Controller's websites or applications.

19.4 Obligations of the Data Processor

Webrec, as Data Processor, shall:

1. Documented instructions: process personal data only on documented instructions from the Controller, including with regard to international transfers
2. Confidentiality: ensure that all personnel authorised to process personal data have committed to confidentiality obligations
3. Security measures: implement appropriate technical and organisational security measures, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, and audit logging
4. Sub-processors: engage sub-processors only with prior general authorisation from the Controller, and ensure equivalent data protection obligations via written contracts
5. Data subject rights: assist the Controller in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) by providing appropriate tools and capabilities
6. Compliance assistance: assist the Controller in meeting obligations related to security, breach notification, data protection impact assessments, and prior consultation with supervisory authorities
7. Deletion or return: at the Controller's election, delete or return all personal data upon termination of the Service, and delete existing copies unless EU/UK law requires continued storage
8. Audit rights: make available all information necessary to demonstrate compliance with GDPR Article 28 obligations and allow for and contribute to audits and inspections

19.5 Sub-processors

The following sub-processors are currently engaged in the processing of End User data:

We will notify Customers at least 14 days before engaging a new sub-processor. If you object to a new sub-processor, you may terminate the Service by providing written notice within 14 days of our notification.

19.6 Data Breach Notification

The Data Processor shall notify the Data Controller without undue delay (and in any event within 48 hours) after becoming aware of a personal data breach affecting End User data. The notification shall include:

• The nature of the breach
• Categories of data and approximate number of records affected
• Likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate potential adverse effects

19.7 International Transfers

Primary data processing occurs in the UK (europe-west2). Where personal data is transferred outside the EEA/UK (e.g., to sub-processors), the transfer is protected by:

• Standard Contractual Clauses (SCCs) adopted by the European Commission
• UK International Data Transfer Agreement or Addendum
• An applicable adequacy decision

19.8 Duration

This DPA shall remain in effect for the duration of the Controller's use of the Service and until all personal data has been deleted or returned in accordance with Section 19.4.

20.1 Webrec as a Service Provider

When processing Session Data on behalf of Customers, Webrec acts as a "Service Provider" as defined under the CCPA. We process personal information solely for the business purposes specified in these Terms and our Privacy Policy. We do not sell or share (as defined by the CCPA) personal information collected on behalf of Customers.

20.2 Categories of Personal Information

The categories of personal information we may process in connection with the Service include:

20.3 No Sale of Personal Information

Webrec does not sell personal information and has not sold personal information in the preceding 12 months. We do not share personal information for cross-context behavioural advertising.

20.4 Rights of California Residents

If you are a California resident, you have the right to:

• Know: request disclosure of the categories and specific pieces of personal information we have collected about you
• Delete: request deletion of personal information we have collected from you
• Correct: request correction of inaccurate personal information
• Opt out of sale/sharing: although we do not sell or share personal information, you may submit an opt-out request at any time
• Non-discrimination: exercise your privacy rights without receiving discriminatory treatment

To exercise any of these rights, contact us at privacy@webrec.app. We will respond to verifiable consumer requests within 45 days.

20.5 Customer Obligations under CCPA

If your End Users include California residents, you are responsible for providing the required CCPA notices (including a "Do Not Sell or Share My Personal Information" link where applicable) and honoring consumer rights requests. We will assist you in fulfilling such requests to the extent they relate to Session Data we process on your behalf.

We may modify these Terms from time to time. We will provide at least 30 days' written notice of material changes by email to the address associated with your account and by posting a notice on our website.

Non-material changes (such as clarifications or formatting updates) may be made without prior notice. The "Last updated" date at the top of these Terms will always reflect the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Terms. If you do not agree to the modified Terms, you must stop using the Service and terminate your account before the changes take effect.

These Terms are governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles.

Any disputes arising from or related to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Before initiating formal legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation. Either party may initiate a resolution discussion by sending written notice to the other party. If the dispute is not resolved within 30 days, either party may proceed to court.

• Entire Agreement: these Terms, together with our Privacy Policy and Cookie Policy, constitute the entire agreement between you and Webrec regarding the Service.
• Severability: if any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
• Waiver: our failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.
• Assignment: you may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations without your consent in connection with a merger, acquisition, or sale of all or substantially all of our assets.
• Force Majeure: neither party shall be liable for failures or delays in performance resulting from circumstances beyond its reasonable control, including natural disasters, war, terrorism, epidemics, government actions, or internet or telecommunications failures.

If you have any questions about these Terms, please contact us:

• Legal inquiries: legal@webrec.app
• Privacy inquiries: privacy@webrec.app
• General support: support@webrec.app

Rouic Ltd, registered in England and Wales.