Privacy Policy

Last updated: Aug 22, 2022

Updates in this version: Added new marketing cookie provider G2

Data privacy is important. Please read this carefully.

We respect your privacy. This Privacy Policy explains our privacy practices and how we handle the information we process. When you use Aha! Labs Inc. websites, services, applications, and documentation, you are agreeing to the collection, transfer, manipulation, storage, disclosure, and other uses of your information as described in this Privacy Policy.

If you have feedback or suggestions on our Privacy Policy, please email us at [email protected].

At Aha! Labs Inc. (“Aha!”), we respect and protect the privacy of visitors to our website (together with the other accounts and websites we own or control, the “Aha! Websites”), and our customers who use our on-demand product roadmap and marketing planning solution, tools, and services offered on the Aha! Websites (together with the Aha! Websites, the “Service”). This Privacy Policy (“Policy”) explains how we collect and use (“process”) visitors’ and customers’ information as part of the Service. Any discussion of your use of the Service in this Policy is meant to include your visits and other interactions with the Aha! Websites, whether or not you are a customer or user of our on-demand product roadmap and marketing planning solution.

Aha! strives to follow these concepts when it processes personal information:

  1. Transparency. We tell you what we are collecting. We disclose the subprocessors that we use to provide the Service. We do not give, sell, rent, or loan personal information to third parties.

  2. Purpose limitation. We process personal information for the reasons that we tell you when collecting it (or that you tell us). We collect what is necessary to fulfill that purpose.

  3. Security. We take reasonable and appropriate measures to protect personal information.

  4. Individuals rights. We provide you with access to your personal information and allow you to exercise your rights in that information. Opt-out requests are promptly honored.

What information does Aha! process?

“Personal information” is information or an information set that identifies or could be used by or on behalf of Aha! to identify an individual.

We process the following personal information: name, username, address, email, phone, IP address, LinkedIn url, social media handles, credit card, and payment information. Aha! does not seek to collect any sensitive data through the Service (e.g., health status; political opinions or religious/philosophical beliefs; trade-union membership; or racial or ethnic origin).

“Other information” is any information that is not personal information. Other information includes:

  • “Usage Data” is encoded or anonymized information or aggregated data about a group or category of services, features, or users which does not contain personal information. Usage Data helps us understand trends in usage of the Service so that we can better consider new features or otherwise tailor the Service. In addition, we may share Usage Data with customers, partners, and service providers for various purposes which include helping us better understand our customers' needs, improving the Service, as well as for advertising and marketing purposes. We do not share Usage Data with third parties in a way that would enable them to identify you personally.

  • “Log files” are information gathered from website usage which includes internet protocol addresses as well as browser, internet service provider, referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer and maintain the Service, or track usage of various features within the Service. Occasionally (e.g., in response to an error, inquiry, investigations), we may link a specific log file to an individual to improve the Service.

  • “Cookies” are used to assist in collecting Other Information. For more details about how we use cookies, please see our Cookie Notice below.

  • “Web beacons” are tiny graphics with a unique identifier that are used to track online movements of internet users. Unlike cookies, which are stored on a user's computer hard drive, web beacons are embedded invisibly on websites. We also employ web beacons to help us better manage content in the Service by informing us what content is effective or which emails have been opened by recipients. For more details about how we use web beacons, please see our Cookie Notice below.

Why does Aha! process personal information?

We need to process personal information to provide the Service

When you register for the Service, we ask for personal information, such as your name, address, phone number, email address, and credit card information.

Depending on the purpose it is collected for, Aha! uses that information to:

  • Schedule a demo

  • Set up your account

  • Administer your account, including identification, authentication, usage monitoring, security, logging, and back-ups

  • Provide you with technical support

  • Send you newsletters or other marketing materials

  • Consider your job application

  • Answer your questions or suggestions

  • Publish your content or comments

  • Interact with you via social media

  • Facilitate payment for your subscription

  • Conduct research

  • Improve the content and functionality of the Service

In all cases, Aha! has a legal basis for processing personal information and the most common ones are: consent; necessary for the performance of (or at your request prior to entering into) a contract with Aha!; or there is a legitimate interest.

You’ve asked us to

As a customer, you may ask us to process personal information as part of a contractual arrangement (e.g., DPA). In that case, we will only process information for the express purpose that you authorize us to.

When we are legally compelled to disclose it

Aha! may disclose personal information in response to subpoenas, court orders, legal process, lawful requests by public authorities (including to meet national security or law enforcement requirements), or to establish or exercise our legal rights or defend against legal claims. We may also share such information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.

Aha! is not processing your personal data when you link or integrate with a third-party application website

The Service contains links to other websites and allows you to integrate with web applications that are not owned or controlled by Aha! Please be aware that we do not determine and are not responsible for the privacy practices or content of such other sites or applications. Once clicked or enabled, those third parties may share certain information with Aha! We encourage you to be aware when you leave the Service and to check the privacy settings and notices of those third parties to understand what data may be disclosed or processed.

Who does Aha! share personal information with?

Aha! uses subprocessors to assist with the delivery of the Service. These subprocessors have access to personal information only to assist Aha! to process that data as you have authorized. All subprocessors are subject to a check in which Aha! reviews privacy, security, and confidentiality practices. Aha! currently uses the following subprocessors to assist it in providing its on-demand product roadmap and marketing planning solution:

  • Amazon Web Services, Inc. (Cloud service provider) (US)

  • Automattic Inc. (Cloud-based anti-spam service provider) (US)

  • Datadog, Inc. (Cloud-based analytics services) (U.S.)

  • Duo Security, Inc. (Cloud-based trusted access solution) (US)

  • Functional Software, Inc. (Cloud-based error-tracking services) (US)

  • Google Inc. (Cloud service provider) (US)

  • Recurly, Inc. (Cloud-based payment services) (US)

  • The Rocket Science Group, LLC (Cloud-based email notification services) (US)

  • Zendesk, Inc. (Cloud-based customer support services) (US)

Aha! uses the following subprocessors for other areas of its business, separate from the actual provision of its on-demand product roadmap and marketing planning solution:

  • Algolia (Cloud service provider) (US)

  • Calendly (Cloud-based scheduling services) (US)

  • LogMeIn (Cloud-based remote connectivity services) (US)

  • Netlify (Cloud service provider) (US)

  • Slack (Cloud-based communication services) (US)

Aha! does not sell Personal Information.

How long is personal information retained?

Aha! will retain personal information we process on behalf of our customers for as long as needed to provide Service to our customers, subject to our compliance with this Policy (and your rights as you choose to exercise them). We may further retain and use this personal information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate interests.

What rights do you have to personal information?

Access, Correction, Objection, and Portability Rights

You have the right to request access to, rectification of errors in, or erasure of your personal information. You also have the right to object to the processing of your personal data and to receive a copy of your personal information in a structured, commonly used, and machine-readable format. For individuals in the EU, the United Kingdom, or Switzerland, you may always lodge a complaint with your local data protection supervisory authority.

If you wish to exercise the above rights, you can update or change the personal information you have provided Aha! by logging into the Service and providing such additional information where applicable. Be advised that there may be legal conditions or limitations on these rights. If you have additional questions about exercising these rights, please contact us at [email protected].

Opt-Out Rights

If you would like to stop receiving marketing communications from us, either email us at [email protected] or follow the unsubscribe instructions included in each marketing email.

How seriously does Aha! take its data protection obligations? (Answer: Very seriously)

Security of personal information

Aha! is committed to ensuring the security of your personal information through reasonable and appropriate measures to protect it from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.

We utilize precautions to protect the confidentiality and security of the personal information within the Service, by employing technological, physical and administrative security safeguards, such as firewalls and other security procedures. For example, when you enter sensitive information (such as login credentials and all your activity on our Service platform), we encrypt the transmission of that information using transport layer security technology (TLS). These technologies, procedures, and other measures are used in an effort to ensure that your data is safe, secure, and only available to you and to those you authorized to access your data. However, no internet, email, or other electronic transmission is ever fully secure or error-free, so you should take care in deciding what information you send to us in this way.

Privacy Shield notice

Aha! complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield (collectively, “Privacy Shield”). Aha! has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (under both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework) with respect to such information. In cases where Aha! receives personal information under Privacy Shield and subsequently transfer it to a third party subprocessor, Aha! potentially remains responsible if personal information is processed in a manner inconsistent with the Privacy Shield Principles.

If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit

In compliance with the Privacy Shield Principles, Aha! commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union, the United Kingdom, or Switzerland with inquiries or complaints regarding our Privacy Shield policy should first email Aha! at [email protected]. If a complaint remains unresolved, Aha! has committed to refer such Privacy Shield complaints through the applicable Data Protection Authorities. Contact details for the EU data protection authorities can be found at Contact details for the UK Information Commissioner’s Office (ICO) can be found at Contact details for theFederal Data Protection and Information Commissioner (FDPIC) for individuals in Switzerland can be found at Aha! will cooperate with the appropriate Data Protection Authorities during investigation and resolution of complaints brought under Privacy Shield. These recourse mechanisms are available at no cost to you.

The Federal Trade Commission has jurisdiction over Aha!'s compliance with this Policy and the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. As a last resort, privacy complaints that remain unresolved after pursuing the above channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission. For more details, see

No use of Aha! by minors

Aha! does not knowingly collect personal information from individuals below the age of 18. If we learn that we have collected or received personal data from an individual under 18 without verification of parental consent, we will delete that information. If you believe Aha! might have any personal information from or about a child under 18, please contact [email protected].

California privacy rights

The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their personal information. You have the right to know that we may have collected the following Personal Information directly from you:

Category of Personal Information

Purpose for collection

Disclosed for a business purpose?

Sold for a business purpose?

Identifiers (ex. name, online identifier, email, name, username, address, email, phone, social media handles or urls)

Performing services at your request, which include facilitating your access to and use of the Service and responding to direct communications

Yes — only to services providers /subprocessors listed in the “Who does Aha! share personal information with?” section above


Personal Information categories listed in the California Customer records statute (ex. name, email, address, telephone number, credit card number, payment information, education, employment history)

Performing services at your request, which include facilitating your access to and use of the Service and reviewing employment applications

Yes — only to services providers /subprocessors listed in the “Who does Aha! share personal information with?” section above


Internet activity (ex. details about interactions with the Service)

Administering and maintaining the Service, including linking a log file to an individual to improve the Service.

Yes — only to services providers /subprocessors listed in the “Who does Aha! share personal information with?” section above


Geolocation data (ex. IP address)

Verifying U.S. sanctions compliance

Yes — only to services providers /subprocessors listed in the “Who does Aha! share personal information with?” section above


Professional or employment-related information

Performing services at your request, which include reviewing employment applications

Yes — only to services providers /subprocessors listed in the “Who does Aha! share personal information with?” section above


Aha! does not sell Personal Information.

California residents have the right to request that we disclose to you certain information about our collection and use of your Personal Information over the past 12 months. After we receive and verify your request, we will disclose:

  1. The categories of Personal Information we collected about you;

  2. The categories of sources for that Personal Information;

  3. Our business or commercial purpose for collecting or selling that Personal Information;

  4. The categories of third parties with whom we share that Personal Information;

  5. The specific pieces of your Personal Information we have collected; and

  6. If we sold or disclosed that Personal Information for a business purpose, two separate lists of what was sold and what was disclosed and the categories of Personal Information in each case.

You also have the right to request that we delete your Personal Information from our records and direct any service providers to delete that Personal Information from their records. After we receive and verify your request, we will delete that Personal Information unless a legal exception applies.

Any request to exercise your CCPA rights should be submitted either via email to [email protected] or via phone to 888-926-2240. We will not discriminate against you for exercising any of your above rights, including: denying you access to the Service; charging you a different price to access the Service; providing you a different level of service; or suggesting that you may receive a different price or level of service.

When does Aha! update this Policy?

We may change this Policy from time to time. We will post the changes to this page. If we make changes that materially alter your privacy rights, Aha! will provide additional notice. If you disagree with changes to this Policy, you should deactivate your account for the Service. Your continued use of the Service constitutes your agreement to be bound by such changes to this Policy.

Who can you contact with questions about privacy?

To exercise any of the rights mentioned in this Policy or if you have questions regarding this Policy, please email us at [email protected].

To make our website and other communications related to the Service work properly, we sometimes place small text files (cookies) on your device when you use the Service.This Cookie Policy (the “Policy”) provides information about how and when we use cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy.

A “cookie” is a small software file stored temporarily or placed on your computer's hard drive. The main purpose of a cookie is to allow a web server to identify your computer and web browser and then tailor web pages and login information to your preferences. Cookies last for one of two time periods:

  • “Session-based cookies” last only while your browser is open and are automatically deleted when you close your browser.

  • “Persistent cookies” last until you or your browser delete them or until they expire.

Cookies help us promptly display the information you need to use the capabilities of the Service and other information which we consider to be of interest to you. Cookies do not typically contain personal information but can be linked to personal information that you have already provided us. By gathering and remembering information about your website preferences through cookies, we can provide a better web and marketing experience.

Does Aha! use cookies?

Yes. When you use the Service, we utilize session cookies, which allow us to uniquely identify your browser while you are logged in and to process your online transactions. Session cookies disappear from your computer when you close your web browser or turn off your computer.

We also utilize persistent cookies to identify you as an Aha! customer, agent, or end user and make it easier for you to log into and use the Service. Persistent cookies remain on your computer after you close your web browser or turn off your computer.

The above-described cookies are further categorized as follows:

  • “Essential cookies” are critical to the functionality of the Service. We use these cookies to keep a user logged into the Service and remember relevant information when the user returns to the Service.

  • “Functional cookies” track users' activities in the Service, understand their preferences, and improve their user experience. These cookies can also be used to remember customizable configurations of the Service.

  • Third-party providers serve a variety of “marketing cookies” that enable us to track and analyze usage, navigation, and other statistical information from visitors to the Aha! Websites. This information alone is not personal information, though it can be associated with personal information. Marketing cookies are also used to track the performance of our advertisements and are employed by third-party advertising networks that we utilize. These ad networks follow online activities of visitors to the Aha! Websites and use this information to inform, optimize, and serve tailored advertisements on the Aha! Websites or on other websites you visit that we believe would most effectively promote the Service to you. We also use third parties to collect information that assists us in other methods of “remarketing” our Service to visitors to the Aha! Websites, including customized email communications.

What cookies does Aha! use in the Service?

Aha! uses the following cookies in the Service:





Aha! sessions and login




Aha! performance


Various under 1 day

Datadog and Aha!

Aha! videos


2 years


Aha! support sessions


Various under 1 year


Aha! billing


Various under 1 year


Aha! analytics


Various under 2 years




Various under 2 years

Google and Aha!



Various, up to 5 years

Crazy Egg*



Various under 2 years




Various under 2 years




Various under 90 days

Facebook and Aha!



Various under 2 years




Various under 2 years




Various under 5 years

The Trade Desk



Various under 13 months


*For more information on the privacy practices of Crazy Egg, click here.

How does Aha! use cookies in its product roadmap and marketing planning solutions?

Aha! restricts the use of marketing cookies in its product roadmap and marketing planning solutions. Aha! does not use marketing cookies on pages that display your product roadmap and marketing planning data. Aha! does use the above Google Analytics cookies on some public pages such as login screens. If consent is required for any of those cookies and consent has not already been received, then the cookie will not be set.

Can cookies be turned off?

You can generally accept or decline the use of cookies through functionality built into your web browser. We obtain consent for placement of non-essential cookies in jurisdictions that require it. To revoke your consent, you should delete the cookies.

If you want to learn more about cookies or how to control or delete them, please visit for detailed guidance. In addition, certain third-party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here. To learn more about this feature from Crazy Egg, click here. Please note that if you do elect to disable your web browser's ability to accept cookies, you may not be able to access or take advantage of many features of the Service.

It is our hope that you find the display of advertising to you based on your anonymous interests valuable. If you would prefer not to participate in the services offered through these solutions, you can always opt-out of tailored advertising for services that support opt-out by visiting the Network Advertising Initiative (NAI) website by clicking: here.

How does Aha! respond to Do Not Track signals?

Currently, there is no consensus on what “Do Not Track” means and how to respond to “Do Not Track” signals. For that reason, we do not respond to those signals. Be advised that third parties linked from or integrated with the Service set their own policies regarding responses to Do Not Track signals.