Terms of Service

Last updated: 23 March 2026

1. Acceptance of Terms

By accessing or using the Webrec service ("Service"), including our website at webrec.app, APIs (api.webrec.app), SDKs (@webrec/sdk), and related tools, you agree to be bound by these Terms of Service ("Terms"). These Terms constitute a legally binding agreement between you and Rouic Ltd ("Webrec", "we", "us", "our"), a company registered in England and Wales.

If you are using the Service on behalf of an organisation, you represent and warrant that you have the authority to bind that organisation to these Terms, and "you" refers to both you individually and the organisation.

If you do not agree to these Terms, you must not access or use the Service.

2. Definitions

In these Terms, the following definitions apply:

  • "Service" means the Webrec platform, including the website (webrec.app), dashboard, APIs, SDKs, documentation, and all related tools and features.
  • "Customer" (or "you") means any individual or entity that creates a Webrec account and uses the Service.
  • "End User" means a visitor or user of a website or application on which the Customer has deployed the Webrec SDK.
  • "Customer Data" means all data that the Customer uploads, submits, or generates through the Service, including project configurations, team settings, and account information.
  • "Session Data" means the session recording data, analytics data, error data, and related telemetry collected by the Webrec SDK from End Users on the Customer's behalf.
  • "SDK" means the Webrec software development kit (@webrec/sdk) that Customers integrate into their websites or applications to collect Session Data.
  • "Organisation" means a collaborative workspace within the Service where multiple Customers can share projects and data.

3. Account Registration

To use the Service, you must create an account by providing accurate, current, and complete information. You agree to update this information promptly if it changes.

  • Eligibility: you must be at least 18 years old to create an account.
  • Individual accounts: each account is for use by a single individual. You may not share your login credentials with others. Multiple individuals should use separate accounts within a shared Organisation.
  • Authentication: you may register using email and password, or via Google or GitHub OAuth. You are responsible for maintaining the confidentiality of your authentication credentials.
  • Security: you must notify us immediately at support@webrec.app if you become aware of any unauthorised access to your account.
  • Responsibility: you are responsible for all activity that occurs under your account, whether or not authorised by you.

4. Service Description

Webrec provides a session recording, replay, error tracking, heatmap analytics, and web analytics platform that helps website and application owners understand how their users interact with their products. The Service includes:

  • Session recording and replay: the SDK captures DOM mutations, user interactions, network requests, and console output for faithful session replay
  • Error tracking: automatic capture of JavaScript errors, stack traces, and console logs with session context
  • Heatmaps: click, scroll, and attention heatmaps generated from recorded session data
  • Web analytics: page views, user journeys, and engagement metrics
  • Performance monitoring: Core Web Vitals (LCP, CLS, INP) and page load performance
  • AI features (optional): AI-powered session summaries, error analysis, and insights (where enabled)
  • Self-hosted option: the ability to deploy Webrec on your own infrastructure for full data control

5. Free Plan

We offer a free plan with the following limitations:

  • Up to 100 recorded sessions per month
  • 7-day data retention
  • Single project
  • Limited feature set as described on our pricing page

The free plan is provided "as is" without any service level agreement (SLA). We reserve the right to modify the free plan's features and limitations at any time. Free plan accounts that remain inactive for 12 consecutive months may be deleted after providing 30 days' notice.

6.1 Subscription

Paid subscriptions are billed in advance on a monthly or annual basis via Stripe, our payment processor. By subscribing to a paid plan, you authorise us to charge the applicable fees to your chosen payment method.

6.2 Metered Usage and Spend Limits

Certain plans include metered usage for sessions beyond the plan's included allowance. Overage charges are calculated based on the number of additional sessions recorded during the billing period and are billed at the end of each billing cycle.

You may set a spend limit in your account settings to cap overage charges. Once the spend limit is reached, recording will pause for the remainder of the billing cycle unless you increase the limit or upgrade your plan.

6.3 Price Changes

We may change our pricing with at least 30 days' written notice. Price changes will take effect at the start of your next billing cycle following the notice period. If you do not agree to a price change, you may cancel your subscription before the new pricing takes effect.

6.4 Refunds

All fees are non-refundable except as expressly stated in these Terms or as required by applicable law. If you believe you have been incorrectly charged, contact us at support@webrec.app within 30 days of the charge.

6.5 Failed Payments

If a payment fails, we will attempt to charge your payment method again over the following days. If payment remains unsuccessful after reasonable attempts, we may downgrade your account to the free plan or suspend your access to the Service.

7. Data Processing

For Session Data collected via the Webrec SDK, the following roles apply:

  • Customer = Data Controller: you determine the purposes and means of collecting End User data via the SDK. You decide what data to collect, which users to record, and how to configure privacy controls.
  • Webrec = Data Processor: we process Session Data solely on your behalf and in accordance with your instructions, as set out in our Data Processing Agreement (Section 17).

For Customer account data (your profile, billing, and dashboard usage), Webrec acts as the Data Controller. See our Privacy Policy for full details.

8. Customer Responsibilities

As a Customer deploying the Webrec SDK on your website or application, you are responsible for:

  • Legal compliance: complying with all applicable laws and regulations, including GDPR, UK GDPR, CCPA, the ePrivacy Directive, and any other relevant data protection legislation
  • Notice to End Users: informing your End Users that session recording is active, what data is collected, and how it is used. This must be done through your own privacy policy and, where required, through a cookie or consent banner
  • Consent and opt-out: obtaining any consents required by applicable law before recording End Users, and providing a mechanism for End Users to opt out of recording
  • Sensitive data: ensuring that sensitive personal data (payment card numbers, health records, government IDs, passwords) is excluded from recordings using the wr-block class, input masking, or other SDK configuration options
  • Data subject requests: responding to data subject access, rectification, erasure, and portability requests from your End Users. We provide tools to assist with these requests
  • Children: not using the SDK to record sessions of users known to be under 16 without verifiable parental consent where required by law

9. Privacy Controls

The Webrec SDK includes the following privacy controls that Customers should configure appropriately:

  • wr-block class: add this CSS class to any HTML element to completely exclude it from session recordings. The element and all its children will be replaced with a placeholder in the replay
  • data-wr-block attribute: an alternative to the CSS class for element blocking
  • Input masking: enabled by default. All form input values are replaced with asterisks in recordings. This can be configured per-element
  • Do Not Track (DNT): the SDK respects the browser's DNT header by default. When DNT is set, no recording occurs
  • Global Privacy Control (GPC): the SDK respects the GPC signal by default. When GPC is set, no recording occurs
  • Programmatic control: the SDK provides methods to start, stop, and pause recording programmatically, enabling integration with your own consent management platform

10. Acceptable Use

You agree not to use the Service to:

  • Engage in any illegal activity or violate any applicable law or regulation
  • Collect sensitive personal data (e.g., payment card numbers, health records, government IDs) without implementing appropriate safeguards and obtaining required consent
  • Record sessions of users who are minors without parental consent where required by law
  • Scrape, crawl, or systematically access the Service for purposes other than using its intended features
  • Attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code of the Service (except where permitted by applicable open-source licences or mandatory law)
  • Interfere with, disrupt, or overload the integrity or performance of the Service or its underlying infrastructure
  • Use the Service to develop a competing product or service
  • Exceed the usage limits of your subscription plan through automated, fraudulent, or abusive means
  • Transmit malware, viruses, or any other harmful code through the Service
  • Impersonate another person or entity, or misrepresent your affiliation with a person or entity

We reserve the right to suspend or terminate your account if we reasonably determine that you have violated this section, with or without prior notice depending on the severity of the violation.

11. Intellectual Property

11.1 Our Property

The Service, including all proprietary software, algorithms, designs, user interfaces, documentation, trademarks, and brand features, is owned by Rouic Ltd and protected by intellectual property laws. These Terms do not grant you any right, title, or interest in the Service beyond the limited right to use it in accordance with these Terms.

11.2 Your Data

You retain all ownership rights to your Customer Data and Session Data. By using the Service, you grant us a limited, non-exclusive, worldwide licence to process, store, and display your data solely to provide and improve the Service. This licence terminates when you delete your data or close your account.

11.3 Feedback

If you provide feedback, suggestions, or ideas about the Service, you grant us a non-exclusive, royalty-free, perpetual, irrevocable licence to use and incorporate such feedback into the Service without obligation or compensation to you.

12. Open Source Components

Portions of the Webrec software, including the SDK and replay engine, are released under open-source licences. Your use of these components is subject to their respective licence terms. These Terms govern your use of the Webrec hosted Service, not the open-source software itself. Where there is a conflict between these Terms and an applicable open-source licence, the open-source licence prevails for the relevant component.

13. Service Availability

We strive to maintain high availability of the Service but do not guarantee uninterrupted access. We may perform scheduled maintenance with reasonable advance notice. We are not liable for any downtime, data loss, or service interruptions caused by factors outside our reasonable control, including but not limited to force majeure events, third-party service outages, network disruptions, or acts of government.

For paid plans, service level commitments (if any) are described on our pricing page and form part of these Terms.

14. Limitation of Liability

14.1 Exclusion of Indirect Damages

To the maximum extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, goodwill, or business opportunities, arising from or related to these Terms or the use of the Service, regardless of the cause of action or theory of liability (whether in contract, tort, negligence, or otherwise), even if the party has been advised of the possibility of such damages.

14.2 Cap on Liability

Our total aggregate liability for any and all claims arising from or related to these Terms or the Service shall not exceed the greater of: (a) the total amount you paid to us in the twelve (12) months preceding the event giving rise to the claim, or (b) fifty pounds sterling (£50).

14.3 Exceptions

Nothing in these Terms shall limit or exclude either party's liability for: (a) death or personal injury caused by negligence, (b) fraud or fraudulent misrepresentation, or (c) any other liability that cannot be lawfully limited or excluded.

15. Indemnification

You agree to indemnify, defend, and hold harmless Rouic Ltd, its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from or related to:

  • Your use of the Service in violation of these Terms
  • Your violation of any applicable law, regulation, or third-party right
  • Your deployment of the SDK without adequate notice, consent, or privacy controls as required by applicable law
  • Any claim by an End User or third party arising from your collection or use of Session Data
  • Content or data you upload, store, or process through the Service

16. Termination

16.1 Termination by You

You may terminate your account at any time through the account settings in the dashboard. Upon termination, you will lose access to the Service and all associated data. If you are on a paid plan, no refund will be issued for the remaining period of your current billing cycle unless required by applicable law.

16.2 Termination by Us

We may suspend or terminate your access to the Service if:

  • You breach these Terms and fail to remedy the breach within 14 days of written notice (where the breach is capable of remedy)
  • You fail to pay applicable fees after reasonable notice and opportunity to cure
  • We reasonably believe your use poses a security risk to the Service or other users
  • We are required to do so by law
  • We cease to offer the Service (with at least 90 days' notice)

16.3 Effect of Termination

Upon termination:

  • Your right to use the Service ceases immediately
  • We will retain your Customer Data and Session Data for 30 days, during which you may request an export
  • After 30 days, we will permanently delete all your data in accordance with our data retention policies
  • Sections that by their nature should survive termination (including Limitation of Liability, Indemnification, Governing Law, and Dispute Resolution) shall survive

17. Data Processing Agreement (GDPR)

This section constitutes a Data Processing Agreement ("DPA") between you ("Data Controller") and Webrec ("Data Processor") in accordance with Article 28 of the GDPR and UK GDPR. This DPA applies to the processing of End User personal data collected via the Webrec SDK.

17.1 Scope and Purpose

The Data Processor processes personal data solely for the purpose of providing the Service as described in these Terms. The subject matter is the recording, storage, replay, and analysis of End User sessions on the Data Controller's websites or applications.

17.2 Categories of Personal Data

The categories of personal data processed include:

  • Session recording data (DOM snapshots, user interactions, page transitions)
  • Technical identifiers (anonymous session IDs, optionally user IDs provided by the Controller)
  • Device and browser information (user agent, screen resolution, viewport size)
  • Network request metadata (URLs, HTTP methods, status codes, timing)
  • Error data (JavaScript errors, stack traces, console output)
  • Performance metrics (Core Web Vitals, page load timing)

17.3 Categories of Data Subjects

Data subjects are End Users of the Data Controller's websites or applications.

17.4 Obligations of the Data Processor

Webrec, as Data Processor, shall:

  • Process personal data only on documented instructions from the Controller, including with regard to international transfers
  • Ensure that all personnel authorised to process personal data have committed to confidentiality obligations
  • Implement appropriate technical and organisational security measures, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, and audit logging
  • Engage sub-processors only with prior general authorisation from the Controller, and ensure equivalent data protection obligations via written contracts
  • Assist the Controller in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) by providing appropriate tools and capabilities
  • Assist the Controller in meeting obligations related to security, breach notification, data protection impact assessments, and prior consultation with supervisory authorities
  • At the Controller's election, delete or return all personal data upon termination of the Service, and delete existing copies unless EU/UK law requires continued storage
  • Make available all information necessary to demonstrate compliance with GDPR Article 28 obligations and allow for and contribute to audits and inspections

17.5 Sub-processors

The following sub-processors are currently engaged in the processing of End User data:

  • Google Cloud Platform (GCP): cloud infrastructure, compute, and storage (europe-west2, London, UK)

We will notify Customers at least 14 days before engaging a new sub-processor. If you object to a new sub-processor, you may terminate the Service by providing written notice within 14 days of our notification.

17.6 Data Breach Notification

The Data Processor shall notify the Data Controller without undue delay (and in any event within 48 hours) after becoming aware of a personal data breach affecting End User data. The notification shall include: the nature of the breach, categories of data affected, approximate number of records, likely consequences, and measures taken or proposed to address the breach.

17.7 International Transfers

Primary data processing occurs in the UK (europe-west2). Where personal data is transferred outside the EEA/UK (e.g., to sub-processors), the transfer is protected by Standard Contractual Clauses (SCCs) adopted by the European Commission, UK International Data Transfer Agreement or Addendum, or an applicable adequacy decision.

17.8 Duration

This DPA shall remain in effect for the duration of the Controller's use of the Service and until all personal data has been deleted or returned in accordance with Section 17.4.

18. Modifications to Terms

We may modify these Terms from time to time. We will provide at least 30 days' written notice of material changes by email to the address associated with your account and by posting a notice on our website.

Non-material changes (such as clarifications or formatting updates) may be made without prior notice. The "Last updated" date at the top of these Terms will always reflect the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Terms. If you do not agree to the modified Terms, you must stop using the Service and terminate your account before the changes take effect.

19. Governing Law

These Terms are governed by and construed in accordance with the laws of England and Wales, without regard to conflict of law principles.

20. Dispute Resolution

Any disputes arising from or related to these Terms or the Service shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Before initiating formal legal proceedings, the parties agree to attempt to resolve disputes through good-faith negotiation. Either party may initiate a resolution discussion by sending written notice to the other party. If the dispute is not resolved within 30 days, either party may proceed to court.

21. General Provisions

  • Entire Agreement: these Terms, together with our Privacy Policy and Cookie Policy, constitute the entire agreement between you and Webrec regarding the Service.
  • Severability: if any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.
  • Waiver: our failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.
  • Assignment: you may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations without your consent in connection with a merger, acquisition, or sale of all or substantially all of our assets.
  • Force Majeure: neither party shall be liable for failures or delays in performance resulting from circumstances beyond its reasonable control, including natural disasters, war, terrorism, epidemics, government actions, or internet or telecommunications failures.

22. Contact

If you have any questions about these Terms, please contact us: