Privacy Policy

Data Controller Information

How we handle Privacy in Bug Recorder

Our legal basis for processing anonymous data under GDPR is Article 6(1)(f) — legitimate interest in maintaining and improving service functionality.

1. For session recording feature, (you can disable completely it if you don't want to use it), we are masking sensitive fields (passwords, emails, form inputs, like names, emails, credit cards) by default. Users can also hide sensitive elements using the 'bugrecorder-hide' class, 'data-hide="true"' attribute, or mask text content using 'bugrecorder-mask' class and 'data-mask="true"' attribute. Additionally, you can configure which elements are masked so none are stored, and it will not be replayed back, which respects your users' privacy.
2. We don't use any cookies or local storage or indexdb to store any data or track users cross domain. or cross session.
3. We don't store IP addresses in our database.
4. Form data that is captured when you create Forms & Surveys are encrypted before being inserted in database.
5. We use SSL to encrypt all data in transit.
6. Data collected is anonymous (not linked to specific user) and we rely on aggregate data to make decisions.
7. We don't use any third party services that collect personal data.
8. We focus on what happens not who did it.
9. We collect anonymous data only - no cookies, no local storage, no indexdb, no ip address, no user agent, no device id, no browser id, no session id, or any other data that can identify a user. We only collect anonymous aggregated data to make decisions and improve your product.
10. Also we made it modular scripts, so you can load only the modules you need. that's why the script is fast and lightweight and doesn't affect the performance of your site. so you can disable session recording, Forms. if you don't need them.
11. Our scripts use Async to load asynchronously, so it won't affect the performance of your site.
12. We Only collect necessary, anonymous, aggregated data to make decisions and improve your product for catching errors, analytics, and session recording. so we don't collect any data that is not necessary.
13. You can always delete all collected data from your account. just click "Delete Data" in the main menu item then delete all my data. so all collected data will be deleted.
14. User can Access their data by email from [email protected], and we will respond within 1 business day. with all data related to their account.
15. We have strict data retention policy, For aggregated Analytic data we will keep it for 3 or 5 years (depends on the plan), for session recordings and errors we will keep it for 1 month (for indie hackers) and 3 months (for business), for enterprise customers we can have custom retention policy.

Security & Technical Measures

We implement strong security measures to protect all analytics data:

1. All data is encrypted both at rest in our databases and in transit using industry-standard encryption protocols:
   • TLS 1.3 encryption for all data in transit
   • AES-256 encryption for data at rest
   • Encrypted backups with separate key management
2. Secure secret management practices:
   • Database credentials and API keys stored in secure vaults
   • Regular rotation of all production credentials
   • Strict separation between development and production environments
3. Data Breach Notification:
   • We have implemented procedures to detect, report, and investigate personal data breaches
   • In the unlikely event of a data breach, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR
   • Regular security testing and vulnerability assessments are conducted

International Data Transfers

Additional Privacy Considerations

1. User Notice & Consent:
   • Since we don't use any cookies, local storage, or store any personal identifiable information, there's no need for cookie consent banners. Our system works entirely with anonymous, aggregated data, making it naturally compliant with GDPR, CCPA, and HIPAA regulations without requiring additional user consent mechanisms.
2. Additional User Rights:
   • Right to restrict processing - users can request limitation of anonymous data collection
   • Right to data portability - upon request, we can provide collected anonymous data in a machine-readable format
   • Right to object - users can opt-out of anonymous data collection through website controls
   • Right to rectification - users can request correction of inaccurate data
3. Data Protection Impact Assessment (DPIA):
   • We have conducted DPIAs for all processing activities involving potential privacy risks
   • Currently not required for anonymous data collection but we maintain ongoing assessments
   • We continuously monitor our processing activities for changes that might require a DPIA
   • Regular privacy impact reviews are conducted when adding new features
4. Third-Party Integration Policy:
   • Strict vetting of all third-party integrations to prevent introduction of tracking
   • Regular audits of all modules to ensure continued privacy compliance
   • Commitment to maintaining cookie-free, tracker-free operation
   • Data Processing Agreements (DPAs) are signed with all sub-processors

Data Processing Agreements

Key Privacy & Security Points

• Data Collection:
  • No collection of IP addresses, cookies, localStorage, IndexedDB, device IDs, browser IDs, or session IDs
  • Only anonymous, aggregated data is collected for analytics, error reporting, and session insights
• Data Access & Control:
  • Users can request access to or deletion of all collected data by contacting [email protected]
  • Right to lodge complaints with supervisory authorities
• Data Retention Periods:
  • Aggregated analytics data: 3-5 years
  • Session recordings and error reports: 1-3 months (or customizable based on plan)
• Security Measures:
  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Encrypted backup systems
  • Secure secret management protocols
• System Architecture:
  • Fully modular design - only load the specific modules you need
  • No tracking functionality introduced by default

For questions about our privacy practices, please contact us at:
Email: [email protected]
DPO: [email protected]
DPA Requests: [email protected]