Privacy Policy

Last updated: February 21, 2026

1. Introduction

BugZap ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our visual bug reporting platform. We comply with the General Data Protection Regulation (GDPR) and applicable Polish data protection laws.

2. Data Controller

The data controller is BugZap, based in Poland. For privacy inquiries, contact us at privacy@bugzap.app.

3. Data We Collect

Account Data

  • Email address (required for account creation)
  • Full name (optional)
  • OAuth profile data (if you sign in with GitHub)

Bug Report Data

  • Screenshots and annotations you upload
  • Bug titles, descriptions, and severity levels
  • Page URLs where bugs were captured
  • Browser console logs and network error data
  • Session replay recordings (Team plan only)

Technical Data

  • Browser type and version
  • Operating system
  • Screen resolution
  • IP address (for security and abuse prevention)

Billing Data

  • Payment information is processed by Stripe and never stored on our servers
  • We store your Stripe customer ID for subscription management

4. How We Use Your Data

  • Service delivery: To provide bug tracking, collaboration, and reporting features
  • AI features: Bug report data may be sent to Anthropic's Claude API for AI-powered summaries (Small Team and Team plans only). Data is not retained by Anthropic for training.
  • Integrations: Bug data is shared with third-party services you explicitly connect (Linear, GitHub, Slack)
  • Communication: To send transactional emails (magic links, billing notifications)
  • Security: To detect and prevent abuse, fraud, and unauthorized access

5. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the Service you signed up for
  • Legitimate interest: Security monitoring, fraud prevention, service improvement
  • Consent: Optional features like AI summaries and third-party integrations

6. Data Sharing

We share data only with:

  • Supabase (database and authentication hosting, EU region available)
  • Vercel (application hosting)
  • Stripe (payment processing)
  • Anthropic (AI summaries, only when you use the feature)
  • Third-party integrations you explicitly connect (Linear, GitHub, Slack)

We do not sell your data to advertisers or data brokers.

7. Data Retention

  • Active account data: retained for the duration of your subscription
  • Deleted account data: permanently removed within 30 days
  • Free-tier inactive accounts: data may be deleted after 12 months of inactivity
  • Billing records: retained as required by Polish tax law (5 years)

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request limitation of processing

To exercise these rights, email privacy@bugzap.app. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or analytics cookies. No cookie consent banner is required since we only use strictly necessary cookies.

10. Security

We implement industry-standard security measures including encrypted connections (TLS), secure cookie configuration, Row-Level Security on database access, HMAC-SHA256 webhook signature verification, and regular security reviews.

11. International Transfers

Some of our service providers (Vercel, Anthropic) may process data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses or equivalent safeguards as required by GDPR.

12. Children

BugZap is not intended for use by individuals under 16. We do not knowingly collect data from children.

13. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "last updated" date at the top reflects the most recent revision.

14. Contact

For privacy questions or data requests, contact us at privacy@bugzap.app.