Security & Data Protection

At Bugzy, we understand that bug reports and testing sessions can contain sensitive application data. Protecting that data is a core part of how the platform is designed and operated.

This page outlines the principles and infrastructure we use to keep customer data secure.

  • Infrastructure & Hosting

    Bugzy is built on modern cloud infrastructure designed for reliability and security.

    Our platform currently operates on:

    • Cloudflare for global security, SSL encryption, and traffic protection

    • DigitalOcean for application infrastructure

    • MongoDB Atlas for managed database hosting

    These providers maintain industry-standard security practices and infrastructure protection.

  • Secure Data Transmission

    All communication between users and Bugzy is encrypted using HTTPS (SSL/TLS).

    This ensures that all data transferred between your browser and Bugzy servers is protected from interception.

  • Access Control

    Bugzy uses project-based access control to ensure that issue data is only visible to authorized users.

    Key principles include:

    • Issues and captured data are visible only to invited project members

    • Project owners control who can access the workspace

    • Permissions are managed at the project level

    This allows teams to collaborate securely while maintaining control over their testing environments.

  • Sensitive Data Protection

    Bugzy is designed to avoid capturing sensitive user input.

    The platform automatically masks sensitive fields, including:

    • Password fields

    • Payment or credit card fields

    • Other protected input types

    This helps prevent sensitive user information from being recorded during session captures or bug reports.

  • Third-Party Data Sharing

    Bugzy does not share captured session or issue data with third parties.

    The only exception occurs when users choose to send issues to external tools through integrations such as:

    • Jira

    • Azure DevOps

    • Other supported issue management platforms

    In these cases, only the information included in the issue report is transmitted.

    Bugzy may also use standard analytics tools to understand product usage and improve the platform experience.

  • Data Retention & Deletion

    Bugzy provides clear control over project and account data.

    Project Deletion

    When a project is deleted, associated data is removed immediately.

    Account Deletion

    When an account is deleted, it enters a 30-day recovery window in case the user wishes to reactivate it.

    After this period, account data is permanently removed.

    If a project owner deletes their account, ownership can be transferred to another invited team member to ensure project continuity.

  • Authentication

    Bugzy supports secure authentication through:

    • Email and password login

    • Google authentication (OAuth)

    This allows teams to choose a secure and convenient access method.

  • Continuous Improvement

    Security is an ongoing process. As Bugzy grows, we continue to improve our infrastructure, security practices, and data protection mechanisms to meet the needs of modern software teams.

    If you have specific security or compliance questions, feel free to contact us.

  • Contact

    For security or data protection inquiries:
    [email protected]