๐Ÿž Bug Reporter โ€” Privacy Policy

Last updated: 2026-07-11

Bug Reporter has two parts: a browser extension that captures a bug report, and a hosted service where your team stores and manages reports. This policy explains what personal data we handle, why, who it is shared with, how long we keep it, and your rights. It is written to meet India's Digital Personal Data Protection Act, 2023 (DPDP) and the EU GDPR.

Plain-language summary

The extension only captures a bug when you tell it to. It records screenshots, your clicks (the button/field name โ€” never what you type into a website), the page's console and network activity, and โ€” if you start one โ€” a screen-and-voice video. When you submit a report it goes to your organization's workspace on our servers. To help write the report up, its contents (including screenshots) are sent to an AI provider. We also connect to the tools you choose (Jira, Slack, Google Drive, etc.). We never sell your data, and you can ask us to show, correct, or delete it.

1. Who is responsible for your data

For bug-report content, your organization is the controller (DPDP: Data Fiduciary) and we act as a processor on their behalf. For account and billing data (the name/email of people who sign in), we are the controller. Operator/contact: Zicuro, [email protected].

2. What we collect

Never captured: text typed into websites, passwords, or anything while you aren't actively reporting. We use your IP address only in memory to limit abuse โ€” it is not stored in our database or logs.

3. Why we use it (lawful basis)

To provide the service (contract); to keep it secure (legitimate interests); for AI drafting (legitimate interests โ€” an admin can turn it off for a workspace); and, where the law requires, with your consent.

4. Who we share it with (sub-processors)

Only the services needed to run the product or that you choose to connect. We do not sell personal data or use it for advertising.

Account and security emails are part of the service; product-update newsletters are optional and every one has a one-click unsubscribe link (or turn them off under Account → Email preferences).

Cross-border transfer: several of these providers process data outside India / the EU (e.g. in the United States). By using those features you accept that the relevant data is transferred to them under their terms; we sign data-processing agreements with sub-processors where required.

5. AI processing

When a report is submitted, its contents โ€” including up to four screenshots โ€” are sent to an AI provider to draft a clear title and summary. If your organization does not want any AI processing, an admin can email us to disable it for your workspace, or configure your own AI key so it runs under your own provider account.

6. Retention & deletion

We keep reports and account data while your workspace is active. You can ask us to delete your personal data and we will do so, subject to any legal retention. Email the contact below to request deletion or workspace closure.

7. Your rights

Under DPDP and GDPR you can ask us to access, correct, delete, or export your data, and to object to or restrict certain processing, or withdraw consent. Contact us to exercise these; if your data came through your employer's workspace we may route the request to that organization. You may also complain to the Data Protection Board of India or your local EU supervisory authority.

8. Security

Encryption in transit (HTTPS), strict separation between organizations' data, hashed passwords and session tokens, encryption at rest for stored credentials, role-based access control, and time-limited download links. We will notify you of any breach as required by law.

9. Grievance / Data Protection Officer (DPDP ยง13)

Grievance Officer: Mohin Shah ยท Email: [email protected]. This contact also serves as our GDPR data-protection point of contact.

10. Cookies and local storage

We use no tracking or advertising cookies. The dashboard stores a login token in your browser's local storage only to keep you signed in; it is removed when you log out.

11. Children

The service is for workplace use and is not directed at children. We do not knowingly process children's data; if you believe a child's data was captured, contact us and we will delete it.

12. Changes & contact

We may update this policy and will change the date above (and notify admins of significant changes). Questions or requests: [email protected].