Privacy Policy
Last updated: April 17, 2026
1. Introduction
bugAgent ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at www.bugagent.com, our dashboard application, our MCP server, and any related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account Information
When you create an account, we collect your email address, name, and authentication credentials. If you sign in through a third-party provider (e.g., GitHub, Google), we receive basic profile information from that provider.
Bug Report Data
When you submit bug reports through our Service, we collect the content you provide including titles, descriptions, steps to reproduce, environment details, and any media attachments (images, videos, files) you upload.
Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, operating system, and device information. We use Google Analytics to collect aggregated usage statistics.
Payment Information
Payment processing is handled by Stripe. We do not store your full credit card number or payment credentials on our servers. Stripe may collect and process payment data in accordance with their own privacy policy.
Integration Data
If you connect third-party integrations (e.g., Jira, Slack), we may receive and store data necessary to maintain those connections, such as OAuth tokens and workspace identifiers.
Browser Extension Data (bugAgent CoPilot)
Our Chrome browser extension, bugAgent CoPilot, runs entirely on your device until you click "Submit". When you submit a bug report from the extension, the following data is sent to our servers and attached to that report:
- The URL and page title of the active tab at the moment of submission
- Browser name and version, operating system, viewport size, and device type
- Console errors and warnings captured on the active tab (only if you check "Include console errors")
- Failed network requests (status codes and URLs only — no response bodies; only if you check "Include failed requests")
- A screenshot of the visible viewport (only if you click "Screenshot")
- Information about a specific DOM element you select with the element picker (selector, text content, attributes, bounding rectangle)
- Any files you explicitly attach
- The title, description, type, and severity you enter in the form
The extension does not:
- Track your browsing history or send any data anywhere before you click Submit
- Read or transmit page content other than what is described above
- Run on tabs you have not opened the side panel on
- Use any data for advertising, analytics, profiling, or AI model training
The extension stores your authentication tokens and form preferences locally using chrome.storage. These never leave your device except to authenticate API calls to your bugAgent workspace.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process bug reports and deliver AI-powered classification
- Store and serve media attachments you upload
- Process payments and manage your subscription
- Send transactional emails (account verification, password resets, billing notices)
- Sync bug reports to connected third-party tools
- Monitor usage to enforce plan limits and prevent abuse
- Analyze aggregated usage patterns to improve our product
- Respond to support requests
4. AI Processing
Bug reports submitted through the Service may be processed by AI models (including Anthropic's Claude) to provide features such as automatic classification, severity detection, and structured parsing. This processing occurs in real time and is used solely to enhance your bug reports. We do not use your bug report data to train AI models.
5. Data Storage and Security
Your data is stored using Supabase, which provides database hosting, authentication, and file storage infrastructure. Data is encrypted in transit (TLS) and at rest. Media attachments are stored in secure cloud storage buckets with access controls.
We implement industry-standard security measures to protect your information, including:
- Row-level security (RLS) policies on all database tables
- Encrypted authentication tokens
- HTTPS enforcement across all endpoints
- Scoped access controls for file storage
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Sharing and Disclosure
We do not sell your personal information. We may share your data only in the following circumstances:
- Service providers: We use third-party services to operate the Service. These providers access your data only to perform services on our behalf. See the Subprocessors section below for a current list.
- Team members: If you belong to a team, other team members may access bug reports and project data shared within that team.
- Integrations: When you enable integrations (e.g., Jira sync), your bug report data is shared with those platforms as configured by you.
- Legal requirements: We may disclose your information if required by law, regulation, legal process, or government request.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Bug reports and attachments are retained until you delete them or use the data flush feature in your settings. You may delete individual reports, attachments, or bulk-flush older reports at any time.
When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.
8. Subprocessors
We use the following third-party subprocessors to deliver and operate the Service. Each subprocessor accesses only the data necessary to perform its function.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication, file storage | Account data, bug reports, attachments, session tokens | United States |
| Cloudflare | DNS, CDN, DDoS protection, WAF, SSL/TLS | IP addresses, request metadata, traffic data | Global (edge network) |
| Stripe | Payment processing, subscription management | Billing information, payment method tokens | United States |
| Anthropic | AI processing (bug classification, code review, test generation) | Bug report content, code snippets submitted for analysis | United States |
| Resend | Transactional email delivery | Email addresses, email content | United States |
| Railway | Application hosting (dashboard, API, MCP server) | Application data in transit and at rest during processing | United States |
| GitHub | Static site hosting (GitHub Pages), source code | Website content, deployment artifacts | United States |
| Google Analytics | Anonymized website usage analytics | Anonymized usage data, page views | United States |
| Sentry | Error monitoring and performance tracking | Error logs, stack traces, browser metadata | United States |
We will update this list when we add or remove subprocessors. If you have a DPA (Data Processing Agreement) with us, we will notify you of subprocessor changes per its terms.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate or incomplete data
- Deletion: Request that we delete your personal data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to the processing of your data in certain circumstances
To exercise any of these rights, contact us at [email protected].
10. Cookies and Tracking
We use essential cookies for authentication and session management. We use Google Analytics to collect anonymized usage data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
We do not use third-party advertising cookies or cross-site tracking.
11. Children's Privacy
The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
12. International Data Transfers
Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to these locations.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at: