Security

We know that security is critical for our customers. And that is why it is important to us.

Read more on how we protect your data in this page - as a summary and (hopefully) in an easy language everybody can understand.

If you have further questions, please get in touch and we will answer them as best as we can.

Hosting

Our application and its needed infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Our servers are based in Europe Region. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Encryption

All communications are encrypted over SSL/TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. SSL means that data is encrypted while sent between our servers and our customers computer.

Application Design

Local by default

Bug reports are never automatically shared with us or any third party application. Screenshots and its data is locally stored inside your own browser by default. It is only uploaded to our servers if you hit the Button “Create”.

Randomised links

Bug reports can be accessed via a permanent URL. Those URLs get randomised with high entropy, so that the name of the URL cannot be guessed. You can, at any point, decide to delete the screenshot from BugFrog.

Data Integrity

We run daily backups automatically. That means even in a worst case scenario we are not losing data, more than from the past 24 hours.

Data Collection

BugFrog collects data such as browser version, operating system, screen resolution or the website URL and title - so that you can concentrate on fixing bugs instead of wasting time reporting. This data is only collecting once you activate the browser extension, wich will take a screenshot and store it alongside the data locally inside your browser.

Payment processing

We process payments with Stripe, which has been audited by a Payment Card Industry Standard-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of PCI DSS certification available. Payment information is transmitted directly to Stripe via HTTPS for secure storage and is never transmitted to or stored on BugFrog.io servers.

Third Party Integrations

BugFrog integrates with popular project management and bug tracking tools such as Jira or Trello. For all integrations, we use the standard OAuth2/OAuth3 protocoll. Hence, we ask for your permission and rights to access the tool on your behalf. The credentials we get back from that connection is unique and stored securely in our encrypted database. We follow integration policies to ensure we handle your data as required by the tool you are already using.