BugSpotter — Privacy Policy
Browser Extension
BugSpotter sends data only to a server URL that you explicitly configure. We do not collect, store, or transmit any data to Apex Bridge Technology or any third party.
1. Overview
BugSpotter is a bug reporting browser extension that helps software teams capture, annotate, and submit bug reports with contextual data. This privacy policy explains what data the extension collects, how it is used, and where it is sent.
2. Data Collected
On domains you have allowed, the extension continuously buffers console logs, network requests, and (if enabled) session replay data locally in your browser. This buffered data is **only transmitted** to your configured server when you actively submit a bug report. The following data is included in each report:
Screenshot
- PNG image of the visible tab, captured on click
- Annotatable before submission
Console Logs
- JS console output (log, info, warn, error, debug)
- Rotating buffer (default: last 100 entries)
- Only on explicitly allowed domains
Network Requests
- URL, method, status, timing, headers
- Rotating buffer (default: last 50 entries)
- Sensitive headers are never captured
- Request bodies truncated to 4,000 chars
Session Replay (Optional)
- DOM mutations, mouse, clicks, scrolls via rrweb
- Configurable time window (default: 60s)
- Compressed before upload
- Disabled by default
Browser Metadata
- Browser name/version, OS, viewport, timezone
- Page URL, user agent string
User-Provided Info
- Bug report title, description, and priority
3. Data NOT Collected
- Browsing history or bookmarks
- Passwords, autofill data, or credentials
- Files from your computer
- Data from other tabs
- Data on non-allowed domains (on allowed domains, events are buffered locally but never transmitted unless you submit a report)
- Analytics, telemetry, or usage statistics
4. PII Sanitization
Built-in PII sanitization automatically redacts the following patterns before data leaves your browser:
Enabled by default. Configurable with preset profiles (Kazakhstan, GDPR, PCI DSS, Financial) or individual toggles.
5. Where Data Is Sent
All data goes exclusively to the BugSpotter server URL you configure in the extension's Options page — typically your self-hosted instance or SaaS endpoint.
- HTTPS-only connections enforced. HTTP endpoints are rejected.
- No data sent to Apex Bridge Technology, Google, or any third party.
- No data shared with advertisers, data brokers, or analytics providers.
6. Data Storage
On Your Device
- Settings stored in chrome.storage.sync
- Failed reports queued locally (max 10, expires after 7 days)
- No data retained after successful submission
On Your Server
Data retention is governed by your organization's policies, not by this extension.
7. Domain Filtering
- Restrict to specific domains via Allowed Domains setting
- Wildcard patterns supported (e.g., *.example.com)
- Without domain restrictions, captures only when you actively open the popup and submit
8. Permissions Explained
| Permission | Why It's Needed |
|---|---|
activeTab | Capture a screenshot of the current tab on click |
storage | Save settings (server URL, API key, domain allowlist) |
tabs | Read current tab URL and title for bug reports |
scripting | Inject console and network capture scripts |
host_permissions | Allow bug reporting on any site you choose |
9. User Control
10. Children's Privacy
BugSpotter is a professional software development tool. It is not directed at children under 13 years of age, and we do not knowingly collect data from children.
11. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top. Continued use of the extension after changes constitutes acceptance of the updated policy.
12. Contact
13. Compliance Statement
This extension's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.