Privacy Policy

What we collect

When you use the hosted DebugBundle service, we collect:

• Account information (email address, hashed password)
• Event data submitted through SDKs and the ingestion API
• Usage metrics (bundle requests, event counts, alert deliveries, webhook deliveries)
• Session data for authentication purposes

How we use your data

Event data is used solely to provide DebugBundle services: incident grouping, bundle generation, alerting, and retrieval. We do not sell event data or use it for advertising.

Redaction

DebugBundle applies automatic redaction to sensitive patterns (passwords, authentication headers, cookies, card numbers, SSNs) before storage. See the redaction documentation for details.

Data retention

Hosted DebugBundle uses tier-based retention. Raw event blobs are retained for 7 days on Free, 14 days on Solo, and 30 days on Team. Incidents, bundles, and reproductions are retained for 7 days on Free, 30 days on Solo, and 90 days on Team. Self-hosted instances control their own retention.

For a technical explanation of how cleanup works, see the security documentation.

Access, export, and deletion

Hosted organization owners can review their account settings to download a JSON export of retained organization-account data and to permanently delete the current organization account. Deletion removes retained projects, incidents, tokens, audit history, and stored debugging artifacts for that organization.

Local-first mode

When using DebugBundle in local-only mode, no data is transmitted to DebugBundle servers. Events and bundles remain on the machine or storage volume where you run the SDK and CLI.

Contact

For privacy-related questions, see our contact page.