Data Privacy
Understanding how Bugster SDK ensures the security of collected data
How secure is the data collected by Bugster SDK?
At Bugster, we prioritize the security of your data. We’ve implemented multiple layers of security measures to protect the data collected by our SDK at every stage - from collection to storage and processing. Here’s a detailed breakdown of our security approach:
Data Collection Security
Encryption in Transit
- All data transmitted between your application and our servers is encrypted using industry-standard TLS 1.3 protocol.
- This ensures that data cannot be intercepted or tampered with during transmission.
Minimal Data Collection
- We adhere to the principle of data minimization, collecting only the information necessary for the SDK’s functionality.
- You have full control over what types of data are collected through configuration options.
Use the configureDataCollection method to customize what data is collected:
BugsterSDK.configureDataCollection({
capturePageviews: true,
captureClicks: false,
captureFormSubmits: true,
});
Automatic PII Redaction
- Our SDK automatically detects and redacts common types of Personally Identifiable Information (PII) such as email addresses, phone numbers, and credit card information.
- Custom PII redaction rules can be configured to suit your specific needs.
Data Storage Security
Encryption at Rest
- All data stored in our systems is encrypted using AES-256 encryption.
- Encryption keys are managed using a secure key management system with regular key rotation.
Secure Cloud Infrastructure
- We use industry-leading cloud providers that maintain ISO 27001 and other relevant certifications.
- Our infrastructure is protected by firewalls, intrusion detection systems, and regular security audits.
Data Isolation
- Each customer’s data is logically isolated to prevent any potential data leakage between different customers’ environments.
Access Control
Strict Access Policies
- Access to customer data is strictly limited to authorized personnel on a need-to-know basis.
- All access attempts are logged and monitored for suspicious activities.
Multi-Factor Authentication (MFA)
- MFA is enforced for all access to our systems, including both customer accounts and internal staff access.
Regular Access Reviews
- We conduct regular reviews of access privileges to ensure they remain appropriate and necessary.
Compliance and Certifications
GDPR and CCPA Compliance
- Our data handling practices are compliant with GDPR, CCPA, and other relevant data protection regulations.
- We provide tools for data subject access requests and the right to be forgotten.
While we’re currently working towards SOC 2 compliance, it’s on our roadmap and we’re actively pursuing this certification to further enhance our security posture.
Penetration Testing
- We conduct regular third-party penetration tests and vulnerability assessments.
Incident Response
24/7 Monitoring
- Our security team monitors our systems around the clock for any potential security incidents.
Incident Response Plan
- We have a comprehensive incident response plan in place to quickly address any security issues.
Transparent Communication
- In the event of a security incident affecting customer data, we commit to prompt and transparent communication.
Customer Controls
Data Retention Controls
- You can set custom data retention periods, after which data is automatically and securely deleted.
Access Management
- Granular access controls allow you to manage who in your organization can access what data.
Audit Logs
- We provide detailed audit logs of all activities related to your data for your own security monitoring.
Ongoing Security Efforts
Regular Security Training
- All Bugster employees undergo regular security awareness training.
Continuous Improvement
- Our security measures are continuously reviewed and updated to address emerging threats and technologies.
Bug Bounty Program
- We maintain a bug bounty program to encourage responsible disclosure of any potential security vulnerabilities.
For more information about our bug bounty program or to report a security vulnerability, please visit our Security Page.
We understand that the security of your data is paramount. We’re committed to maintaining the highest standards of security and are always open to discussing our security measures in more detail. If you have specific security requirements or questions, please don’t hesitate to contact our security team at security@bugster.app.
For more detailed information, you can review our Security Practices page.