Legal

Privacy Policy

Effective: June 14, 2025Last updated: June 14, 2025

Bugfed ("we," "us," or "our") is a crowdsourced software-testing platform. This Privacy Policy explains what personal data we collect when you use bugfed.comand any related subdomains (collectively, the "Platform"), how we use it, with whom we share it, and what rights you have over it.

By accessing or using the Platform you agree to this Privacy Policy. If you do not agree, please do not use our services.

01

Who We Are

Bugfed operates the Platform at bugfed.com. For the purposes of applicable data-protection law, Bugfed is the data controller of personal data submitted through the Platform.

Contact for privacy matters: contact@mail.bugfed.com

02

Data We Collect

We collect data in three ways: data you give us directly, data generated automatically when you use the Platform, and data we receive from third parties.

2.1 — Data you provide

  • Account registration: email address, name, and password (stored as a hashed credential).
  • Billing information: payment card details processed and stored by our payment processor (Dodo Payments). We never store raw card numbers.
  • Test run submissions: app name, app URL or APK, test instructions, target device/OS requirements, and any other details you enter when creating a test run.
  • Communications: messages you send to us via email or the in-Platform support channel.
  • Bug reports: bug titles, descriptions, screenshots, device information, and reproduction steps submitted by testers.

2.2 — Data generated automatically

  • Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Usage data: features you interact with, subscription tier, credit balance, and test run activity.
  • Device data: browser fingerprint metadata used for fraud prevention and platform security.
  • Analytics events: anonymised or pseudonymous interaction events collected via Vercel Analytics.

2.3 — Data from third parties

  • Dodo Payments sends us webhooks confirming payment status (amount, currency, subscription tier, and customer reference).
  • Supabase (our database and authentication provider) processes authentication tokens on our behalf.
03

How We Use Your Data

  • Provide and operate the Platform — creating accounts, running tests, generating reports.
  • Process payments and manage subscriptions via Dodo Payments.
  • Send transactional emails — account confirmation, password reset, test-run status updates, and billing receipts.
  • Improve the Platform — analysing usage patterns to fix bugs and develop new features.
  • Enforce our Terms of Service — detecting abuse, fraud, and policy violations.
  • Comply with legal obligations — responding to valid legal process, tax reporting, and regulatory requirements.
  • Communicate with you — responding to support requests and, where you have consented, sending product updates.
05

How We Share Your Data

We do not sell your personal data. We share data only as described below.

  • Service providers: Supabase (database & auth), Dodo Payments (payment processing), and Vercel (hosting & analytics) — each bound by data-processing agreements.
  • Business transfers: if Bugfed is acquired or merged, personal data may transfer to the successor entity subject to the same privacy protections.
  • Legal requirements: we may disclose data when required by law, subpoena, court order, or to protect the rights, property, or safety of Bugfed, our users, or the public.
  • With your consent: for any other purpose disclosed at the time of collection.
06

Third-Party Services

The Platform integrates with the following third-party services. Each maintains its own privacy practices:

ProviderPurposePrivacy Policy
SupabaseDatabase, auth & file storagesupabase.com/privacy
Dodo PaymentsPayment processing & subscriptionsdodopayments.com/privacy
VercelHosting & anonymised analyticsvercel.com/legal/privacy-policy
07

Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.

  • Account data: retained for the lifetime of your account, plus 90 days after deletion to allow recovery.
  • Test run data (submitted apps, reports, bug reports): retained for 24 months after a test run completes, then anonymised or deleted.
  • Billing records: retained for 7 years to comply with tax and accounting obligations.
  • Log data: retained for up to 90 days for security and debugging purposes.
  • Backups: encrypted backups may persist for up to 30 days beyond the primary-data deletion window.
08

Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data ('right to be forgotten'), subject to legal retention requirements.
  • Restriction — ask us to pause processing while a complaint is investigated.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or direct marketing.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Lodge a complaint — file a complaint with your local data-protection authority.

To exercise any of these rights, email contact@mail.bugfed.com with your request. We will respond within 30 days. We may need to verify your identity before acting on a request.

09

Cookies & Tracking

We use a minimal set of cookies strictly necessary to operate the Platform:

  • Session cookies: Supabase authentication tokens stored in browser cookies or localStorage to keep you logged in.
  • Theme preference: a localStorage key ('bugfed-theme') remembers your light/dark mode preference.
  • Analytics: Vercel Analytics collects anonymised/aggregated page-view data. No personally identifiable information is stored in analytics cookies.

We do not use advertising cookies, cross-site tracking pixels, or sell data to ad networks. You can disable cookies in your browser settings; however, disabling session cookies will prevent you from logging in.

10

Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:

  • HTTPS/TLS encryption for all data in transit.
  • Row-Level Security (RLS) policies on all database tables so users can only access their own data.
  • Hashed passwords — we never store plaintext credentials.
  • Payment data is processed entirely by PCI-DSS-compliant Dodo Payments — raw card details never touch our servers.
  • Restricted access to production systems — only authorised personnel can access production data.

No system is completely secure. If you believe your account has been compromised, contact us immediately at contact@mail.bugfed.com.

11

Children's Privacy

The Platform is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact contact@mail.bugfed.com and we will promptly delete it.

12

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email or via an in-Platform banner at least 7 days before changes take effect.

Your continued use of the Platform after changes become effective constitutes your acceptance of the revised policy.

13

Contact Us

For privacy-related questions, security disclosures, general enquiries, or to exercise your data rights, please contact us at: contact@mail.bugfed.com

We aim to respond to all privacy requests within 5 business days and to resolve them within 30 days.