Security

Capture.dev takes the security of your data seriously. We follow best standard industry practices, so you can trust that your data remains secure at all times.

Here’s how we protect your information:

Restricting sensitive data

No data that is captured by the bug reporting widget is sent to our servers until the user submits a bug report.

Sensitive information can be redacted using custom privacy controls when setting up the widget. All redaction happens on the users machine, so no redacted data is ever sent to our servers.

In addition there are some sensitive data types that are never collected:

• Any input into a password field
• Any request headers with the name Authorization
• The content of any request header following the word Bearer
• Cookies in any network request or response

Encryption

All data is encrypted both in transit (HTTPS/TLS) and at rest (AES-256).

A note on AI

Capture.dev uses large-language-models (LLMs) provided by OpenAI to summarise your bug reports. We take the following steps to ensure your data is safe:

• OpenAI does not use your data to train or improve their models. (source)
• Capture.dev does not use your data to to train or improve AI models.
• Only the minimum amount of data required by the LLM to generate a summary is used.