Appearance
Data security
Capture.dev takes the security of your data seriously. We follow best standard industry practices to ensure that your data remains secure at all times.
Here’s how we protect your information:
Encryption
All data is encrypted both in transit (HTTPS/TLS) and at rest (AES-256).
Infrastructure Security
Capture.dev's platform is built on enterprise-grade, secure infrastructure provided by industry-leading cloud service providers.
Our servers, frontend applications, and database are hosted with Render.com in their Frankfurt, Germany (eu-central-1) region.
Attachments included in bug reports are securely stored using Amazon Web Services (AWS) S3.
Both Render and AWS undergo regular, independent audits and maintain certifications including SOC 2 Type II, ISO/IEC 27001, PCI DSS, and CSA STAR. This ensures that our physical and environmental security controls meet the highest industry standards.
What data we collect
When an end-user submits a bug report, our widget captures contextual data to help your developers resolve issues faster. The following data is collected upon submission:
- The written description of the bug entered by the user.
- A screenshot or video recording of the screen captured by the user.
- Any custom context, such as user details, provided by you when setting up the capture widget.
- Automatically captured technical data:
- Environment information such as browser name and version, operating system.
- All browser console output (logs, warnings, errors) leading up to the report.
- A log of network activity (XHR and Fetch requests) leading up to the report, including the URL, method, status, headers, request and response bodies.
- A timeline of user events on the page, such as clicks and key presses on non-sensitive input fields, to help reproduce the issue.
- A point-in-time snapshot of the HTML and CSS markup of the page at the point the screen capture was created.
What we do not collect
Our widget is designed with privacy at its core and will never collect:
- Any input into a
passwordfield - Any request headers with the name
Authorization - The content of any request header following the word
Bearer - Cookies in any network request or response
More granular privacy controls can also be configured when setting up the widget. All data redaction happens on the users machine, and no redacted data is ever sent to our servers.
How we share data
To provide the Capture.dev service, we use a small number of trusted third-party providers (sub-processors). "Sharing" data with them is for the sole purpose of providing our service. We do not sell your data or share it with any third parties for marketing or advertising purposes.
You, the customer, remain the sole data controller for your bug report information.
Our subprocessors
- Render.com: Used for hosting our core application infrastructure, including our frontend, backend servers, and database.
- Amazon Web Services (AWS): Used for secure processing and storage storage of bug report attachments.
- Loops: Used for sending transactional emails (like notifications and user invitations) and product-related communications to our customers.
- Intercom: Used to provide customer support through live chat within the application.
- OpenAI: Used to provide AI features, such as automatically summarising bug reports and suggested titles. When used, the textual content of a bug report is sent to OpenAI for processing. Per our agreement, this data is not used to train their models.
- Paddle: Acts as our payment and subscription management provider. As our Merchant of Record, Paddle handles all billing and sales tax compliance. We do not have access to or store your full credit card details.
- Amplitude: Used for product analytics to understand how our customers use the capture.dev platform itself. This helps us improve our product, and the data sent does not include any content from your bug reports or personal data from your end-users.
Responsible disclosure
If you believe you have discovered a security vulnerability, please let us know by emailing support@capture.dev. We are committed to working with security researchers to resolve any issues quickly.