Security and Privacy

Security

A lot of our users come from highly security-focused industries (e.g. banking, accounting, insurance and even public sector), which is why the topic of data handling is extremely important to us. Below you can find information on how exactly we store data. If you have more questions, we are happy to answer them.

Generally speaking, data security can be split into 3 parts: geographic location of the servers, server security and data transmission. Let's take a look at each one them individually.

Geographic location

We store all bug report data in the European Union. There are 2 reasons behind that:
  • The European Union is very strict about online privacy and data protection.
  • Particularly for our users in Europe, it's very important to know where the data is being stored because of fairly recent General Data Protection Regulation (EU GDPR).

Server security

All bug report data is encrypted on the server (at rest). Each object's data and metadata is encrypted using the 256-bit Advanced Encryption Standard. Each encryption key is itself encrypted with a regularly rotated set of master keys.

Data transmission

The data is also encrypted while it's traveling over the Internet from your computer to the server and back (in transit) with SSL.

Privacy

There are several aspects to the topic of privacy that we would like to cover, so that you can better understand our values and beliefs when it comes to handling data. We are not in the business of selling data to advertisers and other 3rd parties, so we don't even have anything to hide. Regardless of that fact, we want to be open and transparent, since it's important to us.

What technical data does Bird collect?

In order to help your team spend less time on reporting and fixing bugs, Bird needs to collect technical data generated by the product you are working on. This data includes general information, like your browser version, operating system, time of recording, console logs, URLs that you visit during the recording, network logs, etc.

When does Bird collect this data?

Bird only collects this data from the domains to which you give it explicit access. The idea here is that most of the time you would only really need to have Bird enabled on the URLs of the product you are working on.

(Side note: the data gathered does not leave your computer before you decide to share it with your team, but more on that later)

Example: you are working in a company GreatCo Inc. and your website is "greatco.co". In that case you can allow Bird to collect technical logs while you are browsing or testing "greatco.co", "staging.greatco.co", etc. At the same time, you don't need to enable Bird on i.e. "amazon.com".
If you've added a domain by mistake or just don't want Bird to be enabled on it any more, you can of course change that. Just go to Settings via the Bird Eats Bug browser extension, as depicted in the animation below.
On the settings page you can manage the domains where Bird is activated (see animation below).

Pro tip: on the Setting page you can also switch to the "Blacklist mode". It enables Bird on all pages by default, but you can still exclude certain domains if you wish, by adding them into your blacklist. To do so, you need to visit that specific domain, click on Bird Eats Bug browser extension and flip the switch in the popup, next to "Settings" icon.

What happens to the data that Bird collected?

Let's take a look at 3 situations to understand that better.

You browse or test your product
Bird is gathering technical data in the background. You can always check what data has been gathered by clicking on the Bird Eats Bug browser extension and hitting "Open console". At this stage, this data is offline and nobody except you has access to it.

You found a bug and start recording your screen
Now Bird is capturing a video of your actions together with technical logs. When you stop the recording, you will be taken to a page where you can see what's been recorded. Before you decide to upload your report and share it with your team, the video and logs stay on your computer and nobody except you has access to them, just like in the previous example.

You upload your report and share a link with your team
At this stage Bird uploads the recorded data to the servers based in the European Union. The data is encrypted while it "rests" on these servers. When you send a link to a teammate, they will be able to view the video and logs that you have previously uploaded.

How does Bird compare to other tools in terms of privacy?

There are various services on the market that can allow you to record technical logs and actions performed by your users (i.e. FullStory, LogRocket and others). They can also help you find bugs by looking at these recordings and technical data.

We believe that this approach has several important privacy (in addition to technical) downsides:

  • Users don't generally know that they are being recorded. Sure, they can find out by checking the Terms of Service or Privacy Policy, but how many people read those?
  • It is easy to forget to exclude certain fields (i.e. passwords, credit card details, etc.) from being recorded, which means that critical private information can be seen by people who shouldn't have access to it.

Knowing about these issues was one of the reasons we decided to build Bird Eats Bug and create mechanisms to prevent these issues from happening:

  • Bird is not for tracking the end users of your product. Bird is designed to be used on pre-production environments, where 80% of the bugs are discovered, yet no live customer data is stored.
  • Bird doesn't upload anything online before you explicitly choose to do so.
  • Bird allows you to review the data before uploading it.

Outro

If you have further questions about privacy and security, contact us and we will do our best to answer them.

Made on
Tilda