Today, May 21st, we received an interesting email from a journalist writing for Fast Company. Apparently, a privacy-focused company audited the app Care19, North Dakota’s COVID-19 contact tracking app, and they found that an anonymous tracking ID generated by the app was sent via API to Bugfender along with other identifiers.
As well as contacting the app’s developers, the journalist also gave us the opportunity to comment. Of course, we are grateful that he took the opportunity to understand what Bugfender is about, and were happy to answer his questions.
But in our spirit of company openness, we wanted to make an extra effort towards transparency. We thought, after Fast Company mentioned Bugfender in their article, some readers might wonder what it is and want to learn more. So we’re also making this information available to you as well. We hope you find it interesting.
Bugfender Is Not in the Data Business
First of all, Bugfender is not an analytics tool. Our core mission is to help developers create better products and provide better customer support to their users. We do not process or aggregate data for our own benefit, nor do we share it with anyone else.
How Does Bugfender Work?
Software developers usually leave messages for themselves in their code to detect when an app has reached specific points. These messages are typically called “logs” and are not visible to end users.
It’s like when you get an error in the dashboard of your car: all you can see is a light that shouldn’t be illuminated. But if your mechanic plugs in the computer, they can get lots of extra information to diagnose and fix the problem faster.
The way programmers read those messages is very similar to the car example. When an app doesn’t work, developers literally plug the smartphone to their computer, and, using their diagnostic tools, they can read these messages and find out more about the problem.
As you can imagine, once an application has been released to millions of users, it would be very difficult to connect all those smartphones to the programmer’s computer! But thanks to Bugfender, this diagnostic information is available remotely, so software developers can read it without the need to interact with the user’s device, even if the user happens to be on the other side of the world.
Is My Personal Information Stored by Bugfender?
Bugfender is designed to assist in error diagnostics, so we allow developers to store any data they might need to fix a problem.
Sometimes it’s useful to have a means of finding a given user’s device, so we can assist them if they ask for help. So extra bits of information can be added to the logs, like a user ID which allows the developer to translate to a specific user, but this ID does not necessarily need to convey any personal information.
We do not collect any user’s personal information automatically. Developers can always choose the way to identify devices, and only if they want to.
Due to the continuous evolution of software, diagnostic information is only useful to developers for a short period of time. Most often it’s only useful in real time or in the next few days, so we delete the data after that. Depending on the customer’s chosen plan, the data might be available for a maximum of 30 days.
Are You an Analytics Company?
No. We are a tool that helps developers find software errors but we don’t aggregate data in any way, we don’t provide any tool to detect trends and we do not share it with anyone else.
Do You Sell the Data That You Collect?
No. Bugfender is a company 100% owned by its founders, with the sole mission of helping developers. And it is fully funded by our clients that pay to use our tools.
Do You Use the Collected Data for Different Purposes Than Software Development?
Unfortunately, there are companies offering similar services to ours, but totally for free. What’s the catch? The service needs to be funded in some way, so they actually make their money by using the data for other purposes, like market research or advertising.
We don’t do that. Our customers pay a price that allows us to provide the service while staying profitable and independent. Because we are entrepreneurs ourselves, we offer a free tier to indie devs and entrepreneurs, totally at our own cost. But the company has been profitable since its fourth year, thanks to the trust that our clients have put in us (if you’re one of them, hey, thank you!).
What About the Identifiers Mentioned in the Report?
Bugfender creates a random identifier that is sent to our servers to differentiate one device from another. The sole purpose of this ID is to show the correct diagnostic data to the programmers of the app and does not contain any information related to the user or the device. Specifically, the Advertisement Identifier (IDFA) is NOT used at all by Bugfender (because we’re not interested in tracking people or selling ads).
What If the Developer Has Malicious Intentions or Logs Private Data to Bugfender by Mistake?
Bugfender is purely focused on software development. If a malicious developer were trying to steal your data, using Bugfender would probably be a very inefficient way to do it!
However, if a developer makes a mistake and logs confidential data to Bugfender, the final users are probably still safe. The data sent to Bugfender is encrypted when in transit and then it is temporarily stored in our servers which are hosted in an ISO 27001-certified data center. This ensures legal, organizational, physical, and logical protection, regular security audits and staff training.
Furthermore, Bugfender is covered under GDPR, the EU data protection law, which is often considered the world’s strongest set of data protection rules.
So, Is My Data Safe After All?
On our side, we can ensure that Bugfender will never aggregate or market your data with any goal other than helping app developers create better apps. We also take care of encrypting and strictly controlling access to data to make sure it’s safe with us.
Bugfender is the tool of choice of thousands of developers, and one of the most valued features is that we are not a data-focused company: our customers are often companies concerned about the privacy of the data they’re entrusting us with.
Our Best Wishes From Bugfender
We decided to write this post to provide clear and direct information to all of those Fast Company readers who might be worried about their data following the article about the contact tracking app.
Bugfender was created to help developers fix software errors, and we are proud to be able to keep doing that during these uncertain times. We wish developers all around the world can use Bugfender to enhance the quality of their apps, as the developers of Care19 are doing to help North Dakota citizens stay safe and healthy.