Bugfender’s Security Principles

We understand that protecting your customer's data is vital for you. It's just as important for us. We're tired of "free" products which actually make money by selling your data.
Bugfender is fully committed to safeguarding the data we're handling for you. Here is how we do it:

Your Customer’s Data is Yours

… and we operate by this principle. We don’t use your customer’s data, we don’t sell it to third parties, and we don’t target your customers with ads, tracker cookies or anything like it. Period.


User Account Protection

Your team members’ passwords are securely stored using a password-based key derivation function, so there is no way for our staff or a potential intruder to guess your password.

We offer two-factor authentication using the industry-standard, time-based one-time Password (via an authenticator app like Google Authenticator or Authy), FIDO U2F Security Keys (like YubiKey or Krypton) and phone number validation with SMS as a fallback.

We keep an audit log of the most recent activity on your account and your teams. In the event that our customer support team accesses your account on your behalf, to assist any requests you make, our actions will appear in the log for complete transparency. To guarantee maximum security, our staff is always required to use two-factor authentication, even if you do not have it enabled.


Data Protection

All network communications involving your logs are protected with the latest TLS 1.3 authentication and encryption with strong cipher algorithms. For backwards compatibility, TLS 1.2 is also accepted. Your data is always authenticated and encrypted when in transit and at rest.

Our staff is always two-factor authenticated when accessing your data. Only select employees on customer support and operations have access to your data, in order to perform their duties. They are informed of their security responsibilities and receive security awareness training.

We run datacenters at multiple, distant locations (always within the European Union) to ensure we can quickly recover from a potential problem. We offer the possibility of custom datacenters if required. Contact us for this option.


Compliance

Bugfender complies with GDPR and is ready to process your customer personal data under GPDR for standard categories of data, you can sign a Data Protection Agreement with us for that. Within the agreement, we provide support to perform your obligations on data access, rectification, erasure, expiration, data portability, export, and notification of breaches.

ISO Certificate

Bugfender is ISO 27001 certified: our code is developed following Secure Development Life Cycle, the code is reviewed manually and using automated tools, and we perform penetration tests, following the industry’s best practices. We have an incident response process, we perform employee background checks, training, supplier vetting, etc.

We process your data at ISO 27001-certified data centers within the European Union, offering legal, physical and logical security protection measures, regular security audits, and staff training.

Your financial information, like your credit card, is never stored in our servers, it’s securely protected and kept by a third-party PCI-certified supplier.

Bugfender CSA STAR CAIQ

Highly sensitive workloads

Bugfender On-Premises or Private Instance editions can be used in PCI and HIPAA-compliant workloads, or workloads that require data locality. Contact us for this option.

Our Enterprise customers can also sign custom contracts if specific language is required. Contact us for this option.


If you’re a security researcher and you found a security vulnerability in Bugfender, please feel free to get in touch with our security contact.

Questions?

You may also want to read our Terms of Service, our Privacy Policy and the Security and Compliance section in our Knowledge Base.

Our staff will be happy to answer any questions you might have regarding security and compliance, so please feel free to contact us with your question. For high-sensitivity communications we have a PGP key available.

Already Trusted by Thousands

Bugfender is the best remote logger for mobile apps.

Get Started for Free, No Credit Card Required

Bugfender Customers