Legal

GDPR Compliance

bugfyx is committed to protecting your data and complying with the General Data Protection Regulation (GDPR). This page explains how we handle personal data.

Last updated: March 7, 2026

1. Data Controller

When you use bugfyx as a customer (account holder), bugfyx acts as a data processor on your behalf. You remain the data controller for any feedback data collected through the widget on your website. bugfyx acts as data controller only for your account information (email, billing details).

2. What Data We Collect

Through the feedback widget, the following data may be collected from your website visitors:

  • Screenshot of the current page view
  • Browser name, version, and operating system
  • Screen resolution and viewport size
  • Current page URL
  • CSS selector of the targeted element
  • Free-text feedback comment
  • Optional: visitor name or email (if configured by site owner)

We do not collect IP addresses, set tracking cookies, or fingerprint browsers through the feedback widget.

3. Legal Basis for Processing

For account holders: We process your data based on contractual necessity (Art. 6(1)(b) GDPR) to provide the bugfyx service.

For website visitors: The legal basis is determined by you as the data controller. Most customers rely on legitimate interest (Art. 6(1)(f) GDPR) for collecting feedback to improve their website.

4. Data Storage & Security

  • All data is encrypted in transit (TLS 1.2+) and at rest
  • Feedback data is stored in EU-based infrastructure
  • Screenshots are stored securely and accessible only to authorized team members
  • We perform regular security audits

5. Data Retention

Feedback data is retained for as long as your account is active. When you delete a project, all associated feedback data (including screenshots) is permanently deleted within 30 days. When you delete your account, all data is permanently removed.

6. Your Rights

Under the GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your personal data
  • Restriction — Restrict processing of your data
  • Portability — Receive your data in a structured format
  • Objection — Object to processing based on legitimate interest

To exercise any of these rights, contact us at privacy@bugfyx.com.

7. Sub-processors

We use the following sub-processors to deliver the bugfyx service:

Provider
Purpose
Location
Cloudflare
CDN, hosting, edge compute
Global
Stripe
Payment processing
US / EU
Resend
Transactional emails
US

8. Data Processing Agreement

If you need a Data Processing Agreement (DPA) for your records, please contact us at privacy@bugfyx.com and we'll provide one within 2 business days.

9. Contact

For any GDPR-related questions or requests, contact our data protection team:

Email: privacy@bugfyx.com