At DebugBear we are committed to keeping customer data secure.
DebugBear monitors the loading speed of your website.
For synthetic (or lab-based) monitoring you simply enter a website URL you want to monitor and we run regular tests opening the website from our severs.
With DebugBear RUM you install an analytics snippet on your website to monitor real user experiences.
In most cases we do not have any special permissions to access your IT infrastructure. We do not collect data on your website visitors and only run site speed tests on your public-facing website.
In some cases you may grant additional access rights to DebugBear. For example, you disable bot blocking from IP addresses used by the DebugBear test servers. Or you monitor staging servers that are protected using HTTP Basic Authentication.
When integrating DebugBear into your Continuous Integration (CI) process we will usually have access to commit messages in your version control system.
DebugBear RUM collects data on how visitors experience your website. Learn more about what data we collect.
DebugBear uses reputable third-party providers to host its production infrastructure. We rely on these third parties to manage the physical access controls to the data center facilities that they manage.
We primarily use Google Cloud to deliver our service.
Within our infrastructure the permissions of individual services are restricted to increase security.
Data at rest is encrypted with AES-256.
Whenever possible we use two-factor authentication to secure accounts that store user data. We use password managers to prevent duplicate passwords.
Devices used at DebugBear use encryption to keep data secure if a device is lost.
Your DebugBear data is not accessible externally unless you have shared it with another user or made it available publicly.
Our website is only accessible over HTTPS and we also use encryption when communicating with third-party services. This ensures data cannot be read or modified without authorization.
To protect against accidental data loss, DebugBear schedules "soft" deletions in advance before fully removing the data.
DebugBear also uses backups to be able to restore data following a data loss.
If a vulnerability is identified and exploited DebugBear will send an advisory email to DebugBear account admins.
User account passwords are stored cryptographically hashed and salted.
We support multiple single sign-on (SSO) providers and SSO is available for an additional fee.
DebugBear team members may access your data for support requests and to ensure quality of service.
Team members receive annual training on security and data protection.
DebugBear uses third-party libraries as part of its platform. We use Dependabot to identify security vulnerabilities.
We seek to minimize the number of third-party services we rely on and the data they have access to. New third-parties are reviewed for appropriate security and compliance measures.
DebugBear is updating on an ongoing basis. We publish monthly release notes with major updates in our changelog.
Security patches are prioritized and applied as soon as possible.
DebugBear never has direct access to your credit card details. Credit card information is handled exclusively by Chargebee and Stripe.
Our Slack integration only has access write access to the channel you specify. It does not have read access to your Slack workspace.
If you have discovered a security vulnerability, please email dbbsec@debugbear.com with steps to replicate the issue and why it is a security concern.
You are using an old browser that is not supported anymore. You can continue using the site, but some things might not work as expected.
