Security at DebugBear

At DebugBear we are committed to keeping customer data secure.

What data does DebugBear have access to?

In most cases we do not have any special permissions to access your IT infrastructure. We do not collect data on your users and only run site speed tests on your public-facing website.

In some cases you may grant additional access rights to DebugBear. For example, you disable bot blocking from IP addresses used by the DebugBear test servers. Or you monitor staging servers that are protected using HTTP Basic Authentication.

When integrating DebugBear into your Continuous Integration (CI) process we will usually have access to commit messages in your version control system.

Infrastructure

DebugBear runs on Google Cloud using secure data centers. We restrict the permissions that individual components in our system have access to.

Our website is only accessible over HTTPS.

Slack app

Our Slack integration only has access write access to the channel you specify. It does not have read access to your Slack workspace.

Data access

Your DebugBear data is not accessible externally unless you have shared it with another user or made it available publicly.

Whenever possible we use two-factor authentication to secure our accounts. We use password managers to prevent duplicate passwords.

Devices used at DebugBear use encryption to keep data secure if a device is lost.

Data deletion and backups

To protect against accidental data loss, DebugBear schedules "soft" deletions in advance before fully removing the data.

DebugBear also uses backups to be able to restore data following a data loss.

Passwords

User account passwords are stored cryptographically hashed and salted.

Credit card details

DebugBear never has direct access to your credit card details. Credit card information is handled exclusively by Chargebee and Stripe.