Privacy Policy

01Overview

BugBoard.io is a feedback platform operated by Prodlabs ("we", "us", "BugBoard"). This Privacy Policy explains what personal data we collect, why we collect it, who we share it with, and the choices you have.

When a customer ("Customer") uses BugBoard to collect feedback from their own end users, the Customer is the "controller" of those end users' personal data and we act as a "processor" on their behalf. When you visit our marketing site or sign up for an account with us directly, we act as the controller for the data described in this Policy.

02Data we collect

We collect the following categories of personal data:

• Account data: name, email, password hash, organization, and role, provided when you create an account or accept an invitation.
• Customer Content: feedback items, comments, votes, attachments, and any other content you or your end users submit through the Service.
• Identity data passed by integrators: external user id, email, and display name when an integrator uses our trusted-identity API.
• Billing data: information needed to process payments, handled by our payment processor (we do not store full card numbers).
• Usage data: pages viewed, features used, requests made, and approximate location derived from IP address, collected automatically through logs and analytics.
• Device data: browser type, operating system, language, screen size, and similar technical signals.
• Communications: messages you send to our support channels and email.

03How we use data

We use personal data to:

• provide, maintain, and improve the Service, including authentication, billing, and customer support;
• personalize the experience and remember your preferences;
• detect, prevent, and respond to abuse, fraud, and security incidents;
• send service-related communications (e.g., onboarding, billing receipts, security alerts);
• send product updates and marketing where permitted, with an easy way to opt out;
• comply with legal obligations and enforce our Terms.

04Legal bases (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract to provide the Service to you; (b) our legitimate interests in operating, securing, and improving the Service, balanced against your rights; (c) your consent, where requested (e.g., non-essential cookies, marketing emails); and (d) compliance with legal obligations.

05Sharing and disclosure

We do not sell personal data. We share personal data only with:

• service providers acting as our processors (hosting, database, email delivery, analytics, error monitoring, payment processing), under contracts that restrict their use of data to providing services to us;
• your organization's administrators, who can see content and account activity in shared workspaces;
• authorities or third parties when required by law, court order, or to protect rights, property, or safety;
• an acquirer or successor entity in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

06Subprocessors and hosting

BugBoard is hosted on cloud infrastructure operated by reputable providers (such as Railway and Vercel). Data may be processed in regions including the United States and the European Union. Where personal data is transferred outside the EEA/UK to a country without an adequacy decision, we rely on Standard Contractual Clauses or other appropriate safeguards.

A current list of subprocessors is available on request from contact@bugboard.io.

07Cookies and similar technologies

We use a small number of essential cookies and similar technologies to keep you signed in, remember preferences, and measure aggregate usage. Where required by law, we ask for your consent before setting non-essential cookies. You can control cookies through your browser settings.

08Retention

We retain personal data only as long as needed for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account, we delete or anonymize Customer Content within a reasonable period, subject to legal retention requirements and standard backup cycles.

09Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, restrict or object to certain processing, and withdraw consent. To exercise these rights, email contact@bugboard.io. If we process your data on behalf of a Customer, we will refer your request to that Customer.

You also have the right to lodge a complaint with your local data-protection authority.

10Security

We use industry-standard technical and organizational measures designed to protect personal data, including encryption in transit, hashed credentials, access controls, audit logging, and regular review of our infrastructure. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, if the changes are material, provide additional notice (e.g., by email or in-app banner).

13Contact

If you have questions about this Policy or our handling of personal data, contact us at contact@bugboard.io.