Product Development · August 29th, 2023

Privacy Focused Customer Feedback with Bugflow

Dan Pastori@danpastori

Bug and feedback reporting should be privacy focused. We are advocates of privacy and believe that your data, the sites you visit, and what you choose to share should be respected and up to you. As an agency, we also want to respect our client’s and customer’s privacy when implementing Bugflow into their projects.

That’s why Bugflow uses no tracking cookies, requires minimal information for guest feedback, and allows you share only what you choose. So, how do we do it?

Privacy Focused Guest Feedback Embed

Let’s start with the most public of options. The guest feedback embed. When wanting to collect guest feedback from your customers or clients, or anyone who uses your site, we offer a guest feedback embed. This helpful tool is easy to install and can instantly collect feedback from the users of your web app or site.

Guest Feedback Embed

The guest embed is loaded from our CDN and configured with just your project’s key and any customizations. There’s no callbacks or cookies set. If the user chooses not to interact or record feedback, Bugflow has no idea. If the user chooses to submit feedback, there are only 3 required fields:

  • Name
  • Email
  • Description of feedback

There’s an option for a longer additional comments section if the user chooses to do so. That’s it! Once the feedback is submitted, there’s no tracking on where the user chooses to go or what they do next.

Now, what about the screenshot? The screenshot makes bug reporting extremely helpful for the developer. However, the screenshot could contain super sensitive information. If that’s the case, simply remove it! Don’t share anything you don’t want to share! As we begin to shell out our markup tool, we will also be providing options to hide data that’s sensitive and will not be visible to the developer.

After the feedback is submitted, we store the name and email for 24 hours in the guest’s local storage within their browser. Bugflow does not read from this, it’s simply just to fill in the guest feedback widget so they don’t have to enter this every time they submit feedback.

Okay, so the guest widget is privacy focused, what about the browser extensions?

Privacy in our Browser Extensions

The Bugflow browser extension is much, much more complex. You get full access to add and upload additional information, assign to project team members, apply statuses, labels, priorities etc. As an agency, the browser extension is an essential tool to give to developers, customers, and project managers to quickly collect more detailed feedback, solve issues, and make changes as quickly as possible.

Bugflow Browser Extension

However, the browser extension is installed, well, in your browser. That means it’s present on every page you visit. It even asks you for access to all URLs when installed. While both of those statements are true, no data is collected on any site you visit. Once again, you only send data to Bugflow if you choose to send the data.

So how does Bugflow know when to activate on a certain page? Well, when you log into the browser extension, we load your profile, but we also load a cache of all the URL patterns for the projects you are a part of. This data is cached in your local browser. Whenever you visit a page, we check the URL pattern from your local cache, NOT by sending it back to Bugflow! This allows you to visit your banking site, internal company pages, whatever you want and Bugflow will have no idea.

Even if you visit a site that you have access to from a project within Bugflow, nothing is sent until you actually send it. Let’s say you are a part of a project A. You visit project A’s site and it matches one of the cached URLs. All the Bugflow extension does is recognize that the URL matches a project you are a part of and let’s you record feedback. If you don’t record feedback, then nothing gets sent to Bugflow respecting your privacy!

So what about the data storage itself?

Enterprise, Self-Hosted Bugflow

First of all, we ensure that all data hosted on is secure, locked down, and not shared anywhere you don’t need it to be. However, if you are working on a top secret project and you want the ultimate level of security, we even offer a self-hosted license for Bugflow. This means you’d get a pre-configured Docker container that you can spin up, in house and whatever data gets passed from your clients, customers, or guests goes directly to your instance. You can configure where you want the files stored, what URLs it should run on, and how you want notifications. For more information, contact us at [email protected].

No Google Analytics

To add a little icing on the cake, we take the respect for your privacy even further by not adding Google Analytics to our marketing site. We do have analytics so we know what pages are being visited, but it’s done without tracking cookies and hits our own, self-hosted, Plausible Analytics instance (a privacy focused Google Analytics alternative).


Hopefully this helps shed some light on how serious we take the privacy of our visitors. If you have any questions or want further information before choosing to switch your project or agency to Bugflow, feel free to reach out to [email protected]. We’d love to help!

🚀 We're building in public

Be the first to know of the latest Bugflow news.
    Dan Pastori
    Jay Rogers