Security at DebugBear

At DebugBear we are committed to keeping customer data secure.

What is DebugBear?

DebugBear monitors the loading speed of your website.

DebugBear Synthetics

For synthetic (or lab-based) monitoring you simply enter a website URL you want to monitor and we run regular tests opening the website from our severs.

DebugBear RUM

With DebugBear RUM you install an analytics snippet on your website to monitor real user experiences.

What data does DebugBear have access to?

DebugBear Synthetics

In most cases we do not have any special permissions to access your IT infrastructure. We do not collect data on your website visitors and only run site speed tests on your public-facing website.

In some cases you may grant additional access rights to DebugBear. For example, you disable bot blocking from IP addresses used by the DebugBear test servers. Or you monitor staging servers that are protected using HTTP Basic Authentication.

When integrating DebugBear into your Continuous Integration (CI) process we will usually have access to commit messages in your version control system.

DebugBear RUM

DebugBear RUM collects data on how visitors experience your website. Learn more about what data we collect.

Infrastructure and physical access controls

DebugBear uses reputable third-party providers to host its production infrastructure. We rely on these third parties to manage the physical access controls to the data center facilities that they manage.

We primarily use Google Cloud to deliver our service.

Within our infrastructure the permissions of individual services are restricted to increase security.

Data at rest is encrypted with AES-256.

System access controls

Whenever possible we use two-factor authentication to secure accounts that store user data. We use password managers to prevent duplicate passwords.

Devices used at DebugBear use encryption to keep data secure if a device is lost.

Data access controls

Your DebugBear data is not accessible externally unless you have shared it with another user or made it available publicly.

Transmission controls

Our website is only accessible over HTTPS and we also use encryption when communicating with third-party services. This ensures data cannot be read or modified without authorization.

Data deletion and backups

To protect against accidental data loss, DebugBear schedules "soft" deletions in advance before fully removing the data.

DebugBear also uses backups to be able to restore data following a data loss.

How do you notify customers of security vulnerabilties?

If a vulnerability is identified and exploited DebugBear will send an advisory email to DebugBear account admins.

Passwords

User account passwords are stored cryptographically hashed and salted.

Single sign-on

We support multiple single sign-on (SSO) providers and SSO is available for an additional fee.

DebugBear Team access to customer data

DebugBear team members may access your data for support requests and to ensure quality of service.

Team members receive annual training on security and data protection.

Third-party libraries

DebugBear uses third-party libraries as part of its platform. We use Dependabot to identify security vulnerabilities.

How do you review third-party services for security and compliance risks?

We seek to minimize the number of third-party services we rely on and the data they have access to. New third-parties are reviewed for appropriate security and compliance measures.

How often is your platform updated?

DebugBear is updating on an ongoing basis. We publish monthly release notes with major updates in our changelog.

Security patches are prioritized and applied as soon as possible.

Credit card details

DebugBear never has direct access to your credit card details. Credit card information is handled exclusively by Chargebee and Stripe.

Slack app

Our Slack integration only has access write access to the channel you specify. It does not have read access to your Slack workspace.

Reporting security vulnerabilities

If you have discovered a security vulnerability, please email dbbsec@debugbear.com with steps to replicate the issue and why it is a security concern.

You are using an old browser that is not supported anymore. You can continue using the site, but some things might not work as expected.