← Back to home

Privacy Policy

Last updated: March 23, 2026

Overview

TraceBug is a QA bug reporting tool that records user interactions during testing sessions and generates developer-ready bug reports. TraceBug is designed with privacy as a core principle: all data stays in your browser. No data is ever sent to external servers.

Data Collection

When a user explicitly enables TraceBug on a website, the following data is recorded locally during the active session:

  • User interactions — clicks (element tag, text, id, class), form inputs, select changes, form submissions, and page navigation
  • Console errors — console.error() messages, unhandled exceptions, and promise rejections with stack traces
  • Network requests — fetch and XMLHttpRequest URLs, methods, status codes, and response times
  • Screenshots — captured only when the user clicks the Screenshot button, stored in memory (not persisted)
  • Environment info — browser name/version, operating system, viewport size, device type, and connection type
  • Voice transcripts — speech-to-text transcriptions when the user explicitly uses the Voice Note feature, processed by the browser's built-in Web Speech API

Data Storage

  • All recorded session data is stored in the browser's localStorage under the key tracebug_sessions
  • Screenshots and voice transcripts are stored in memory only and are not persisted
  • Sessions are capped at 50, with a maximum of 200 events per session
  • Old sessions are automatically pruned when limits are exceeded
  • The Chrome Extension stores the list of enabled site hostnames in chrome.storage.local
  • No data is sent to any server, API, or third-party service

Sensitive Data Protection

TraceBug automatically redacts sensitive information before it is stored:

  • Password fields — values replaced with [REDACTED]
  • Credit card numbers — detected and redacted
  • Social Security Numbers — detected and redacted
  • API tokens and authorization headers — detected and redacted

Data Sharing

TraceBug does not:

  • Send any data to external servers or APIs
  • Use analytics, telemetry, or tracking of any kind
  • Share, sell, or transfer user data to third parties
  • Use data for advertising, profiling, or creditworthiness
  • Store any data outside the user's browser

User Control

  • TraceBug only records on websites where the user has explicitly enabled it
  • Recording can be paused and resumed at any time
  • All session data can be cleared with the "Clear" button in the dashboard
  • The extension can be disabled or uninstalled at any time
  • Clearing browser data or localStorage removes all TraceBug data permanently

Chrome Extension Permissions

activeTab — To inject the recording UI and capture screenshots on the current tab
storage — To remember which sites the user has enabled TraceBug on
scripting — To inject the TraceBug SDK into the page context for session recording
tabs — To identify the current tab's URL and prevent duplicate injection
Host permissions — TraceBug works on any website the user chooses, so broad host access is required. It only activates on sites explicitly enabled by the user.

Open Source

TraceBug is fully open source. You can review the complete source code at github.com/prashantsinghmangat/TraceBug-ai.

Contact

For privacy questions or concerns, please open an issue at github.com/prashantsinghmangat/TraceBug-ai/issues.

This privacy policy applies to the TraceBug Chrome Extension and the TraceBug SDK (npm package: tracebug-sdk).