All Collections
Security and compliance
Personal Data Processing Agreement (DPA) and GDPR compliance
Personal Data Processing Agreement (DPA) and GDPR compliance

How Bugfender can help you in compliance with EU General Data Protection Regulation

Jordi Giménez avatar
Written by Jordi Giménez
Updated over a week ago

When dealing with personal or otherwise sensitive data and storing it in Bugfender, you may be required by law or by your internal company policies to have an agreement with Bugfender to guarantee the proper handling of such data. If you have customers in the EU, GDPR requires this.

Is Bugfender compliant with GDPR? (Bugfender as data controller)

Yes, Bugfender complies with GDPR by guaranteeing your rights as a customer. If you have any GDPR-related requests, you can contact our support. This applies regardless of your plan.

How does Bugfender help my compliance? (Bugfender as data processor)

You can use Bugfender to store personal data if you purchase a Basic or better plan. We offer the following features required for your compliance:

  • Data access: you can access all data you sent to Bugfender until it expires.

  • Data rectification: personal data associated with devices can be updated.

  • Data deletion: personal data from your users can be deleted.

  • Data expiration: personal data that is no longer used is automatically deleted as it expires.

  • Data export: personal data from your users can be exported in a textual, easily intelligible format.

  • Notifications of data breaches: in the event of discovering a personal data breach, Bugfender will inform you in a timely manner as required by law.

Please note the aforementioned features might not be available unless you sign a Data Processing Agreement with us. Also, please note not all our plans offer enough support to store personal data; check if your plan has "GDPR Data Processing Agreement" listed as a feature. If in doubt, please contact us.

Special categories of data

GDPR defines some "Special categories of data" where you should perform your own risk analysis (GDPR Article 9). For those categories, Bugfender might or might not be enough for your use case; you have to decide for yourself. Please contact us if you need to analyze further the suitability of Bugfender for your users' data protection.

Data retention

Bugfender plans that support the signature of a data processing agreement keep your logs and device data for up to 30 days. We generally keep backups for up to 90 days after that.

Geographic location of data

Bugfender stores your data within the European Union unless otherwise agreed.

If you need your data stored in a specific data center, it can be done. Please contact us for a Premium plan (prices starting at €399/month).

Signing a Data Processing Agreement with Bugfender

  • Read and sign it

  • You will need to fill in the account ID. It's a little bit hidden, but you can find it like this: go to team settings and check the URL. It will be something like In that case, your account ID is 12345. If you need help with that, please let us know.

  • Start a new conversation with us and attach the signed contract

  • We will counter-sign it. The contract will become effective when we send you back the counter-signed copy.

Does the DPA need to mention Schrems II, Privacy Shield or the Standard Contractual Clauses?

No, Bugfender is an EU-based company and these clauses are only needed when transferring data outside of the EU.

See also

If you have any further questions, please contact us!

Did this answer your question?