Privacy policy

dbgr lets you share a Claude Code session transcript as a debuggable artifact. Your transcript is sanitized in your browser before it is uploaded — secrets, emails, IP addresses, and home-directory paths are redacted client-side. The server never receives your raw transcript, and re-scans every upload to reject any secret that slipped through.

• Sanitized session content. The redacted JSONL transcript and the computed analytics sidecar. This is the only session data we store.
• Session metadata. Token counts, model names, timestamps, tool-call counts, estimated cost, an auto-generated title, and any note you add.
• Account data (authenticated users only). Your email address and which sign-in providers you have linked. No passwords are ever stored — sign-in is by magic link, GitHub, or Google. If you sign in with GitHub or Google, the OAuth tokens we hold are encrypted at rest.
• Session security data (authenticated users only). For each signed-in session we store the IP address and browser user-agent, to detect and prevent abuse. These are deleted when the session expires (within ~30 days) or when you delete your account.
• An audit record. Pseudonymous (hashed) entries for claim, delete, email-change, and account-deletion events, kept for integrity and abuse prevention and then deleted after 24 months.

We do not store your raw transcript, and we never display who shared a session to its viewers.

How long content is kept depends on how it was shared:

Anonymous sessions can also be deleted at any time with the one-time delete token shown when you publish. Account-saved sessions are deleted from your dashboard.

We keep encrypted database backups for at least 7 days for disaster recovery. When you erase data, the change reaches backups as they rotate, so erased data clears from backups within that window.

• Hetzner Online GmbH — hosting and object storage, in the Nuremberg (NBG1) region, Germany.
• Cloudflare R2 — object storage in an EU region, used in our staging environment.
• Resend — transactional email delivery (magic-link sign-in, email-change confirmations, and data-export notifications).
• Umami — self-hosted, cookieless page analytics. No cross-site tracking; session slugs and identifiers are stripped before any path is recorded. Loaded only with your consent.
• Sentry / GlitchTip — error tracking, to diagnose crashes. Configured without personal-data capture and with a server-side scrubber; the browser component loads only with your consent.

dbgr uses a single, strictly-necessary cookie: your authentication session. There are no advertising or cross-site tracking cookies.

Our analytics (self-hosted Umami) and error tracking (Sentry/GlitchTip) are non-essential. Umami is cookieless and does not track you across sites; the Sentry browser component is loaded only after you allow it. On your first visit we ask for your consent and load neither until you choose “Allow”. You can decline with no loss of functionality.

Our compute and stored data (transcripts, metadata, account database, backups) are hosted within the EU (Hetzner, Germany; Cloudflare R2, EU region). Self-hosted analytics run in the EU. Where a processor operates outside the EEA, we rely on an approved transfer mechanism (e.g. Standard Contractual Clauses or an adequacy decision); error tracking is pinned to an EU region or self-hosted. Contact us for the current details of any transfer.

• Access & portability. Export all of your data as a zip from Settings → Export.
• Rectification. Change your account email from Settings; we confirm the change via a link sent to your current address.
• Erasure. Delete your account from Settings. This is a hard delete: every session, all metadata, and all stored files are permanently removed.
• Restriction & objection. Contact us at privacy@dbgr.app. We do not profile you, send marketing, or make automated decisions with legal or similarly significant effects.

Lawful basis: contract (Art. 6(1)(b)) for providing account features you sign up for, and legitimate interest (Art. 6(1)(f)) for anonymous sharing and for abuse prevention. We practise data minimization — only sanitized content is ever stored.

Residual personal data can survive automatic sanitization, since transcripts are free-form text. Review the diff before publishing, enable name/location redaction (on by default for sessions you save to your account), and remove anything sensitive.

For any privacy request or question, email privacy@dbgr.app. You also have the right to lodge a complaint with your local data-protection authority.