Privacy Policy

Last updated: April 13, 2026

Blindspot ("we", "us", "our") is operated by No Box Dev. This policy describes how we collect, use, and protect your information when you use the Blindspot service.

1. Information We Collect

Account information: When you sign up via GitHub OAuth, we receive your GitHub username and user ID. We store an encrypted copy of your GitHub access token to create issues on your behalf.

Bug reports: When end users submit bug reports through the Blindspot widget, we collect:

• Screenshot of the current page (captured client-side)
• Page URL, browser name and version, operating system, viewport size
• Recent console errors (if any)
• Selected DOM element details (CSS selector, accessible name, data attributes)
• User-provided title, description, and optional name/email
• Custom application context (if configured by the site owner)

Auto-captured errors: If enabled by the site owner, JavaScript errors are automatically reported with the error message, source URL, and browser information.

Usage data: We log IP addresses temporarily for rate limiting. We do not use analytics trackers, cookies for tracking, or third-party advertising.

2. How We Use Your Information

• To create GitHub issues containing bug report details
• To upload screenshots to our storage (Cloudflare R2)
• To send Slack notifications (if configured)
• To display report status on tracking pages
• To prevent abuse via rate limiting

3. Data Storage and Security

Your data is stored on Cloudflare's infrastructure (Workers, D1 database, R2 storage). GitHub access tokens are encrypted at rest using AES-GCM. All communication uses HTTPS.

4. Third-Party Services

• GitHub: Bug reports are created as GitHub Issues in your configured repository
• Cloudflare: Hosting, database, and file storage
• Slack: Optional notifications (only if you connect a workspace)
• jsDelivr CDN: The widget loads screenshot libraries from this CDN

5. Data Retention

Bug report data is retained as long as your account exists. Screenshots are stored indefinitely in Cloudflare R2. You can delete your account and all associated data at any time from the dashboard.

6. Your Rights

You can:

• Access your data through the Blindspot dashboard
• Delete your account and all associated sites, reports, and data from the dashboard
• Disconnect third-party integrations (Slack) at any time

For data subject requests under GDPR or similar regulations, contact us at support@noboxdev.com.

7. Bug Reporters (End Users)

If you submit a bug report through the widget on someone else's website, your report data (including any name or email you provide) is shared with the site owner via GitHub Issues. The site owner controls how that data is used. We do not use bug reporter data for marketing or advertising.

8. Children's Privacy

Blindspot is not directed at children under 13. We do not knowingly collect information from children.

9. Changes

We may update this policy. Changes will be posted on this page with an updated date.

10. Contact

Questions? Email us at support@noboxdev.com.