Privacy Policy - Bullfrog Security

1. Introduction

Bullfrog Security ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our CI/CD protection service.

2. Information We Collect

2.1 Account Information

When you connect your GitHub account, we collect:

GitHub username and email address
Repository information (names, visibility status)
Organization memberships (if applicable)

2.2 Workflow Monitoring Data

During workflow execution, we collect network connection metadata:

Destination IP addresses and domain names
Port numbers and protocols
Timestamps of connection attempts
Process names making connections
Connection status (allowed/blocked)

Important: We do NOT collect the actual data transmitted in network connections. We only track connection metadata for security monitoring purposes.

2.3 Usage Information

We automatically collect:

Log data (IP addresses, browser type, access times)
Service usage patterns
Performance metrics

3. How We Use Your Information

We use collected information to:

Provide egress filtering and monitoring services
Display network activity in your control plane dashboard
Enforce your configured security policies
Improve and optimize the Service
Communicate important updates about the Service
Detect and prevent security threats or abuse
Comply with legal obligations

4. Data Storage and Security

4.1 Storage

Your data is stored on secure cloud infrastructure with:

Encryption in transit (TLS 1.3)
Encryption at rest (AES-256)
Regular security audits
Access controls and authentication

4.2 Data Retention

We retain workflow monitoring data for 90 days by default. Account information is retained while your account is active. You can request deletion of your data at any time.

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties except:

Service Providers: We may share data with trusted service providers who assist in operating our service (cloud infrastructure, analytics) under strict confidentiality agreements
Legal Requirements: We may disclose information if required by law or to protect our rights, safety, or property
Business Transfers: In the event of a merger or acquisition, your information may be transferred to the new entity

6. GitHub Integration

Our service integrates with GitHub through their official OAuth and GitHub Apps platform. We only request the minimum permissions necessary to provide our service. GitHub's own privacy policy applies to their processing of your data.

7. Your Rights and Choices

You have the right to:

Access your personal information
Correct inaccurate data
Request deletion of your data
Export your data
Opt-out of non-essential communications
Withdraw consent for data processing

To exercise these rights, contact us at privacy@bullfrogsec.com

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use analytics cookies to understand how users interact with our service. You can control cookie preferences through your browser settings.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.

12. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: privacy@bullfrogsec.com

General inquiries: contact@bullfrogsec.com