Privacy Policy

1. What Glitch Captures

When you use Glitch to capture a bug report, it may collect the following data from the active browser tab or desktop:

• Screenshots — full-page or selected-area images of the current tab
• Screen recordings — video of the current tab or desktop, optionally including microphone audio
• Console logs — JavaScript console output (log, warn, error, info, debug) from the page
• Network requests — URLs, HTTP methods, status codes, request/response headers and bodies (text-based, up to 1 MB). Sensitive values such as Authorization headers, API keys, and JWT tokens are automatically redacted before storage
• User actions — clicks, form inputs (passwords are masked), scroll events, and page navigation events
• Performance data — Core Web Vitals (LCP, CLS, INP, FCP, TTFB), long tasks, and navigation timing
• WebSocket messages — messages sent and received (up to 2 KB per message)
• Storage snapshot — a snapshot of localStorage, sessionStorage, and cookies at the time of capture (keys and values, capped at 50 entries of 500 characters each)
• Environment information — browser name and version, operating system, viewport size, device pixel ratio, memory, CPU cores, network connection type, timezone, and locale

All of this data is collected only when you actively trigger a capture (screenshot, recording, or instant replay). Glitch does not run background data collection passively.

2. How Data Is Stored

All captured data is stored exclusively on your local device using Chrome's built-in storage APIs (chrome.storage.local) and your browser's local file system (via the Chrome Downloads API). No data is transmitted to any Glitch server, cloud service, or third party as part of the capture process.

Bug reports are saved as self-contained HTML files on your device. Recordings are saved as WebM video files. You control where these files are saved.

3. Microphone Access

Glitch requests microphone access only when you explicitly enable the mic toggle before starting a recording. Microphone audio is captured solely for inclusion in the screen recording. The audio is stored locally as part of the video file and is never sent to any server by Glitch.

You can revoke microphone access at any time via Chrome's site settings (chrome://settings/content/microphone) or the browser's address bar lock icon.

4. Third-Party Integrations

Glitch includes optional integrations with third-party services. Data is only sent to these services when you explicitly choose to share a report using that integration.

• Slack — Bug reports and recordings may be uploaded to your Slack workspace. Data is sent directly from your browser to Slack's API using your personal OAuth token. Governed by Slack's Privacy Policy.
• Jira — Bug reports may be attached to Jira issues. Data is sent directly from your browser to your Jira instance using your API token. Governed by Atlassian's Privacy Policy.
• GitHub — Bug reports may be attached to GitHub issues. Data is sent directly from your browser to GitHub's API using your personal access token. Governed by GitHub's Privacy Statement.
• GitLab — Bug reports may be uploaded to GitLab issues. Data is sent directly from your browser to your GitLab instance using your personal access token. Governed by GitLab's Privacy Policy.

Glitch does not receive, store, or process any data sent to these third-party services.

5. Permissions Justification

Glitch requests the following Chrome permissions. Each is required for core functionality:

• Access to all sites (<all_urls>) — Required to inject the debug capture script into any page you choose to record. Glitch only activates on a tab when you explicitly trigger a capture.
• Tab capture (tabCapture) — Required to record the video and audio stream of the active tab.
• Tabs (tabs) — Required to query the active tab when you open the popup, and to manage the recording overlay.
• Storage (storage, unlimitedStorage) — Required to store settings, theme preferences, recording state, and temporary recording buffers locally.
• Scripting (scripting) — Required to inject the recording overlay and debug capture script into pages.
• Downloads (downloads) — Required to save bug reports and recordings to your local file system.
• Web navigation (webNavigation) — Required to track page navigations during a recording session for the debug log.
• Web request (webRequest) — Required to capture network request metadata (URLs, methods, status codes) during a recording.
• Identity (identity) — Required for the OAuth authorization flow when connecting Slack.
• Offscreen documents (offscreen) — Required to run the media recording engine in the background without a visible UI.
• Alarms (alarms) — Required to enforce the optional recording time limit setting.

6. Data Glitch Does Not Collect

• Glitch does not collect any analytics, usage telemetry, or crash reports
• Glitch does not create any user accounts or user profiles
• Glitch does not track you across websites
• Glitch does not sell, rent, or share your data with any third party (except when you explicitly use an integration)
• Glitch does not have any backend servers that receive your data

7. Automatic Redaction

Glitch automatically redacts sensitive patterns from captured network request data before storage. Redacted patterns include:

• Authorization headers (Bearer tokens, Basic auth)
• JSON Web Tokens (JWTs)
• AWS credentials
• PEM-encoded keys and certificates
• Cookie headers

Redacted values are replaced with the placeholder [glitch-redacted]. While Glitch makes reasonable efforts to redact sensitive data, you should review captured reports before sharing them externally.

8. Children's Privacy

Glitch is a developer tool intended for adults. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children.

9. Changes to This Policy

If this privacy policy changes materially, the updated version will be published at the same URL with a revised "Last updated" date. Continued use of Glitch after a policy update constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or Glitch's data practices, please email support@glitched.wtf — or reach Kal El directly at clarkkentkalel1995@gmail.com.