GlitchReplay
Draft — pending legal review. This page is a starting template generated from common SaaS practice. Replace bracketed placeholders, then have qualified counsel review before you accept paying customers or process personal data.

Privacy Policy

Effective April 24, 2026

This Privacy Policy explains how Inventivehq LLC, the California company that owns and operates GlitchReplay (“Inventivehq,” “GlitchReplay,” “we”), handles personal data in connection with the GlitchReplay error-tracking service (the “Service”).

1. Two roles: account data vs. customer data

GlitchReplay processes personal data in two distinct capacities:

  • As a controller for data about our customers and website visitors — account names, email addresses, billing details, and product analytics. This Policy describes that processing.
  • As a processor for error events, breadcrumbs, and replay data that our customers send to the Service from their own applications (“Customer Data”). Customers determine what ends up in Customer Data; our processing is governed by the Data Processing Addendum.

2. Personal data we collect (as controller)

  • Account data: name, email, organization, OAuth identifiers from your sign-in provider (Google).
  • Billing data: if you upgrade to a paid plan, we collect billing contact information; payment card data is handled directly by our payment processor and never touches our servers.
  • Product usage: dashboard navigation, feature interactions, and request logs, used to operate and improve the Service.
  • Communications: support requests and any other messages you send us.

3. How we use personal data

  • To provide, maintain, and secure the Service.
  • To bill paid plans and prevent abuse.
  • To communicate with you about the Service — incident notifications, policy updates, and (if you opt in) product news.
  • To comply with legal obligations.

Legal bases (where GDPR applies): performance of a contract, our legitimate interests in operating the Service, your consent (for marketing communications), and legal obligation.

4. Sharing

We do not sell personal data. We share it only with:

  • Subprocessors who help us run the Service — infrastructure, auth, billing, email. The current list is at Subprocessors.
  • Authorities when required by valid legal process, and where permitted we will notify you first.
  • Successors in a merger, acquisition, or asset sale, subject to equivalent protections.

5. International transfers

The Service is hosted on Cloudflare's global network and account data may be processed in the United States or other countries where our subprocessors operate. Where required, we rely on the EU Standard Contractual Clauses and the UK IDTA. EU data residency is available on the Enterprise plan.

6. Retention

Account data is retained for the life of your account and for up to 12 months afterward to meet legal, tax, and audit obligations. Customer Data retention is set by the customer's plan (14 days on Free, up to 365 days on Business); see the DPA for deletion on termination.

7. Security

We use TLS in transit, encryption at rest, least-privilege access controls, audit logging, and regular review of our security posture. Report suspected vulnerabilities to security@glitchreplay.com.

8. Your rights

Depending on where you live (EEA, UK, California, and others), you may have rights to access, correct, delete, port, or restrict our processing of your personal data, and to object or withdraw consent. Exercise these by emailing privacy@glitchreplay.com. We will respond within the time required by applicable law.

If you are a California resident, we do not sell or share personal information as those terms are defined under the CCPA/CPRA.

If your personal data appears in Customer Data sent by one of our customers, that customer is the controller. Please direct your request to them; we will assist them in responding.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in and protect against CSRF. We do not use advertising or cross-site-tracking cookies.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from them.

11. Changes

We may update this Policy from time to time. Material changes will be announced by email or in-app at least 14 days before they take effect.

12. Contact

Privacy questions: privacy@glitchreplay.com
Postal: Inventivehq LLC, 2305 Historic Decatur Rd, Suite 100, San Diego, CA 92106, United States
EU/UK representative: not currently appointed; we do not target the EU/UK market and do not knowingly collect personal data from data subjects located there. If you believe we should hear from you under the GDPR or UK GDPR, please write to the privacy address above.

← Back to home