Security, Privacy & Compliance
We pledge to keep your data secure, follow security best practices, and never sell or share your data with any third party.
SOC 2 Type 2, GDPR and CASA Tier 2 / Tier 3 compliance
As of April 1, 2024, we are proud to announce our compliance with the AICPA SOC 2 Type 2 standards, ensuring that our systems and processes meet rigorous criteria for security.
Additionally, we adhere to the EU’s GDPR compliance checklist for US companies, affirming our commitment to data protection and privacy for our international users.
Furthermore, Bardeen meets the stringent requirements of Tier 2 and Tier 3 of the Cloud Application Security Assessment (CASA) as defined by the App Defense Alliance, built upon the industry-recognized OWASP Application Security Verification Standard (ASVS).
Your app data
We’ve designed Bardeen so that your app data is only persisted in your local browser cache. The data exchange happens directly between your browser and the integrated third-party application.
This allows us to keep our cloud infrastructure minimal and scalable, and your data safe.Bardeen doesn’t store data from connected applications (such as your calendar, email or any other) in the cloud. The data is persisted in the local browser storage, and never on our cloud servers. No third-party or website can access information stored in your browser unless someone compromises your computer itself.
If you are using our paid services, and chosen to run your Automations or Autobooks even when your browser is closed, then part of your automations would be running on our server infrastructure. In this case, an instance of Bardeen would be created every time your automation condition is met (eg. when an e-mail arrives) in order to run your playbook (eg. send me a slack message). Contrast to your browser Bardeen instance, a cloud instance of Bardeen has no storage capabilities, meaning that once your playbook has finished running, all of your data are erased.
To allow you to access your automations and account settings from different browsers, we store the following data on our servers:
Your connected apps & and configurations to access them
Your custom Playbook and Autobook data
This information is securely exchanged between your client and our servers using industry-standard technologies and protocols.
Deleting account and removing all data
We hate to see our users go. You can remove all your data from Bardeen with a few clicks from the settings page. Learn more here.
What information do we collect?
To build a product that people love, we need to understand how our users use it.We collect basic information such as how many active users we have, Playbooks people use, and the errors that happen to fix them.
The usage information we collect does not include any user data.
For example, we may store the fact that a user ran a Playbook that saves events from Google Calendar to Notion. But none of the information about the event itself (like subject, date, participants, etc) or data related to Notion (name of the database, column names in the database etc.) is ever collected.
We use Posthog to store usage information (number of Playbooks and Autobook executions, integration activation, etc).
We use Sentry to store anonymized error and crash reports.
The information that we store is anonymized. We strip out any data the user enters (such as command or Playbook parameters) and only store the command that was executed along with the corresponding timestamp.
For more detailed information, please visit our Privacy Policy page or contact us.
Permissions that the extension requires
Bardeen uses the following Chrome Extension Permissions only for the purposes described.
webNavigation
- This permission is required for implementing a custom OAuth authentication flow that is required by a number of integrations (such as Google Mail, Google Drive, Google Calendar, Google Sheets, Zoom and Slack) supported by Bardeen.
unlimitedStorage
- The extension provides options for interacting with data-intensive services such as Google Drive, Google Sheets , Airtable and others. As such it is often required to store data in the local browser storage, the default storage cap of 5MB is sometimes not enough for storing/caching data from those services.
notifications
- Bardeen has commands for displaying browser notifications. It is convenient for time-sensitive things like joining meetings. We will only display a notification if a user invokes a corresponding Playbook or has enabled an Autobook that displays a notification
activeTabs and tabs
- These are required for being able to manipulate browser tabs (close/open/switch), for capturing snapshots (like when a user wants to create a pdf or a png of the tab) as well as for implementing scraper features (like background scraping)
history and bookmarks
- Bardeen reads browser bookmarks and history to provide relevant and in-context Autobook and Playbook suggestions for the user. All the matching and suggestion generation always happens locally inside the user’s browser and the data never leaves the browser.
contextMenu
- Bardeen allows users to create and assign custom workflows to the browser context menu. This way, when a user right clicks on a page while browsing they can see an automation that they would like to invoke right there. See an example here.
host permission
- This is needed for being able to lay over Bardeen UI over the web page that the user is browsing. This is essential for being able to run the web scraper and helps the users to stay in the flow and avoid switching tabs.
Encryption and other information
Bardeen uses TLS 1.2 for securing in-transit data as well 256-bit AES encryption at rest on our cloud infrastructure.
Infrastructure as code: all our infrastructure services are deployed using declarative configuration, all changes are versioned and stored.
All code changes undergo a peer-review.
The code is automatically scanned for known security vulnerabilities and patches are applied in a timely manner.
Security contact
Please send any security related information or inquiries (including vulnerability disclosures) to security@bardeen.ai
