Security & Privacy
We pledge to keep your data secure, follow security best practices, and never sell or share your data with any third party.
Annual third party audit
We use a reputable third party vendor (approved by Google) to perform a yearly security audit. The audit includes application penetration testing (for the extension), external penetration testing (for the cloud infrastructure) as well as a comprehensive review of our cloud setup, security protocols and security measures that we have in place. Feel free to reach out to inquire about the details of the audit.
Your app data never leaves your browser
We’ve designed Bardeen so that your app data never touches our servers. The data exchange happens directly between your browser and the integrated third-party application.
This allows us to keep our cloud infrastructure minimal and scalable, and your data safe.Bardeen doesn’t store data from connected applications (such as your calendar, email or any other) in the cloud. The data is persisted in the local browser storage, and never on our cloud servers. No third-party or website can access information stored in your browser unless someone compromises your computer itself.
If you are using our paid services, and chosen to run your Automations or Autobooks even when your browser is closed, then part of your automations would be running on our server infrastructure. In this case, an instance of Bardeen would be created every time your automation condition is met (eg. when an e-mail arrives) in order to run your playbook (eg. send me a slack message). Contrast to your browser Bardeen instance, a cloud instance of Bardeen has no storage capabilities, meaning that once your playbook has finished running, all of your data are erased.
To allow you to access your automations and account settings from different browsers, we store the following data on our servers:
Your connected apps & and configurations to access them
Your custom Playbook and Autobook data
This information is securely exchanged between your client and our servers using industry-standard technologies and protocols.
Deleting account and removing all data
We hate to see our users go. You can remove all your data from Bardeen with a few clicks from the settings page. Learn more here.
What information do we collect?
To build a product that people love, we need to understand how our users use it.We collect basic information such as how many active users we have, Playbooks people use, and the errors that happen to fix them.
The usage information we collect does not include any user data.
For example, we may store the fact that a user ran a Playbook that saves events from Google Calendar to Notion. But none of the information about the event itself (like subject, date, participants, etc) or data related to Notion (name of the database, column names in the database etc.) is ever collected.
We use Posthog to store usage information (number of Playbooks and Autobook executions, integration activation, etc).
We use Sentry to store anonymized error and crash reports.
The information that we store is anonymized. We strip out any data the user enters (such as command or Playbook parameters) and only store the command that was executed along with the corresponding timestamp.
Permissions that the extension requires
Bardeen uses the following Chrome Extension Permissions only for the purposes described.
- This permission is required for implementing a custom OAuth authentication flow that is required by a number of integrations (such as Google Mail, Google Drive, Google Calendar, Google Sheets, Zoom and Slack) supported by Bardeen.
- The extension provides options for interacting with data-intensive services such as Google Drive, Google Sheets , Airtable and others. As such it is often required to store data in the local browser storage, the default storage cap of 5MB is sometimes not enough for storing/caching data from those services.
- Bardeen has commands for displaying browser notifications. It is convenient for time-sensitive things like joining meetings. We will only display a notification if a user invokes a corresponding Playbook or has enabled an Autobook that displays a notification
activeTabs and tabs
- These are required for being able to manipulate browser tabs (close/open/switch), for capturing snapshots (like when a user wants to create a pdf or a png of the tab) as well as for implementing scraper features (like background scraping)
history and bookmarks
- Bardeen reads browser bookmarks and history to provide relevant and in-context Autobook and Playbook suggestions for the user. All the matching and suggestion generation always happens locally inside the user’s browser and the data never leaves the browser.
- Bardeen allows users to create and assign custom workflows to the browser context menu. This way, when a user right clicks on a page while browsing they can see an automation that they would like to invoke right there. See an example here.
- This is needed for being able to lay over Bardeen UI over the web page that the user is browsing. This is essential for being able to run the web scraper and helps the users to stay in the flow and avoid switching tabs.
Encryption and other information
Bardeen uses TLS 1.2 for securing in-transit data as well 256-bit AES encryption at rest on our cloud infrastructure.
Infrastructure as code: all our infrastructure services are deployed using declarative configuration, all changes are versioned and stored.
All code changes undergo a peer-review.
The code is automatically scanned for known security vulnerabilities and patches are applied in a timely manner.
Please send any security related information or inquiries (including vulnerability disclosures) to firstname.lastname@example.org