catch.dev
Legal · Privacy Policy

Privacy Policy

What we collect, why we collect it, and the control you keep over your data.

Last updated June 10, 2026 7 min read 14 sections
01

Who We Are & Scope of This Policy

Catch Dev, Inc. ("Catch", "we", "us") is a Delaware (USA) corporation that operates catch.dev, an error-tracking and in-app user-feedback service for software teams. Our customers embed Catch SDKs (JavaScript/browser, iOS, Android, and a web feedback widget) in their own applications ("Apps") to collect error events and user feedback, which they review in the Catch dashboard.

We handle personal information in two distinct roles:

  • As a controller for information about our own customers and website visitors — your account details, billing records, and your use of catch.dev and the dashboard.
  • As a processor for "Customer Data" — information our SDKs collect from the end users of our customers' Apps, on the customer's behalf and under the customer's instructions. The customer (the App owner) is the controller of that data.

If you are an end user of an App that uses Catch, the owner of that App decides what data is collected and why. Please direct privacy questions and requests (access, deletion, etc.) to the App owner; we will assist them in responding, consistent with our role as a processor.

02

Information We Collect

a. Account information you provide. When you create a Catch account we collect your name and email address, and optionally a profile image and phone number, along with your organization and team membership and billing records. Sign-in is passwordless: we use email magic links and optional Google sign-in, so we never store passwords.

b. Information collected automatically on our site and dashboard. When analytics is enabled on the deployment, we use Mixpanel to understand how the marketing site and dashboard are used (pages viewed, features clicked, and similar product-usage events). We also use a small set of cookies described in Section 4.

c. Customer Data we process for our customers. Depending on how a customer configures the SDKs in their App, this can include:

  • Error events: the error message, stack trace, source file and line, browser user agent, language, environment tag, IP address, approximate (city-level) location — city, region, and country — derived from the IP, and any optional visitor/user identifiers or custom metadata the customer chooses to attach.
  • Feedback reports: the free-text message, an optional screenshot (which may be annotated and may incidentally capture personal data visible on screen), an optional end-user email or user ID supplied by the customer, device model, OS version, app version and build number, SDK name and version, locale, and screen/page name.

The approximate location is derived locally on our own servers from the IP address using a MaxMind GeoLite2 database. The IP address is not sent to MaxMind or to any other third party for lookup.

03

How We Use Information

We use personal information for the following purposes. Where the EU/UK GDPR applies, the legal basis for each purpose is noted in parentheses.

  • Providing the Service: creating and managing your account, authenticating you via magic links or Google sign-in, operating organizations and teams, and delivering error tracking and feedback features (performance of our contract with you).
  • Processing Customer Data: ingesting, storing, and displaying error events and feedback reports on the customer's behalf and under the customer's instructions (performance of our contract with the customer, who is the controller).
  • Billing and administration: processing subscription payments through Stripe and sending transactional emails such as magic links, invites, and alerts (performance of contract; legal obligation for tax and accounting records).
  • Improving and securing the Service: debugging, preventing fraud and abuse, and understanding product usage through analytics (our legitimate interests in running a reliable, secure service; consent for analytics where required by law).
  • Legal compliance: complying with applicable law and responding to lawful requests (legal obligation).
04

Cookies

We use a small number of cookies on catch.dev:

  • Session cookies (better-auth): keep you signed in to your account. Strictly necessary.
  • tc_invite: briefly carries a pending team-invite token through the signup flow. Functional.
  • Mixpanel cookies (mp_*): product-usage analytics, set only when analytics is enabled on the deployment.

We do not use third-party advertising cookies. For more detail, see our Cookie Policy.

05

How We Share Information

We do not sell personal information, and we do not share it for cross-context behavioral advertising. We share personal information only with the service providers (subprocessors) below, who process it on our behalf to run the Service:

  • Google Cloud Platform — hosting and databases (us-central1, USA).
  • Cloudflare R2 — file and screenshot storage.
  • Upstash — Redis queueing for event processing.
  • Amazon Web Services (SES) — transactional email, such as magic links and alerts.
  • Stripe — payment processing. We never store card numbers; we store only a Stripe customer reference and subscription state. See also our Refund Policy.
  • Mixpanel — product analytics, when enabled.
  • Slack — internal team messaging. If you send us product feedback through the feedback form on our site or dashboard, your submission (email, company, subject, rating, and message) is forwarded to our team's Slack workspace so we can review and respond to it. This applies only to feedback you send to Catch — not to Customer Data collected by the SDKs.

Beyond these providers, we may disclose information if required to comply with law or a valid legal process, to protect the rights, property, or safety of Catch, our customers, or others, or as part of a merger, acquisition, or sale of assets (in which case this policy will continue to apply to your information until you are notified otherwise).

06

International Data Transfers

Catch is operated from the United States and data is hosted in the United States. If you access the Service from the European Economic Area, the United Kingdom, or another region with data-transfer restrictions, your personal information will be transferred to and processed in the United States. We protect personal information as described in this policy regardless of where it is processed (see Section 8).

07

Data Retention

  • Account data is retained for the life of your account, and thereafter only as required to meet legal and tax obligations.
  • Customer Data (error events and feedback reports) is retained while the customer's account is active, and is deleted or anonymized within a reasonable period after the account is deleted or a verified deletion request is received.
08

Security

We protect personal information using industry-standard safeguards, including encryption in transit and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; if we learn of a breach affecting your personal information, we will notify you as required by applicable law.

09

Your Rights — EEA & UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the following rights over personal information for which we act as controller:

  • Access the personal information we hold about you.
  • Rectify inaccurate or incomplete information.
  • Erase your information ("right to be forgotten").
  • Restrict how we process your information.
  • Receive your information in a portable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent (this does not affect processing before withdrawal).
  • Lodge a complaint with your local data protection supervisory authority.

These rights exist regardless of how you interact with the Service. For Customer Data collected through a customer's App, please contact the App owner, who is the controller; we will assist them in fulfilling your request.

10

Your Rights — California (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose (this policy describes it).
  • Delete personal information we hold about you.
  • Correct inaccurate personal information.
  • Non-discrimination: we will not discriminate against you for exercising any of these rights.

We do not sell personal information or share it for cross-context behavioral advertising, so there is no need for a "Do Not Sell or Share My Personal Information" opt-out — there is nothing to opt out of.

11

Exercising Your Rights

To exercise any of the rights above, email support@catch.dev from the email address associated with your account (or provide enough information for us to verify your identity). We aim to respond to verified requests within 30 days. If you are an end user of a customer's App, please contact the App owner first; if you contact us directly, we will refer your request to them and assist with their response.

12

Children's Privacy

Catch is a business-to-business service and is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at support@catch.dev and we will delete it.

13

Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page, and for material changes we will provide additional notice (such as an email to account holders). We encourage you to review this page periodically.

14

Contact Us

Catch Dev, Inc. is a Delaware corporation in the United States. For privacy questions or requests, email support@catch.dev. For general inquiries, email hello@catch.dev.

Last updated June 10, 2026