User Agreement

Purpose & Acceptance

This User Agreement sets out the acceptable-use rules for catch.dev ("Catch", the "Service"), the error-tracking and in-app user-feedback service operated by Catch Dev, Inc., a Delaware (USA) corporation. It is part of, and incorporated into, our Terms of Service. By creating an account, embedding a Catch SDK in one of your Apps, or otherwise using the Service, you agree to follow the rules below. If this agreement conflicts with the Terms of Service, the Terms of Service control. If you use Catch on behalf of an organization, you confirm you have authority to bind that organization, and "you" means that organization.

Lawful, Authorized Use

You may use Catch only in compliance with applicable law and only to monitor Apps that you own or operate, or that you are expressly authorized to monitor by their owner. In particular, you must not:

• Embed a Catch SDK in, or send data from, an application you do not own, operate, or have authorization to monitor.
• Use the Service to collect data about people you have no lawful basis to collect data about.
• Use the Service in violation of privacy, data-protection, export control, sanctions, or other applicable laws and regulations.

Your Responsibilities to Your End Users

When you embed a Catch SDK in your App, Catch collects data from your end users on your behalf and on your instructions — including error telemetry (error messages, stack traces, device and browser information, IP addresses, and city-level location derived from those IP addresses) and feedback reports (free-text messages and optional screenshots, which may incidentally capture on-screen personal data). We act as a processor or service provider for this data, as described in our Privacy Policy. You are the controller of it, which means you must:

• Give your end users any legally required notice — for example, in your own privacy policy — covering the data the SDKs collect, including error telemetry, IP addresses, and feedback screenshots.
• Obtain any consents required by the laws that apply to you and your end users, and otherwise maintain a lawful basis for the collection.
• Only attach end-user identifiers (such as user IDs or email addresses) and custom metadata that you are permitted to share with us.
• Honor your end users' privacy requests (such as access and deletion requests). Where a verified request concerns data stored in Catch that you cannot action yourself, contact us at support@catch.dev and we will assist.

Prohibited Content

You must not submit to the Service — through error events, custom metadata, feedback messages, screenshots, or any other channel — any content that:

• Is unlawful, fraudulent, defamatory, or harassing.
• Infringes the intellectual-property, privacy, or other rights of any third party.
• Contains malware, exploits, or other code intended to harm the Service, our staff, or other customers.

Sensitive Data Restrictions

Catch is not designed to receive certain categories of high-risk data, and you must not knowingly submit them through error metadata, feedback messages, or screenshots:

• Special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data, health data, or data concerning sex life or sexual orientation).
• Protected health information (PHI) governed by HIPAA. We do not offer a business associate agreement.
• Full payment-card numbers, card verification codes, or similar financial credentials.

Take reasonable steps to keep such data out of the Service — for example, avoid logging card numbers or health details in error messages, and encourage reporters to annotate over sensitive on-screen content before submitting a feedback screenshot.

Prohibited Conduct

You must not, and must not enable or encourage anyone else to:

• Probe, scan, or test the vulnerability of the Service, or breach or circumvent its security or authentication measures, except through the responsible reporting process in Section 8.
• Disrupt, overload, or degrade the Service or the experience of other customers, including by flooding ingestion endpoints with junk or automated traffic.
• Access or attempt to access another customer's account, projects, or data, or submit data using an access key you are not authorized to use.
• Scrape, harvest, or bulk-extract data from the Service other than through the interfaces and APIs we provide for your own data.
• Circumvent usage limits, quotas, or plan restrictions — for example, by creating multiple accounts or organizations to evade them.
• Reverse engineer, decompile, or disassemble the Service, except to the extent applicable law permits this notwithstanding a contractual restriction.
• Resell, sublicense, or white-label the Service without a separate written agreement with us.
• Misrepresent your identity or affiliation, or impersonate any person or organization.
• Use feedback channels to send spam, advertising, or other unsolicited messages.

Account & Access Key Hygiene

You are responsible for activity that occurs under your account and organization, including the actions of members you invite. To keep your account and data safe:

• Keep your access keys confidential. Do not publish them outside the Apps they are issued for, and do not share them with people outside your organization.
• Rotate an access key promptly if you suspect it has been exposed or misused.
• Sign-in to Catch is passwordless, using email magic links and optional Google sign-in — so keep the email account and Google account you sign in with secure, and remove members from your organization when they should no longer have access.
• Notify us promptly at support@catch.dev if you become aware of unauthorized access to your account.

Reporting Security Issues & Violations

If you discover a security vulnerability in the Service, or believe someone is violating this agreement, please report it to support@catch.dev. When reporting a vulnerability, act in good faith: do not access or modify data that is not yours, do not degrade the Service, go no further than necessary to demonstrate the issue, and give us a reasonable opportunity to fix it before any public disclosure.

Enforcement

If you violate this agreement, we may take action proportionate to the violation, in accordance with the Terms of Service. Depending on the severity, this may include a warning, removal of offending content, throttling or disabling access keys, suspension of your account, or termination. Where practical, we will notify you and give you a chance to remedy the issue; where a violation creates a serious risk to the Service, other customers, or third parties, we may act immediately. We do not systematically monitor the data you send to the Service, but we may review content that is reported to us or flagged by operational safeguards.

Relationship to Other Policies

This agreement works alongside our other policies, which together govern your use of Catch:

• Terms of Service — the core contract between you and Catch Dev, Inc.
• Privacy Policy — how we handle personal data, both as a controller for your account data and as a processor for the data SDKs collect from your end users.
• Cookie Policy — the cookies used on catch.dev.
• Refund Policy — our 14-day refund terms for paid subscriptions.

Changes to This Agreement

We may update this agreement from time to time, for example to address new features or abuse patterns. When we do, we will update the "Last updated" date above, and for material changes we will take reasonable steps to notify you, such as by email or a notice in the Service. Continued use of the Service after a change takes effect means you accept the updated agreement.

Contact

Questions about this agreement, or reports of violations, can be sent to support@catch.dev. For general inquiries, you can also reach us at hello@catch.dev.